Hacking, AppSec, and Bug Bounty newsletter
2017-06-23 | Airbnb OAuth tokens theft, Bug hunting with Burp Infiltrator, and Yahoo’s not-so-secret keys
Friday, June 23
Today we’re going rogue from our usual structure and highlighting three blog posts by researchers. Let’s call this PoC Fridays. Like it? Let us know what you think. Now for the good stuff:
Authentication bypass on Airbnb via OAuth tokens theft by @arneswinnen. @Yaworsk tweeted “Interested in the thought process of someone who wins an @Hacker0x01 onsite hacking event? You're in luck - read this, it's awesome!” Well said Pete.
Behind enemy lines: Bug hunting with Burp Infiltrator by @salchoman. Boost your quiver of tools with Infiltrator-augmented testing via Burp. Demonstration of a zero-day in JetBrains’ TeamCity.
Yahoo Small Business (Luminate) and the not-so-secret keys by @dawgyg. Collab hunt with @zlz (and using Bug Bounty Forum slack to collaborate). Go team.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Infiltrating applications might sound daunting, but a little attentiveness to when and how the infiltration is performed may yield exotic vulnerabilities and unexpected insights.