Friday, August 3
HACKTIVITY HIGHLIGHTS AND POC BLOGS
Save Your Cloud: DoS on VMs in OpenNebula 4.6.1 by @dfelsch. An XML parser that tries to fix structural errors in a document caused a DoS problem.
Disclose Facebook Internal Server Information With A Strange Poll by @wongmjane
Vulnerability in Hangouts Chat: from open redirect to code execution by @mattaustin
Blind xss on google and many more bugs by @uraniumhacker
Making a Blind SQL Injection a Little Less Blind by @tomnomnom
LFI and SSRF via XXE in emblem editor [25 upvotes] - $1,500 bounty for this report to Rockstar Games by @alexbirsan.
[out-of-scope] toxiproxy: Lack of CSRF protection allows an attacker to gain access to internal Shopify network [5 upvotes] - no bounty for this report to Shopify by @bored-engineer
Full UI hijack via dormant browser service workers [25 upvotes] - $1,000 bounty for this report to Augur by @karalabe
TWEET OF THE DAY
This is my recommended list to become a "full-stack reverse-engineer" (a term that I might have completely made up, but I'm rolling with it). This is not intended to make you a competent desktop app reverse-engineer, or console reverse-engineer, or kernel reverse-engineer. [...] - @daeken
OTHER ARTICLES WE’RE READING
Burp’s new crawler “It navigates around a target application in the same way as a user with a browser, by clicking links and submitting input”
“All your suppliers and 3rd parties are belong to us” - ruminations on LinkedIn by LARES’ Chris Roberts on Russian Activity Against Critical Infrastructure
Natalie Silvanovich writes about “Adventures in Vuln Reporting”. An important dialogue on “security@” aliases and rewards programs.
Blockchain at the ballot box? cringe
Round of applause for disclose.io, making security reporting safer for finders everywhere.
Brian Krebs blogged about how the Reddit Breach Highlights Limits of SMS-Based Authentication. Not to mention all this.
Going to Black Hat? Want to avoid crappy talks? Nathan Hamiel, Director of Research & Advisory Services at Kudelski Security, wrote a list of the Black Hat talks he’s targeting. We also recommend Practical Web Cache Poisoning: Redefining 'Unexploitable' by James Kettle.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
I’m going to take you down the ‘happy path’ here. There were many more dead-ends, far more frustration, and much more head scratching in the discovery and exploitation of this bug than any of this would imply.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.