Hacking, AppSec, and Bug Bounty newsletter
2018-09-14 | Hacktivity highlights, Story time with Frans, and Zseano’s Bounty Notes
Friday, September 14
Leaking sensitive information on Github lead full access to all Grab Slack channels [72 upvotes] - $7,000 bounty for this report to Grab by @xsam.
Zomato.com SQLi [111 upvotes] - $2,000 bounty for this report to Zomato by @gerben_javado
Public Jenkins instance with /script enabled [39 upvotes] - $2,500 bounty for this report to Ubiquiti Networks by @smiegles.
Exposed Git Repo [26 upvotes] $1,024 bounty for this report to Dropbox by @todayisnew.
TWEET OF THE DAY
Question: if your account was in a list of credentials that had been successfully tested against a service you use but that service had not been breached, would you want to know? This would be due to password reuse and credential stuffing, not a breach of the service in question. - @troyhunt
OTHER ARTICLES WE’RE READING
Story time with Frans in Stockholm, “A story of the passive aggressive sysadmin of AEM”
Cyber crime costing German manufacturers $50bn with SMEs worst hit reports The Telegraph
Zseano has got some bug bounty notes. All hunters invited.
Weaponized stuxnet virus? You don’t say.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
A vulnerability disclosure policy is an open hand of friendship to the hacker community.... These are the good guys.