Bug Bounty (4)

Bug bounty is a reward that is paid out to developers who find critical flaws in software. The bounty can be monetary reward, or being put into a “hall of fame” list for finding the bounty, or gear from the company giving the bounty, or any combination thereof.

Sensitive Data Exposure over *.unesco.org, thanks to OptionsBleed for low-hanging fruit

Date reported — 02–07–2019 # Vulnerable Software — Apache # CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed” # Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing # Domain Affected — *.unesco.org # Tested — https://en.unesco.org (193.242.192.49) Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow header…

By Piyush Raj

Address bar spoofing in Firefox Lite for Android ...and the idiocy that followed

Date reported — 2019-08-29 Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices. URL Address Bar spoofing…

By Piyush Raj

How I Hacked Samsung's Tizen OS & LG Electronics Private Project Management Instances

IntroductionMonths ago I discovered a flaw hackers can use to access Samsung’s and LG Electronics internal bug tracking and project management instances running on Jira. The flaw only takes a couple of commands to potentially access intranets, cause XSS and anything that SSRF can cause, including something…

By Piyush Raj

OS Command Injection on Node.JS Jison module

Finding OS Command Injection vulnerability which allows arbitrary shell command execution through a crafted command-line argument on Jison in parser ports began when I started receiving lots of invites over Hackerone. An injection vulnerability manifests when application code sends untrusted user input to an interpreter as…

By Piyush Raj