Bug bounty is a reward that is paid out to developers who find critical flaws in software. The bounty can be monetary reward, or being put into a “hall of fame” list for finding the bounty, or gear from the company giving the bounty, or any combination thereof.
Date reported — 02–07–2019 # Vulnerable Software — Apache # CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed” # Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing # Domain Affected — *.unesco.org # Tested — https://en.unesco.org (193.242.192.49) Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow header…
Date reported — 2019-08-29 Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices. URL Address Bar spoofing…
IntroductionMonths ago I discovered a flaw hackers can use to access Samsung’s and LG Electronics internal bug tracking and project management instances running on Jira. The flaw only takes a couple of commands to potentially access intranets, cause XSS and anything that SSRF can cause, including something…
Finding OS Command Injection vulnerability which allows arbitrary shell command execution through a crafted command-line argument on Jison in parser ports began when I started receiving lots of invites over Hackerone. An injection vulnerability manifests when application code sends untrusted user input to an interpreter as…