![버그바운티(Bug Bounty) Write-up / RCE [Twitter]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmbOzX%2FbtqxQUUTl8u%2FVgFO07fNebNe3CMK0uVJ00%2Fimg.png)
https://hackerone.com/reports/591295
Twitter disclosed on HackerOne: Potential pre-auth RCE on Twitter VPN
Hi, we(Orange Tsai and Meh Chang) are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and [patches](https://kb
hackerone.com
무려 2만달러의 바운티를 받은건이네요. 이 취약점 관련해서 바운티를 받은 팀이 blackhat 에서 발표한 발표자료도 있습니다.
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
해당 발표자료에 여러 VPN 서비스제공 회사들의 취약점들이 나와있고 바운티를 받은내용도 나와있으니 한번 읽어보는것도 괜찮을것 같습니다.
내용이 좀 어려워서 조금 시간을 들여서 적어야 될 것 같습니다.
'Security > BugBounty Study' 카테고리의 다른 글
| 버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack] (0) | 2020.03.25 |
|---|---|
| 버그바운티(Bug Bounty) Write-up / retrieving account [PayPal] (0) | 2020.01.21 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify] (0) | 2019.06.03 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS [AAF] (1) | 2019.06.02 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS (0) | 2019.04.06 |