Security/BugBounty Study
![버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcpEzRc%2FbtqCUbE67ng%2FP4JyFksKTjHg1VEqpmcZj0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack]
https://hackerone.com/reports/737140 Slack disclosed on HackerOne: Mass account takeovers using HTTP... This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher's collaborator cl hackerone.com 해당 버그헌터는 HTTP Request S..
![버그바운티(Bug Bounty) Write-up / retrieving account [PayPal]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FKlKC8%2FbtqBp4yTjRc%2F63vOHI0JfSzjqOEZBFzrX0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / retrieving account [PayPal]
https://hackerone.com/reports/739737 PayPal disclosed on HackerOne: Token leak in security challenge... A bug was identified whereby sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation. In certain cases, a user must solve a CAPTCHA challenge after authenticating. When the security challenge is completed, the authentic hackerone.com 15,300 달러 바운티를 받은건 입니다...
![버그바운티(Bug Bounty) Write-up / RCE [Twitter]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmbOzX%2FbtqxQUUTl8u%2FVgFO07fNebNe3CMK0uVJ00%2Fimg.png)
버그바운티(Bug Bounty) Write-up / RCE [Twitter]
https://hackerone.com/reports/591295 Twitter disclosed on HackerOne: Potential pre-auth RCE on Twitter VPN Hi, we(Orange Tsai and Meh Chang) are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and [patches](https://kb hackerone.com 무려 2만달러의 바운티를 받은건이네요..
![버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FRp3Du%2FbtqvL89t10c%2FvDTYTPRkaMIjokqjQFhkRk%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify]
https://hackerone.com/reports/532643 Shopify disclosed on HackerOne: Stored - XSS Hello Security Team, I have Found Stored XSS Vulnerability POC : Step1: Go to https://app.oberlo.com/suppliers Step2: Click on any product you will be redirected to URL as i have given for example https://app.oberlo.com/suppliers/8/products/488813?referral hackerone.com 오늘도 역시나 XSS를 들고왔습니다. 당분간 XSS만 쓸것 같네요. XSS에 바운..
![버그바운티(Bug Bounty) Write-up / Stored XSS [AAF]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fbsi1ey%2FbtqvK5LBIk6%2F1WVrP2FCikeGluRaV0nto0%2Fimg.png)
버그바운티(Bug Bounty) Write-up / Stored XSS [AAF]
https://hackerone.com/reports/411690 Alliance of American Football disclosed on HackerOne: Stored xss... Dear Team, **Summary:** [add summary of the vulnerability] After looking into https://shop.aaf.com/Order/step1/index.cfm i get to know that there is address field is vulnerable to stored xss which can lead to steal any user's cookie and can lead to complet hackerone.com Stored XSS 을 이용하여 바운티를..
버그바운티(Bug Bounty) Write-up / Stored XSS
https://hackerone.com/reports/415484 Shopify disclosed on HackerOne: Stored xss # Description : WAF cut html tages but when put before tages we can bypass it :) . #Step to reproduce : 1-Open your store account 2-Navigate to https://xxx.myshopify.com/admin/settings/general 3-Put your street address xss payload (xss"> hackerone.com 오늘도 역시 XSS로 바운티를 받은건을 가져 왔습니다. 날려먹어서 다시씀 Stored XSS를 성공시켜서 무려 1000..
버그바운티(Bug Bounty) Write-up / Path Disclosure ($50)
https://hackerone.com/reports/503804 Unikrn disclosed on HackerOne: Path Disclosure Vulnerability... Hello, there is a path discovery on the server. https://crm.unikrn.com/plugins/MauticZapierBundle/MauticZapierBundle.php https://crm.unikrn.com/plugins/MauticCloudStorageBundle/MauticCloudStorageBundle.php and other scripts at https://crm.unikrn.com/plugin hackerone.com 매우 간단한 보고서 입니다. 이런것도 바운티가 ..
버그바운티(Bug Bounty) Write-up / POST Based XSS ($500)
https://hackerone.com/reports/429679 Shopify disclosed on HackerOne: POST-based XSS on apps.shopify.com Hello Shopify team! I found a post-based XSS which may be shared to other users and occurs in firefox, IE, Edge. How to reproduce: 1. at partners.shopify.com go to apps -> choose one -> more actions -> create shopify app store listing 2. you will get redir hackerone.com 오늘도 역시 XSS 건 입니다. XSS가 ..
버그바운티(Bug Bounty) Write-up / DOM Based XSS ($500)
https://hackerone.com/reports/474656 HackerOne disclosed on HackerOne: Cross-site Scripting (XSS) on... Dear HackerOne team, **Summary:** I found DOM XSS at endpoint `https://www.hackerone.com/careers`, but can not bypass CSP. It's work on IE and Edge. ### Steps To Reproduce - JS file is "Masonry js file", vulnerability code: ```javascript //Checking for pot hackerone.com 오늘도 역시 DOM Based XSS 에 ..
버그바운티(Bug Bounty) Write-up / DOM Based XSS ($500)
https://hackerone.com/reports/398054 HackerOne disclosed on HackerOne: DOM Based XSS in... **Summary:** The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaS hackerone.com 작성자는 DOM Based XSS를 발생시켰고, 바운티로 500달..
버그바운티(Bug Bounty) Write-up / Stored XSS ($750)
https://hackerone.com/reports/484434 Imgur disclosed on HackerOne: Stored XSS on imgur profile Hello, I submitted a report on imgur, but the staff marked it as duplicate. #482841 I reviewed the report of the first submitted report. #381553 We are on the same situation and his case is already fixed because I tried visiting his site too which is https hackerone.com Stored XSS를 이용하여 650달러를 바운티 받은 건..
버그바운티(Bug Bounty) Write-up / SQL Injection ($4,500)
https://hackerone.com/reports/403616 Zomato disclosed on HackerOne: [www.zomato.com] SQLi -... Thanks @gerben_javado for helping us keep @zomato secure :) hackerone.com SQLi 취약점을 발생시켜서 4,500 달러의 바운티를 받은 사례입니다. 이 사이트는 웹 방화벽을 사용하고 있었는데, 특정한 방화벽 우회 기법을 사용하여 SQLi 을 성공시켰다고 합니다. 현재 성공된 상세내용은 대부분 가려져 있습니다. 작성자는 디버깅과 익스플로잇으로 Kona 라고 하는 Akamai의 웹방화벽이 사용되고 있다는 것을 발견하였습니다. 작성자는 마침 이 Kona 방화벽에 대한 우회법을 알고 있었..
버그바운티(Bug Bounty) Write-up / Reflected Cross site Scripting ($375)
https://hackerone.com/reports/438240 Starbucks disclosed on HackerOne: Reflected Cross site Scripting... **Summary:** Reflected Cross site Scripting (XSS) on https://www.starbucks.com/account/signin?ReturnUrl **Description:** The attacker can execute javascript on the victims account just after the authentication process. **Platform(s) Affected:** www.starbuc hackerone.com 스타벅스 버그바운티 건인데요. 작성자는 ..
버그바운티(Bug Bounty) Write-up / DOM XSS in redirect param ($750)
https://hackerone.com/reports/361287 Semmle disclosed on HackerOne: DOMXSS in redirect param #Summary The **redirect** param can consist of a ``javascript:`` url, which results in XSS. If a victim visits a malicious URL and logs in, the attacker can perform actions on behalf of the victim. #Steps to reproduce 1) Logout 2) Visit `` https://lgtm-com hackerone.com redirect URL을 넘기는 파라미터로 스크립트를 넣어서 ..
버그바운티(Bug Bounty) Write-up / SQL Injection ($2,000)
먼저 포스팅하기 전에 해커원(HackerOne) 이라는 사이트를 소개하겠습니다. 해커원은 버그바운티를 하는 회사들과 해커들을 연결해주는 세계 최대의 플랫폼 입니다. 우리나라에서는 아직 버그바운티가 활성화 되어있지 않아서 잘 알려지지 않았지만 많은 기업이 버그바운티를 진행하고 있고, 여러 해커들이 취약점을 발견하기 위해서 열심히 활동 중입니다. 아마 몇년내로 우리나라에서도 하나의 직업으로 뜨지 않을까 생각하고 있습니다. 해커원에는 취약점을 발견하고 포상금을 받기위해서는 그 취약점에 대한 설명과 PoC 코드등을 포함한 보고서를 제출해야 하는데요. 이 바운티를 받은 보고서를 무려 공짜로 열람할 수 있습니다. 정말 실 사이트에서 쓰이는 창의적인 해킹기법을 배울수 있습니다. 영어로 되어있어서 영어실력을 키우기에도..