#16

Prototype pollution writeups

A few weeks ago in the newsletter, I told you a bit about the prototype pollution vulnerability class. In the last 2 weeks, I found 2 cool write-ups about this vulnerability class. One is Ngo Wei Lin's solution to the challenge by Michał Bentkowski....

Discovery and exploitation of RCE via deserialization

Shubham Shah, one of the hunters I follow most closely, released a writeup about finding a deserialization RCE in Sitecore Experience Platform CMS. He describes the whole process, from approaching the codebase of .NET applications, up to the command used to prepare...

Predicting MongoDB IDs for IDORs

MongoDB ID, source below MongoDB is a document-oriented database, known also as NoSQL. By default, objects are identified using 12 bytes IDs. It's too much to think about brute-force but those identifiers are not random. They are built like this: 4-byte value...

Bug Hunter recorded himself finding $10k SSRF in Google

David Schütz, the first guest of my BBRD podcast and the author of 2 vulnerabilities covered on my channel, had an idea to record himself while bug hunting on Google. He did that and he captured the whole process of finding and escalating an SSRF found in Google. We...

How to identify impact of leaked private key?

Truffle Security, the company behind the secret scanning tool called truffleHog, created another tool - Driftwood. You can use it to identify the impact of a leaked private key. It's useful because the impact of this is not easy to check as, for example, of a...

Race condition RCEs

When I say race condition, the first thing that comes to your mind might be redeeming a discount code twice thus gaining some money. So what on Earth is the race condition RCE? It will work best in apps where you can upload an executable file, for example, PHP or ASP....

Session tokens resources

I have a few good resources about different kinds of session cookies/tokens/api keys or whatever you want to call it. There are many types of bugs you can find there and very often they have a big impact. Let's start with what types of tokens are even there....