#23

Burp plugin for scanning SSO authentication

OAUTHScan is a Burp extension to verify the security of OAUTHv2 and OpenID flows. It has checks for the following scenarios: Open Redirect issues on Redirect_Uri parameter Authorization Code Replay issues Leakage of secrets (i.e. Tokens, Codes) PKCE misconfigurations...

BigQuery SQL Injection Cheat Sheet

We are used to databases like MySQL, MSSQL or PostgreSQL. Probably, most of us would use sqlmap or the good-old pentestmonkey cheat sheet . But what if your target would use Google BigQuery? Then, you can check out this article from Ozgur Alp with a cheat sheet for...

Approaching small scope programs

I saw a few people on Twitter appreciating videos by GodFather Orwa about bug bounties. So I decided to take a look at the video about approaching small scope programs and I see a lot of potential in this methodology. Of course, I also created notes for you. Here they...

Blockchain learning corner #1

As a bug hunter, I can’t ignore huge bounties that are advertised for blockchain-related technologies. There are two programs paying up to $10,000,000! Of course, the reality will show if any of these actually get paid or not. Nagli said it well in this tweet : I also...

How much bounties Google paid in 2021?

Google has published the review of 2021 on its security blog. You can read how much bounties they paid out in the past year and what were the trends. The good news for us is that bug bounty keeps growing and Google’s payouts in 2021 were significantly higher than in...

Hacking Google Drive integrations

Google Drive integrations are common among many apps that I use. Turns out that the integration is not so easy and it can lead to quite serious bugs, including this, $17,576 SSRF in Dropbox . Here’s a writeup by @httpvoid0x2f...

Finding source code bugs with CodeQL the easy way

I talk about CodeQL a lot. Maybe even too much, considering I don’t even write queries (yet!). The reason is that writing them is hard and requires me to invest some time first. Time which I don’t want to invest right now. The good thing is that you don’t have to know...