#38

Prototype-related bugs

Christoffer Jerkeby wrote an article about prototype-related bugs. It has the term “prototype poisoning” in the title and while reading the article, I thought it’s used interchangeably with “prototype pollution” but turns out they are different things. To read about...

Bitbucket pre auth RCE

There’s a pre-auth RCE for Bitbucket which, as my Twitter feed claimed, is actively exploited in the wild. It was discovered by Assetnote which means the blogpost not only contains what was the bug but also how they found it and why it works....

CodeQL learning path

CodeQL is a code scanner that sits somewhere between static analysis - where a scanner just analyses the code as a text - and dynamic analysis - where the scanner actually executes the application and sends payloads. CodeQL understands the code and the flow of the...

Learning GraphQL #5 – batching attacks

Last week, I saw some tools and articles about GraphQL batching attacks. I thought it’s a good idea to cover them in my sample application to see if, how and why they work. GraphQL batching attacks To my application, I added a simple code that draws a random 5-digit...

The mindset to Improve in Bug Bounty

Gunnar Andrews has a series of Mental hacking where he talks about the mindset in the context of bug bounty. So far, I only watched one episode but I really identify with what Gunnar says. For me, the most important quote from the video is Compare yourself to yourself...

A single codesearch worth thousands of bugs

There are some vulnerabilities where I think to myself “How on Earth did they make such a stupid mistake?” but there are also ones where I’m not at all surprised that the developer didn’t know about a quirk of a language or a framework. Today, I will show you an...