SSRFs are one of my favourite bug classes and I’m always amazed to find out about new attack vectors for them. This week, I’ve learnt about exploiting SNI proxy misconfigurations, from a blogpost by Aleksei Tiurin:...
#48
Safely detect Server-side prototype pollution
Server-side prototype pollution often results in an RCE. However, it is very prone to DoSing the app while trying to confirm or exploit it and DoSing the app isn’t what we want to do when hunting on bug bounty programs. But Gareth Heyes made some research and found a...
Triage from the other side – improve your reporting
What’s the most important part of a racecar? Things you probably think of are the engine, aero, chassis, brakes… But did you think about tires? Tires are the single thing sticking a racecar to the track and if you have bad tires then it doesn’t matter how great your...
Learning a new challenging concept
Learning a new challenging concept can be daunting, but with the right mindset and approach, you can tackle and master any skill. I’m a learning junkie and in this article, I’ll explore practical steps and strategies that I’ve used over the years to make it easier....
Preventing XXEs in Java is hard – analysis of 10 classes
You might think that preventing XXEs is easy. "Just disable external entities" would be my recommendation in a pentest report. However, Pieter De Cremer and Vasilii Ermilov from semgrep tested ten different XXE attack vectors on ten different Java classes,...
From finding the target, the bug, through getting the CVE, up to my first CodeQL bounty
Last year, I received my first CodeQL bug bounty, which was a very satisfying achievement because I felt that this bug bounty program was right for me and my skillset. It’s a very unusual program because you receive a bounty for the scanner code that you wrote and not...