Orange Tsai took a look a “glance” at Apache HTTP Server which resulted in 9 CVEs: CVE-2024-38472 - Apache HTTP Server on Windows UNC SSRF CVE-2024-39573 - Apache HTTP Server proxy encoding problem CVE-2024-38477 - Apache HTTP Server: Crash resulting in Denial of...
Articles by Issue
The 3 biggest lessons from my first LHE
I’ve been a participant of the h1-702 Live Hacking Event in Las Vegas and it was an unforgettable experience! This one week profoundly changed the way I see bug bounty. In this article, I’ll describe my biggest lessons from the LHE. Of course, most technical things...
Bypassing admin checks and more – Privilege Escalation case study
Privilege escalation bugs were not something I used to pay a lot of attention to. Thus, I was amazed when, to prepare for the interview with Douglas Day, I spent a few hours just hunting for them and quickly, I found two of them on a program I've already been familiar...
The secret to finding many Criticals – Alex Chapman – BBRD podcast #14
Finding criticals is hard. Often, you can only target some users, need interaction or the impact isn't that high. However, there's one man that has no problem finding Criticals. It's Alex Chapman and I spoke with him in the recent episode of the podcast to...
How to exploit Android deeplinks
Mobile hacking has been and still is perceived as a niche within bug bounty. If that’s something you’d like to go into, make sure to pay attention to how deeplinks can be exploited and also what to look for when you check WebView-related functionality. To learn about...
Hacking Millions of Modems (and Investigating Who Hacked Sam’s Modem)
Sam Curry wrote an interesting story that started with someone repeating his local HTTP requests and ended with detecting a bug that allowed him to control thousands of routers. https://samcurry.net/hacking-millions-of-modems
SignSaboteur: forge signed web tokens with ease
Zakhar Fedotkin released a Burp plugin that aids in forging web tokens. It's not only about JWTs which are pretty easy to forge but about technology-specific cookies from frameworks like Django, Flask or Express....
Oauth secrets – my NahamCon talk
My talk “Oauth secrets” from Nahamcon, as well as many other talks, are published on YouTube. The Oauth attacks from the talk are something you must be familiar with these days so make sure to watch it. If you’re a BBRE Premium member and read the issues from the...
.js Files Are Your Friends | @zseano
JS files are a goldmine of information but working with them isn’t easy. In the NahamCon talk, zseano shows us his approach to JS files. Watch the full talk here or continue to read my notes. Endpoints in JS files These days it’s very common to use client-side JS code...
Things you wish you didn’t need to know about S3
If you thought you knew S3 buckets, I think you are underestimating them. In this article, Daniel Grzelak showed a lot of S3-related tricks I had no idea about. For example, when uploading an object, you can specify a file’s location in metadata which will give you an...