Bug Bounty & Agile Pentesting Platform

Bug Bytes #173 – JDBC attacks reloaded, RCE via email & Benchmarking port scanners

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from May 30 to June 6.

Intigriti news

The Ethical Hacker Insights Report 2022
Keep up with Intigriti’s events in June
Apply to Intel’s Project Circuit Breaker live hacking event

Our favorite 5 hacking items

1. Articles of the week

Arbitrary File Upload Tricks In Java
Make JDBC Attacks Brilliant Again II
Port Scanner Shootout

In the first article, @pyn3rd shares some tricks to bypass WAFs when testing for file upload vulnerabilities in Java apps. One of them is also useful for SSRF and XXE.

The second article is a new addition to @pyn3rd‘s research on JDBC attacks. It focuses on PostgreSQL databases which were not included in the “Make JDBC Attacks Brilliant Again” talk .

“Port Scanner Shootout” is a benchmark of port scanning tools by @s0cm0nkeysec. They compare nmap, masscan, naabu and rustcan, with details on each tool’s capabilities and pros/cons.

2. Writeup of the week

Horde Webmail – Remote Code Execution via Email

@SonarSource‘s R&D team describe a cool RCE they discovered in Horde Webmail’s default configuration.
It is triggered when a user authenticated on the webmail server opens the attacker’s email (containing a CSRF exploit), and results in RCE on the server and stealing the victim’s clear-text credentials.

3. Video of the week

Could I Hack into Google Cloud?

Google recently announced the winners of the 2021 GCP VRP Prize.
In this video, @LiveOverflow dissects their writeups, trying to understand the bugs, if he could’ve found them, and what differentiates the winning writeup.

4. Challenge of the week

NotSoCereal-Lab

@notsosecure released this new playground for practicing insecure deserialization. It includes four web apps vulnerable to Java, PHP, Python and Node deserialization, with solutions.
If you want to play with this trendy vulnerability, import the VM in VirtualBox and put your hacker detective hat on!

5. Vulnerability of the week

CVE-2022-26134 – Confluence Server and Data Center unauthenticated RCE

New week, new critical 0-day. CVE-2022-26134 is an unauthenticated RCE in all versions of Confluence. It was first discovered as a 0-day being exploited in the wild.
If you are new to OGNL injection, this is a good opportunity to learn about it with this real-life example.

Other amazing things we stumbled upon this week

Videos

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • npmdomainchecker: Checks all maintainers of all NPM packages for hijackable domains
  • websitewatcher: Monitor sites for changes with email notifications
  • dsieve: Take a list of urls and filter or extract domains by level
  • Astra-Bot: Python based Discord bot which allows you to run tools like nmap and amass from Discord
  • Reverse SSH: SSH based reverse shell

Tips & Tweets

See more tips on this week’s Twitter collection.

Misc. pentest & bug bounty resources

Articles

Reports

Challenges

Bug bounty & Pentest news

Non technical

 

%d bloggers like this: