Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from November 6th to November 19th

CLICK HERE TO SUBSCRIBE

Intigriti News

• Check out the interview with @eckert_madeline from @Microsoft explaining the importance & differences between #BugBounty & #VDP, and how you can partner with them!

• Were you one of the 10 teams who solved the #1337UPLIVE game hacking challenge, “Dark Secrets”? If not, here’s a walkthrough from @_CryptoCat

• The #1337UPLIVE 2023 CTF is OVER!! Massive congratulations to the winning teams

• Intigriti’s October Challenge is over!!

From my notebook

1. where do you ACTUALLY submit vulnerabilities?

2. Dan Rearden | The Write-Ups & Downs To Making A Great Write-Up | Simply Cyber Con 23

3. Bug bounty: year 2 – 0days, a $20k bounty and… laziness – bounty vlog #5

4. Easy $500 Vulnerabilities! // How To Bug Bounty

5. Biden’s 8 Rules for AI Usage & What it Means For You

• Potential vulnerability in AI chatbots feat. @rez0 #bugbounty #bugbountytips #bugbountyhunter (shorts)

• Watch out for API use theft when implementing AI chatbots feat. @rez0 #bugbounty #bugbountytips (shorts)

• Wow! Sam Altman fired from OpenAI! #ai #chatgpt (shorts)

• How to Use DOM Invader in 2023

• How to monetise a scalable 0day in bug bounty? #bugbounty #bugbountytips #bugbountyhunter (shorts)

• What are clients REALLY asking? | Soft Skills for Hackers

• NoSQLi Tutorial Using PortSwigger (with labs)

• $3,200 client-side DoS in PayPal #bugbounty #bugbountytips #bugbountyhunter (shorts)

• What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports

• Another Cisco 0-day discovered #cybersecurity #cisco (shorts)

• Getting Started with CTF’s

• Bug Bounty Stories: HACKING REDBULL again! (Tomcat + Jolokia Walkthrough)

• The OG Bug Bounty King – Frans Rosen (Ep. 45)

• URL Parsing & Auth Bypass Magic (Ep. 44)

• It Wasn’t Easy to Print $250 Million of Counterfeit Cash🎙Darknet Diaries Ep. 102: Money Maker

• Phillip Wylie Show with Olivia Gallucci

• One Click, $9 Million In Student Debt Erased🎙Darknet Diaries Ep. 139: D3f4ult

• Why Was Puerto Rico’s Lottery Leaking Millions of Dollars a Month? 💸 Darknet Diaries Ep 101: Lotería

• Beginner

  • Master JSON in 8 Minutes

  • Access control vulnerabilities

  • Let’s together dive deep into information disclosure

  • Broken Access Control and Privilege Escalation: What You Need to Know

• Intermediate

  • OpenCart Static Code Injection in common/security.admin

  • Hacking Microsoft IIS : Enumerating IIS for V

  • AppSec Tales XXIII | XPathI

  • How to find vulnerabilities in a web page in 10 minutes

  • How I Automatically Generate XSS Payload & Automate Reflected XSS

  • #4 Session Fixation — Secure Code Explain

  • What is Kerberoasting?? How it works

  • A Pentester’s Approach to Kubernetes Security — Part 1

• Advanced

  • Exploiting Blind XXE: Going Out of Band

  • Exploiting Parallels Plesk Panels With Shodan

  • Unveiling Sensitive Information Exposure: IIS Tilde Enumeration Vulnerability

  • Janus Vulnerability (CVE-2017–13156)

  • Escalating Blind SSRF to a Remote Code Execution

  • Akamai Bypass! Advanced XSS.

  • Decoding Advanced XSS Payload Chaining Tactics

• Security Research

  • Process stomping and loading beacon with sRDI

  • Building a free Burp Collaborator with Cloudflare Workers

  • Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)

  • Plundering Postman with Porch Pirate

  • protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities

  • I analyzed stackoverflow

  • CrushFTP – CVE-2023-43177 – Unauthenticated Root-Level RCE Chain

  • Accessing Azure Kubernetes Service as Guest and Cross-Tenant

  • Escaping the sandbox: A bug that speaks for itself

  • Static Code Injections in OpenCart (CVE-2023-47444)

  • Tapping into a telecommunications company’s office cameras

  • Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero

  • When An AOL Coder Sold the Whole Database

  • From Akamai to F5 to NTLM… with love.

  • Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app

  • Our Pwn2Own journey against time and randomness (part 2)

  • 50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

  • Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)

  • PRTG Remote Code Execution

  • Post-exploiting a compromised etcd – Full control over the cluster and its nodes

  • Your printer is not your printer ! – Hacking Printers at Pwn2Own Part II

• Bugs

  • Privilege Escalation: Unauthorized Low-Privilege Users Creating Feature Bundles

  • Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program

  • OAuth Misconfiguration Leads To Pre-Account Takeover(snapchat)

  • $1000 Bounty: How I scaled a Self-Redirect to an XSS in a web 3.0 system at Hackenproof

  • How I got a $500 reward for finding an unacclaimed bucket on GitHub

  • Riding the Waves of API Versioning: Unmasking a Stored XSS Vulnerability, CSP Bypass Using YouTube…

  • Easy Admin Access — RVDP

  • How I hacked Google’s bug tracking system itself for $15,600 in bounties

  • Idor That allowed me to get access to sensitive users files and share them

  • SSRF – access to ssh keys

  • Google VRP -[IDOR] Deleted Victim Data & Leaked

  • 1200$ IDOR Flaw: Allow Attacker To Approve Project Time Tracking

  • I created posts on the newsletter page dedicated to the program administrator

  • Subdomain takeover and Text injection on a 404 error page-$100 bounty

  • Unlocking Cash: Easy P1 Bug in Grafana Dashboard with Default Credentials = €€€€

  • Dutch T-Shirts for Dutch Hacks: A Tale of Four Vulnerabilities!!

  • Bypassing 2FA for Password Reset : By Request Manipulation 500$ Bug

  • Race Conditions with pipelining

  • Breaking Barriers: Unmasking the Easy Password Validation Bypass in Security Key Registration

  • $1800 Bounty: Exploiting Unpredictable Data that Leads to All Users PII Exposure in an IDOR

  • How I was able to find BAC on the University website leading to result dumping?

  • CRITICAL BUG Alert: How I HACKED into a company’s DATABASE

  • Cloudflare Bypass leads to RXSS[Reflected-Cross Site Scripting] in Microsoft

  • LFI to RCE — Bug bounty

  • How I sent multiple payment requests on PhonePe, Paytm, and Google Pay

  • Discovering and Exploiting a XML External Entity (XXE) Vulnerability in a Public Bug Bounty Program

• CTF challenges

  • HackTheBox – Sandworm

  • HTB: Sandworm

  • Exploring a Flask App with SSTI [HackTheBox Sandworm]

  • Post IR Investigation – MoveIT Exploit – HTB Sherlocks – I Like To

  • HackTheBox – Download

  • HackTheBox – Broker

  • HTB: Broker

  • SSTI bypass using CRLF (1337 UP CTF — Smarty Pants)

  • GraphQL Misconfiguration Leads to Unlimited Money Transfer (Intigriti CTF — Bug Bank)

  • JWT Intrigue: Hidden Keys within Web Applications

  • Har Har Hijack: The Okta Plunder

  • TickTock Intrusion: The Timing Attack Challenge

  • Huntress CTF 2023 — Write-up

  • Jupiter | HTB | Grafana | raw SQL Query | Shadow Simulator RCE | Sattrack

• Goblob – A Fast Enumeration Tool For Publicly Exposed Azure Storage Blobs

• Forbidden-Buster – A Tool Designed To Automate Various Techniques In Order To Bypass HTTP 401 And 403 Response Codes And Gain Access To Unauthorized Areas In The System

• Afuzz – Automated Web Path Fuzzing Tool For The Bug Bounty Projects

• SSL Search — A tool to identify infrastructure and discover attack surfaces.