Bug Bytes #103 – Cookie tossing, Recon tools benchmarks & Stealing Google docs with screenshots

By Anna Hammond

December 30, 2020

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from 20 to 27 of December.

Intigriti News

The SolarWinds Saga continued & The evolution of cybersecurity in 2020

Our favorite 5 hacking items

1. Articles of the week

Fun with IP address parsing
Helping secure DOMPurify (part 1) & A word about DOMPurify bypasses a.k.a why DOM parsing is crazy |

@dave_universetf wrote an IPv4+6 parser from scratch which led him to discover several cursed IP address representations. This type of corner cases are interesting when looking for URL validation bypasses (e.g. for SSRF or open redirect).

The second article (and accompanying video) are excellent resources for anyone who saw the many recent DOMPurify bypasses and wondered how to find such vulnerabilities.

2. Writeups of the week

Cookie Tossing to RCE on Google Cloud JupyterLab (Google, $3133.70)
[Google VRP] Hijacking Google Docs Screenshots (Google)
Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge (Node.js third-party modules)

@kl_sree found a cool PostMessage misconfiguration on Google Docs that allowed him to steal the content of documents by screenshotting them.

@spaceraccoonsec shares the details of a prototype pollution he found in the “ini” NPM package. Since it is used by almost 2000 dependent packages, this bug could’ve been exploited for a serious supply chain attack.

@S1r1u5_ wrote about an RCE on Google. It covers the interesting topic of “Cookie tossing” that can be used to increase the impact of XSS bugs found in out of scope or sandboxed domains.

3. Videos of the week

How to duplicate less with Bug Bounties
Automate your Bug Hunting using Nuclei | Writing our own nuclei template | Be The H.A.C.R. – Ep. 18

Continuing his excellent series for bug bounty beginners, @codingo_ shares advice to help increase bug impacts and avoid duplicates.

The second video by @AseemShrey should also help with those dreaded dupes. He explains how to write your own Nuclei templates. It is a good introduction for anyone who wants to automate some bug bounty checks and customize Nuclei to differentiate yourself.

4. Resource of the week

Subdomain tools review & Recon suites review

These are two cool benchmarks for Web application testers. Six2dez1 does an awesome job of comparing subdomain enumeration tools (based on their features and results) and recon suites (based on their features and tools).

5. Tutorial of the week

Metasploit Tips and Tricks for HaXmas 2020

This one is for Metasploit power users. It has many advanced tips and tricks with a mix of old and recent features (e.g. how to debug failed HTTP modules, how to inline options when running a module, resource scripts for streamlining repetitive workflows, refining search results, etc).

Other amazing things we stumbled upon this week



Webinars & Webcasts


Slides & Workshop material


Medium to advanced

Beginners corner


Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.


Misc. pentest & bug bounty resources



Bug bounty & Pentest news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/20/2020 to 12/27/2020.

You may also like