Bug Bytes #110 – Scope based recon, Finding more IDORs & How to hack Sharepoint

By Anna Hammond

February 17, 2021

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from February 8 to February 15.

Intigriti News

New XSS challenge, curated by @holme_sec

Congratulations @StanFaas, @holme_sec and @qimpz for your new hacker portraits!

New “Bounty bag” item in our swag store

Google’s Open Source Vulnerabilities, A US town’s water supply hack & Windows/Chrome security concerns

Our favorite 5 hacking items

1. Article of the week

Scope Based Recon Methodology: Exploring Tactics for Smart Recon

You might’ve already seen Harsh Bothra (@harshbothra_)’s past talks on this same topic. This is a nice complement that includes a recon methodology with three options based on the program’s scope (small, medium and large), links to tools and a summary mindmap.

2. Writeup of the week

OAuth Misconfiguration Leads to Full Account takeover

This is an interesting finding by Yasser Mohammed (@boomneroli). It starts with OAuth CSRF that doesn’t work despite a missing CSRF token, debugging it with postMessage-logger, and ends up being a cool bug chain involving OAuth CSRF, postMessage and Clickjacking leading to account takeover.

For other cool writeups, also keep an eye on @Samm0uda who started sharing some of his 50 bugs found in Facebook.

3. Tutorials of the week

Finding More IDORs – Tips And Tricks
The Lone Sharepoint

Who doesn’t like IDOR? The first tutorial goes over several IDOR techniques to check on ID parameters and API calls.

The second article is a nice collection of Sharepoint attacks that might come in handy during a pentest?

4. Tool of the week

Confused

Short after the new dependency confusion writeup was published, @joohoi shared this tool that automates checking for it. It is in Go and currently supports three package managers (pypi, npm and composer).

5. Resource of the week

Language Agnostic Security Code Review

This article provides a language-independent methodology for security code review. Of course, the more knowledge you have of a programming language, the better code review you can do but this is a good start. It’s a basic methodology to build upon with experience.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Slides

Tutorials

Writeups

Challenge writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • dooked: DNS and Target HTTP History Local Storage and Search

  • RepeaterClips: Burp extension that sends a compressed Base64 encoding of any request to your clipboard for easily sharing it

  • BurpParamFlagger: Burp extension that adds a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI

  • Reconmap: Open-source pentesting management and reporting platform

Tips & Tweets

Misc. pentest & bug bounty resources

Challenges

Articles

Bug bounty & Pentest news

Non technical

Community pick of the week

Well-done on the XSS challenge, @liam_galvin!

Do you want swag too? Then make sure to check out our current XSS challenge! And tag us on social media if you want to share any cool swag, bug bounty wins and joys.

You may also like