By Anna Hammond
December 15, 2021
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from December 6 to 13.
How Intigriti responded to the Log4j vulnerability
Log4Shell a.k.a CVE-2021-44228
I came back to work from a long weekend only to find a deluge of information on this incredibly impactful RCE in Log4j.
For a quick introduction to the vulnerability, I recommended starting with this lunasec.io article and the first 15 minutes of this SANS video.
If you want more technical details, here is a list of resources I posted on GitHub: pentesterland/Log4Shell.
CVE-2021-43798 – Path Traversal Vulnerability In Grafana, Grafana update & How to Identify and Exploit it
@j0v0x0 just published a writeup on how he discovered CVE-2021-43798 using source code review and Web fuzzing. It is a great read to understand the context behind the vulnerability.
If you’re more interested in looking for it in pentest targets or bug bounty programs, check out @nahamsec‘s awesome video tutorial.
Don’t Reply: A Clever Phishing Method In Apple’s Mail App (Apple, $5,000)
$5k for a bug bounty report on phishing, that’s not so common! It is understandable though.
@jon_bottarini got a hint from @samwcyo that it was possible (at the time) to load PHP files inside <img>
tags. This behavior could be exploited to create extremely credible phishing emails targetting Apple Mail.
How hackers pollute your code.
@PwnFunction is back with a new video on prototype pollution. As usual, a very informative and clear explanation of an interesting bug class.
Ed Theory for Hackers: What a Teacher Wants Infosec to Know | Michael Taggart
If you’re struggling with the high learning curve in InfoSec, you will find this webinar enlightening. It is about learning how to learn, creating a learning plan, and common pitfalls that might be hindering your progress.
I opened on a malicious email attachment.. and this is what happened!
Update requests with rotated session after user logs out | Burp Suite Pro | Cookies & Authorization
The Hacker Recipes: sAMAccountName spoofing, CVE-2021-42287/CVE-2021-42278 Weaponisation, noPac & WazeHell/sam-the-admin
ModSecurity DoS Vulnerability in JSON Parsing (CVE-2021-42717)
A phishing document signed by Microsoft – part 1 (Microsoft)
Bypass a fix for report #708013 (Login bruteforce) (Shopify, $3,500)
See more writeups on The list of bug bounty writeups.
HeySerial & Intro: Systematically Hunting for Deserialization Exploits
whoc: A container image that exfiltrates the underlying container runtime to a remote server
SAPP (Static Analysis Post Processor): Takes the raw results of Facebook’s static analysis tool Pysa, and makes them explorable both through a CLI and a web UI
Dependency Combobulator: Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks
GoTestWAF: Golang project to test different WAFs for detection logic and bypasses
Springboot >2.2.6.RELEASE behavior that can be used to bypass path traversal allowlists
Using fff to quickly fetch a list of URLs in CLI, while adding them to Burp
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory
h1-ctf (ends on December 23)
Bug bounty
Cybersecurity
Tool updates
Second Order v3.0 & v3.1 (major rewrite)