Bug Bytes #164 – New Collaborator domain, BITB attack & XSS to RCE on an almost static site

By Anna Hammond

March 23, 2022

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

CLICK HERE TO SUBSCRIBE

This issue covers the week from March 14 to 21.

Intigriti news

Intigriti’s March XSS challenge By @BrunoModificato

Our favorite 5 hacking items

1. Tip of the week

Using privacy.com to generate cards with $0 spending limit

Tell the truth, have you ever been charged after signing for a trial then forgetting to cancel the subscription?
It happened to me more times than I’d like to admit, but it won’t anymore thanks to @hacker_ fantastic tip: Using privacy.com‘s free tiers, it is possible to create virtual cards with a $0 spending limit and never get charged for anything.

2. Writeups of the week

From XSS to RCE (dompdf 0day)
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera (Google, Microsoft & Opera, $10,000)

@positive_sec penetration testers discovered an XSS on a mostly static site. They share how this low impact finding led to RCE because of a functionality to export pages as PDF. A creative tale involving HTML injection in a HTML-to-PDF converter and injecting PHP disguised as a font.

The second writeup is about a system environment variables leak in the Chromium engine, found by @pulik_io and impacting Google Chrome, Microsoft Edge, and Opera.

3. Tutorial of the week

Basic security for humans in 4 Fridays

This reminds me of a cousin who has trouble remembering all her passwords but refuses to use a paid password manager or anything complex to set up.
This tutorial is the perfect solution to share with her and anyone in our lives who needs a simple solution to manage passwords, MFA and secure their devices using only reputable free software.
Thanks to securibee for sharing this link on your newsletter where I discovered it!

4. Article of the week

Browser In The Browser (BITB) Attack & Repo

@MrDox demonstrates a simple but terrifyingly effective phishing technique: Using HTML/CSS to create a fake “Login with Google/Microsoft/Apple/etc” popup window. It is just appears like a popup with the right URL, but is actually just an image inside the attacker’s site.
Note that this is not new, similar attacks have been known as “picture-in-picture attack”.

5. Video of the week

Q: PENTEST VS BUGBOUNTY? (Bounty Thursday’s – ON AIR)

I know I’ve already mentioned this show before, but it just brings me so much joy.
The production is top notch, the bug bounty news part is always informative, and the new Q&A / chat part brings the show to a whole new level.
I am sure y’all already know about it, so this is essentially a shoutout to @stokfredrik for sharing such quality and joyful content for hackers.

SHARE ON TWITTER

Other amazing things we stumbled upon this week

Videos

Podcasts / Audio

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Known vulnerabilities

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

Tips & Tweets

Misc. pentest & bug bounty resources

Articles

Challenges

Bug bounty & Pentest news

Non technical

You may also like