Bug Bytes #174 – From $0 bounties to $150k, Hacker summer school & How to hack Apache Pinot

By Anna Hammond

June 15, 2022

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

CLICK HERE TO SUBSCRIBE

This issue covers the weeks from June 6 to 13.

Intigriti news

Free webinar – The Ethical Hacker Insights Report 2022

Getting (back) together to hack! 

Our favorite 5 hacking items

1. Video of the week

Bug Bounty 101: #23 – From $0 to $150,000/mo – Hacking Methodology & Mindset

If you are struggling with finding your first bugs, this videos might give you new ideas to experiment with. @_zwink shares the muti-step formula he used to go from $0 bounties in his first month to $150K in less than a year and a half.

2. Writeups of the week

Zimbra Email – Stealing Clear-Text Credentials via Memcache injection
SynLapse – Technical Details for Critical Azure Synapse Vulnerability & TL;DR (Microsoft, $60,000)
Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)

@SonarSource disclosed a cool vulnerability that allowed unauthenticated attackers to steal the login credentials of Zimbra users without interaction, using Memcache injection.

@TzahPahima shared details on a cross-tenant vulnerability in Azure Synapse that made it possible to obtain credentials of Azure Synapse customer accounts, including Microsoft’s!

The third writeup demonstrates a nice strategy for bug hunters: @rotembar, @realgam3 & @naglinagli identified that their target used a specific WordPress plugin, they analyzed one of its patched vulnerabilities, found a new bug, and went over historic recon data to find other vulnerable targets.

3. Tutorial of the week

Not all “Internet Connections” are Equal

This is a good reminder by @Trustwave that some networking issues and configuration can interfere with your security testing and vulnerability scanning. It is good to learn about them to avoid false negatives.

4. Articles of the week

New technique of stealing data using CSS and Scroll-to-text Fragment feature.
Apache Pinot SQLi & RCE Cheat Sheet

@haqpl demonstrates a new CSS exfiltration technique that leverages the new Scroll-to-Text Fragment feature in Chrome. It has some limits but can be useful for leaking information on an app’s users, and is worth knowing if you are interested in XSleaks attacks and CSS exfiltration.

The second article by @Doyensec provides an excellent resource on hacking Apache Pinot. It covers what Pinot is, how to set up a testing environment, how to exploit Pinot databases for SQL injection, RCE and post-exploitation.

5. Resources of the week

OffSec Live: PEN-200! (Starting June 22)
PNPT Live Training (Starting June 22nd at 12pm EST)

Both @offsectraining and @TCMSecurity announced that they will livestream hacking courses for free on Twitch, starting June 22.
This reminds me that @InsiderPhD also announced two upcoming free courses.
Hacker summer school will soon start, no excuses if you want to upskill!

SHARE ON TWITTER

Other amazing things we stumbled upon this week

Videos

Podcasts & Audio

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

0-day: Dogwalk

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

Tips & Tweets

Misc. pentest & bug bounty resources

Articles

Challenges

Bug bounty & Pentest news

Non technical

You may also like