Study/Bugbounty Study
-
[Bugbounty Study] #Dropbox _ SSRFStudy/Bugbounty Study 2020. 11. 25. 16:10
# SSRF (Server Side Request Forgery) _ \$4,913 medium.com/techfenix/ssrf-server-side-request-forgery-worth-4913-my-highest-bounty-ever-7d733bb368cb SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever ! Bug Bounty Write-Up medium.com SSRF란? Server-Side Request Forgery의 약자로 Server Side에서 이루어지는 요청을 변조해 공격자의 의도대로 요청 자체를 변경할 수 있는 공격 정상적인 흐름 : A 사이트에 이미지가 출력될 때, 해당 이미지는 B 사이트에서 응답..
-
[Bugbounty Study] #Bugcrowd _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:57
# CSRF / Account Takeover https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ How a Simple CSRF Attack Turned into a P1 Level Bug Cross-site Request Forgery is easy to lookout for. However, if there are security measures in place to prevent CSRF attacks, they can be exciting (yet nerve-wracking) to bypass. For those who don&#… ladysecspeare.wordpre..
-
[Bugbounty Study] #Facebook _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:48
# Facebook CSRF (Instagram Partial Account Takeover) _ $12,500 https://ysamm.com/?p=379 Facebook CSRF bug which lead to Instagram Partial account takeover. – Bug bounty write-ups Description This bug could allow an attacker to link victim’s Instagram account to his Facebook page and then have full control of The Instagram account by just making the victim visit a malicious website and without th..
-
[Bugbounty Study] #Google _ XSSStudy/Bugbounty Study 2020. 3. 30. 23:55
# Google Translator XSS _ \$3133.70 https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc How did I earn $3133.70 from Google Translator? A bug may seem simple but not at all simple when you need to be … Vietnamese. medium.com 베트남어를 영어로 번영하는 과정에서 우연히 태그가 들어갔고, 아래와 같이 태그가 적용되어 출력되는 것을 확인할 수 있었다. 개발자 도구(F12)를 이용하여 HTML 태그가 실행되고 있는 것을 확인하였다. Google은 encode HTML 태그를 ..
-
[Bugbounty Study] #Shopify _ Open Redirect to XSSStudy/Bugbounty Study 2020. 3. 30. 18:15
#Shopify XSS _ \$1750 https://medium.com/@ashketchum/how-i-earned-1750-at-shopify-bug-bounty-program-ca7821990d08 How I Earned $1750 at Shopify Bug Bounty Program Introduction medium.com Shopify의 your-store.myshopify.com를 살펴보다 설정의 로그인 서비스를 발견하였다. 위와 같이 Enable Google Apps for login에 체크하여, Staff이 구글을 통해 로그인을 시도하면 어떤 방식으로 권한을 주는지 살펴보았다. Log in with Google을 하면 볼 수 있는 "google_apps_uri" 파라미터에서 Open Re..