분류 전체보기
-
[Bugbounty Study] #Amazon S3 _ Sensitive Data ExposureStudy/Bugbounty Study 2020. 12. 29. 02:08
# Sensitive Data Exposure _ $400 virdoexhunter.medium.com/misconfigured-s3-bucket-leads-to-sensitive-data-exposure-no-super-controls-f47e26b586c6 Misconfigured s3 bucket leads to Sensitive Data exposure(No super controls ) Amazon S3 (Simple Storage Service) is one of the popular and widely used storage services. Many companies are using S3 buckets to store… virdoexhunter.medium.com 해당 글은 잘못된 S3 ..
-
[Bugbounty Study] #FacebookStudy/Bugbounty Study 2020. 12. 17. 22:41
해당 취약점은 얼마의 바운티를 받은지 알 수 없었다. medium.com/@amineaboud/story-of-a-weird-vulnerability-i-found-on-facebook-fc0875eb5125 Story of a weird vulnerability I found on Facebook Bug Bounty: Leak of internal Facebook documents medium.com 몇몇 서브도메인을 보는 중, "legal need" 에 사용된 흥미로운 서브도메인을 발견하였다. ("legal need" 에 사용된 서버는 일반적으로 중요한 데이터를 포함한다.) https://legal.tapprd.thefacebook.com/ 따라서, 구글링을 통해 해당 url을 포함한 엔드포인트를 찾..
-
[Bugbounty Study] #Twitter _ Open Redirect to XSSStudy/Bugbounty Study 2020. 12. 3. 23:21
# dev.twitter.com Open Redirect to XSS_ $1,120 hackerone.com/reports/330008 Twitter disclosed on HackerOne: [dev.twitter.com] XSS and Open... Description: Hi after I finish reading the report https://hackerone.com/reports/260744.i start to test this subdomain.i fount an interesting url [https://dev.twitter.com/web/sign-inhttps://dev.twitter.com/basics/adding-international-support-to-your-apps].t..
-
[Bugbounty Study] #Dropbox _ SSRFStudy/Bugbounty Study 2020. 11. 25. 16:10
# SSRF (Server Side Request Forgery) _ \$4,913 medium.com/techfenix/ssrf-server-side-request-forgery-worth-4913-my-highest-bounty-ever-7d733bb368cb SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever ! Bug Bounty Write-Up medium.com SSRF란? Server-Side Request Forgery의 약자로 Server Side에서 이루어지는 요청을 변조해 공격자의 의도대로 요청 자체를 변경할 수 있는 공격 정상적인 흐름 : A 사이트에 이미지가 출력될 때, 해당 이미지는 B 사이트에서 응답..
-
[Bugbounty Study] #Bugcrowd _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:57
# CSRF / Account Takeover https://ladysecspeare.wordpress.com/2020/04/05/how-a-simple-csrf-attack-turned-into-a-p1-level-bug/ How a Simple CSRF Attack Turned into a P1 Level Bug Cross-site Request Forgery is easy to lookout for. However, if there are security measures in place to prevent CSRF attacks, they can be exciting (yet nerve-wracking) to bypass. For those who don&#… ladysecspeare.wordpre..