The 5 Hacking NewsLetter 107
Posted in Newsletter on May 27, 2020
Posted in Newsletter on May 5, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 24 of April to 01 of May.
postMessage-tracker is a Chrome extension presented by @fransrosen in his “Attacking Modern Web Technologies” talk. It monitors postMessage listeners in all subframes of the window and logs everything, helping find postMessage issues such as XSS and data extraction bugs.
This is a very well-written and informative writeup on SSRF. @d0nutptr shares what he looks for when testing SSRF, and 5 interesting bugs he found that earned hime more than $4,800 in total.
My main takeaway is to start signing up to apps using Burp Collaborator emails like
[email protected]. If you receive an HTTP request in addition to the expected SMTP message (email), there is potential for SSRF.
Hackers are sharing so much good stuff these days! In this week’s must-see videos:
@securinti solves Intigriti’s latest XSS challenge. He based it on a bug found in a live hacking event, and shares so many cool tips on using Chrome DevTools.
@zseano hacks a Web app live and thinks out loud, sharing his mindset and approach.
Mayonaise talks about his recon workflow and hacking approach, automation, learning process…
@stokfredrik shares advice on how to learn new skills, and dealing with duplicates. Personal development applied to hacking!
These are two interesting reads that can help get into a successful bug hunting mindset. @zseano is interviewed about his unique approach and experience, and @sharathsanketh shares some of his realizations as a beginner bug hunter trying to up his game.
Daily-commonspeak2 is an unofficial repo for Commonspeak2 wordlists generated daily. Useful for subdomains recon!
The mobile testing checklist covers both iOS and Android. I like its simple format that helps remember everything to test for, with references and the tools needed.
Potential stored Cross-Site Scripting vulnerability in Support Backend (HackerOne)
Character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error (Twitter, $560)
Remote Code Execution via Insecure Deserialization in Telerik UI
Arbitrary file read via the UploadsRewriter when moving and issue (GitLab, $20,000)
Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams (Microsoft)
Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg (Uber, $4,000)
Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin (Trello, $3,600)
Researching Polymorphic Images for XSS on Google Scholar (Google, $9,401.1)
Bitrix WAF bypass (Mail.ru, $300)
[Bug Bounty Writeups] Exploiting SQL Injection Vulnerability ($2,000)
Indirect UXSS issue on a private Android target app ($1,000)
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 04/24/2020 to 05/01/2020.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…