The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on April 16, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 05 to 12 of April.
Better Exfiltration via HTML Injection, tl;dr by @fransrosen & sic (Sequential Import Chaining tool)
This is great example of how far collaboration can go for bug hunters, how to do research and invent a new attack.
André Baptista and Cache-Money found an HTML injection with clickjacking as the worst-case scenario.
The bug wasn’t an XSS because the target used DomPurify. But since DomPurify allows style tags by default, @donutptr started looked for a way to exfiltrate sensitive data using just a style tag.
It’s similar to a CSS injection but the new attack has less prerequisites and works even though the target limits the payload’s size.
The whole writeup is excellent to learn about CSS injection, and the kind of creativity/perseverence that makes you go from HTML injection to a 5 digit bounty despite many technical obstacles.
Dell KACE K1000 Remote Code Execution - the Story of Bug K1-18652
This is a writeup of the bug that made @MrTuxracer winner of HackerOne’s H1-3120 event.
It’s an RCE on an in-scope Dropbox vendor. I find his process fascinating:
Social engineering to get a demo app and taking the time to install an app locally and review its source code… remind me of this advice by @gwendallecoguic:
You just need to do what other people don’t, because they didn’t think about it or because they were lazy, success guarantee.
I haven’t had the opportunity to test this tool, but I will definitely do it ASAP. It’s a Python script for mass feeding URLs to Burp suite’s sitemap/target tab.
This can be handy to transition from automated recon (and enumeration of live domains) to manual testing with Burp.
You can also add rules to detect other vulnerabilities, and play with the OWASP Juice Shop to test them. I’d also combine such linting tools with manual anlysis because many bugs won’t be found with automation.
This is a follow-up video to last week’s explanation of the mutation XSS found by @kinugawamasato on Google.
This time @LiveOverflow provides insight into how Masato found that XSS, and the kind of research he was involved in that allowed him to find it.
It’s really interesting for anyone who wants to get into Web security research, or understand what make hackers like @albinowax, @sirdarckcat, @garethheyes or Mario Heiderich so good at research.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 04/05/2019 to 04/12/2019
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…