The 5 Hacking NewsLetter 107
Posted in Newsletter on May 27, 2020
Posted in Newsletter on February 5, 2020
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 24 to 31 of January.
Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. Because authorization checks often only happen on write, you can come back after the ID was created. Because the model references a model that isn’t yours, you may be able to bypass authorization, often leading to information disclosure.
Awesome IDOR technique by @jobertabma! The idea is to replace an ID with one that does not exist yet (e.g. ID+1). Wait for ID+1 to exist and see if you can access its information.
Now to revisit old programs to test for potentially missed IDORs/info disclosures…
This is an excellent writeup on Shitrix (CVE-2019-19781). It shows how to exploit the vulnerability “manually” when public exploits are not working. In this case, the NOTROBIN malware had infected the target and made changes to prevent other exploitation attempts.
Knowing how to bypass it can be helpful for penetration tests.
Yay! My favorite bug bounty podcast is back, with @0xacb this time. No spoilers, let’s just say that it is worth listening to if you’re into bug bounty and want to know how to reach “cosmic brain level 10”.
The first article is awesome work but will break a few hearts! It explains the impact of Samesite cookies beyond CSRF. Many other client-side bugs are affected including Clickjacking, XSSI, XSLeaks, Cross-Site WebSocket Hijacking…
The second article in an awesome interview with @EdOverflow. Among other things, he shares insight on finding logic flaws and discovering “goldmines” (untapped areas of research).
This is a great tutorial on leveraging Discord WebHooks for automated recon. This feature makes it easy to send notifications to Discord from Bash scripts. A subdomains monitoring example is also given. It has never been so easy!
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/24/2020 to 01/31/2020.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…