Day126: 每日漏洞挖掘——5.6

1.On the Fuzzing Hook

https://www.code-intelligence.com/blog/on-the-fuzzing-hook

介绍fuzzing hook

2. How masscan works

https://rushter.com/blog/how-masscan-works/

写扫描器的,可以看下。

3. 阿里味儿的代码审计随想

https://evilpan.com/2022/05/01/code-audit-thoughts/

4.$1000: How I could have Hack any account and become a billionaire overnight👑Top Crypto-Trading Platform

https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c

漏洞分析:

  1. https://hackerone.com/reports/1551176 Able to bypass email verification and change email to any other user email 绕过电子邮件验证

挖掘进度:

继续databricks,已经有新的私有项目发过来了,正在recon

Day125: 每日漏洞挖掘——5.5

单独文章:

1.GraphQL的漏洞的挖掘

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/

2.Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading

https://github.com/Metnew/write-ups/tree/main/rce-gh-cli-run-download

这篇文章比较有意思。

3.How to Analyze Malicious PDF Files

https://www.intezer.com/blog/incident-response/analyze-malicious-pdf-files/

4.You need to hear this if you are new/want to start bug hunting

https://mokhansec.medium.com/you-need-to-hear-this-if-you-are-new-want-to-start-bug-hunting-6b5b5c8ba8d0

gitlab的三个漏洞:

  1. https://systemweakness.com/1-3-brute-force-protection-bypass-gitlab-15a17909bb
  2. https://medium.com/@_ip_/2-3-xss-through-the-front-door-gitlab-fc4b6799e743
  3. https://medium.com/@_ip_/3-3-cache-poisoning-lateral-movement-gitlab-9c6288708576

挖掘进度:

继续databricks。然后把hackerone的私人邀请全部退了,等待新的邀请。

Day124: 每日漏洞挖掘——5.4

1.AZure RECON

https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques/

2.hakluke的hakoriginfinder 项目

https://github.com/hakluke/hakoriginfinder

主要是用来绕过WAF的和代理的。方法就是用相似度。

3.dirhunt 不使用bf的目录发现工具

https://github.com/Nekmo/dirhunt

爬虫做得好啊

4.DNS Hi-Jacking Post Mortem & Compensation

https://medium.com/@MMFinance/dns-hi-jacking-post-mortem-compensation-3e2b5bb21183

漏洞分析:

  1. https://hackerone.com/reports/1416612 点击劫持删除开发者应用,这钱少了
  2. https://hackerone.com/reports/1437294 错误配置URL schema,可以刷关注,这个厉害,这钱也少了
  3. https://hackerone.com/reports/1500614 WebView劫持,一万刀

挖掘进度:

继续databricks

Day123: 每日漏洞挖掘——5.3

1.oauth-account-takeover

https://blog.dixitaditya.com/oauth-account-takeover

2.The tale of CVE-2021–34479 (VSCode XSS)

https://medium.com/techiepedia/the-tale-of-cve-2021-34479-vscode-xss-b336ba6cf3d6

3.Exploiting Password Reset Bugs

https://infosecwriteups.com/exploiting-password-reset-bugs-1936991d0ab0

漏洞分析:

  1. https://hackerone.com/reports/1266828 邀请功能的漏洞其实蛮多的,这里绕过了员工邀请发送的限制,导致账号接管
  2. https://hackerone.com/reports/1256375 博客文章加密的,绕过访问atom就可以直接读取,没有验证权限。确实feed的权限是可以测试一下的。
  3. https://hackerone.com/reports/1363672 一个空格绕过登录限制?

挖掘进度:

开始挖掘databricks

Day122: 每日漏洞挖掘——5.2

1.Detecting Emerging Malware On Cloud Before Virustotal Can See It 

靠机器智能完成恶意软件的批量发现,除了自变异多态、代码重用两个方向,还有供应链攻击等其他方向

2.记录一次逆向容器镜像的过程

https://xz.aliyun.com/t/11262

我发现我都做过这些操作,可能是一些学习docker源码的时候,需要这样干。

3.How to master Google Hacking (Dorking)

https://blog.blockmagnates.com/how-to-master-google-hacking-dorking-bd9b6e3d28fa

Google dorking学好了,其实能直接搞到漏洞

4.A flow-based IDS using Machine Learning in eBPF

论文: https://arxiv.org/abs/2102.09980

5.2022 未知之境 腾讯网络安全T-Star高校挑战赛 WriteUp

https://tttang.com/archive/1577/

有几个蛮有趣的。

6.Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools

https://o365blog.com/talks/ICEIS2022_slides.pdf

还有几个:

1.https://medium.com/@hacxyk/how-we-spoofed-ens-domains-52acea2079f6

2.https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-everscale-blockchain-wallet-preventing-cryptocurrency-theft/

3.https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/

漏洞分析:

  1. https://hackerone.com/reports/1501611 hackerone的这个IDOR确实可以
  2. https://hackerone.com/reports/1472471 Store_name这个字段确实没想到

挖掘进度:

部署了扫描器,正在选手工测试的目标。 目前,想手工测一些云厂商。