Day152: 每日漏洞挖掘——6.1

1.Bug Bytes #172 发布了,有一些不错的资源

https://blog.intigriti.com/2022/06/01/bug-bytes-172-pre-hijacking-accounts-csp-bypass-using-wordpress-unusual-ssrf-phishing-chain

2.云安全的一些资源

https://github.com/hashishrajan/cloud-security-vulnerabilities

3.web3安全

不管信不信,都需要保镖

https://github.com/ManasHarsh/Awesome-Web3-security

4.CVE-2022-30781:一条普通的 Git 命令导致的 Gitea RCE

gitee需要审核之后,感觉很多人把gitea用起来了。

https://tttang.com/archive/1607/

5.Social Media Take Over = Easy Money

社交媒体接管,意思就是去检查网站的社交媒体链接,如果失效,看看是否可以再次注册。

包括了Facebook,推特,linkedin,piinterest之类的。 作者说5年带来了2万刀的bug bounty,我感觉不太相信。

应该很少有公司会承认这是漏洞,如果这个可以那其实能自动化做这个事情。

https://medium.com/techiepedia/social-media-take-over-easy-money-aa6274b4b70d

挖掘进度:

6月份,开始对hackerone上的私有项目进行挖掘。今天开始做Recon。

Day127: 每日漏洞挖掘——5.7

1.Bypass Rate Limit — A blank space leads to this random encounter!

https://infosecwriteups.com/bypass-rate-limit-a-blank-space-leads-to-this-random-encounter-e18e72fbf228

2.记首次HW|某地级市攻防演练红队渗透总结

https://xz.aliyun.com/t/11300

3.SignUp functionality hunting mindmap


https://pbs.twimg.com/media/FR_LtLgWQAAMisI?format=jpg&name=4096×4096

4.Nuclei: Packing a Punch with Vulnerability Scanning

https://bishopfox.com/blog/nuclei-vulnerability-scan

5.Ferrari subdomain hijacked to push fake Ferrari NFT collection

https://www.bleepingcomputer.com/news/security/ferrari-subdomain-hijacked-to-push-fake-ferrari-nft-collection/

漏洞分析

  1. https://hackerone.com/reports/1181946 分析:https://youst.in/posts/cache-poisoning-at-scale/
  2. https://hackerone.com/reports/927338 利用图片的元数据来定位
  3. https://hackerone.com/reports/1250474 绕过line的2FA
  4. https://hackerone.com/reports/1173153 cache-poisoning-at的又一例

挖掘进度

私有项目的Recon

Day126: 每日漏洞挖掘——5.6

1.On the Fuzzing Hook

https://www.code-intelligence.com/blog/on-the-fuzzing-hook

介绍fuzzing hook

2. How masscan works

https://rushter.com/blog/how-masscan-works/

写扫描器的,可以看下。

3. 阿里味儿的代码审计随想

https://evilpan.com/2022/05/01/code-audit-thoughts/

4.$1000: How I could have Hack any account and become a billionaire overnight👑Top Crypto-Trading Platform

https://infosecwriteups.com/1000-how-i-could-have-hack-any-account-and-become-a-billionaire-overnight-top-crypto-trading-ff0e25b6013c

漏洞分析:

  1. https://hackerone.com/reports/1551176 Able to bypass email verification and change email to any other user email 绕过电子邮件验证

挖掘进度:

继续databricks,已经有新的私有项目发过来了,正在recon

Day125: 每日漏洞挖掘——5.5

单独文章:

1.GraphQL的漏洞的挖掘

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty/

2.Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading

https://github.com/Metnew/write-ups/tree/main/rce-gh-cli-run-download

这篇文章比较有意思。

3.How to Analyze Malicious PDF Files

https://www.intezer.com/blog/incident-response/analyze-malicious-pdf-files/

4.You need to hear this if you are new/want to start bug hunting

https://mokhansec.medium.com/you-need-to-hear-this-if-you-are-new-want-to-start-bug-hunting-6b5b5c8ba8d0

gitlab的三个漏洞:

  1. https://systemweakness.com/1-3-brute-force-protection-bypass-gitlab-15a17909bb
  2. https://medium.com/@_ip_/2-3-xss-through-the-front-door-gitlab-fc4b6799e743
  3. https://medium.com/@_ip_/3-3-cache-poisoning-lateral-movement-gitlab-9c6288708576

挖掘进度:

继续databricks。然后把hackerone的私人邀请全部退了,等待新的邀请。

Day124: 每日漏洞挖掘——5.4

1.AZure RECON

https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques/

2.hakluke的hakoriginfinder 项目

https://github.com/hakluke/hakoriginfinder

主要是用来绕过WAF的和代理的。方法就是用相似度。

3.dirhunt 不使用bf的目录发现工具

https://github.com/Nekmo/dirhunt

爬虫做得好啊

4.DNS Hi-Jacking Post Mortem & Compensation

https://medium.com/@MMFinance/dns-hi-jacking-post-mortem-compensation-3e2b5bb21183

漏洞分析:

  1. https://hackerone.com/reports/1416612 点击劫持删除开发者应用,这钱少了
  2. https://hackerone.com/reports/1437294 错误配置URL schema,可以刷关注,这个厉害,这钱也少了
  3. https://hackerone.com/reports/1500614 WebView劫持,一万刀

挖掘进度:

继续databricks