Bug Bytes #201 – Path Traversal, Prompt Injection, and GitHub Actions

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from May 15th to May 21st

Click here to subscribe

Intigriti News

• Exploiting file upload vulnerabilities a thread and a video

• This months XSS challenge!

• We’re happy to announce the @PersonioHR program is now open to the public! Personio is a leading HR software company revolutionizing the way businesses manage their workforce

• Stay up to date with the latest challenges and events by joining our discord community

From my notebook

• Exposing iCloud user’s Name, phone numbers, and email addresses

• How to turn a write-based path traversal into a critical?

• Bug Bounty Changed My Life!

• the story of “i915” bug, ChromeOS + Intel bounty programs, and beyond : pi3 blog

• From GitHub to Account Takeover: Misconfigured Actions Place GCP & AWS Accounts at Risk – Rezonate

• Intro to Linux and Pentesting with World of Haiku

• The BEST Notetaking Apps Ranked

• $100,000 in two months with #bugbounty! (shorts)

• Here’s a quick look at a path to becoming a webapp pentester! (shorts)

• Twitter Hacker Faces 77 Years in Prison

• Why Don’t People Want Security?

• SESSION HIJACKING

• Learn to Hack Live | Token analysis & CTF

• Creating a SSH Honeypot with Python

• Answering your questions!

• Revealing Secrets with Information Disclosure Bugs

• Escaping the grind and decompiling python 3.9 pyc files

• Bug Hunting 101: Everything You Need to Know

• ChatGPT Analyzes Fake ChatGPT Malware

• .ZIP Domains Are a Disaster (Hackers Love them)

• the BEST resources for finding a cybersecurity job

• 15 – Authorisation Bypass (low/med/high)

• Networking And Cryptography || Penetration Testing Bootcamp

• HackTheBox – Precious

• Exploring a Simple Ruby Web Application

• Information Gathering(Part-2) || Penetration Testing Boot camp

• Why You Shouldn’t Be An Ethical Hacker Part 1 (shorts)

• Getting Started with GeoGuessr and OSINT | UMDCTF 2023 (OSINT)

• 212 – Attacking VirtualBox and Malicious Chess

• Data privacy in a consumers world

• Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!

• Risky Biz News: Google will delete inactive accounts

• 297-KYC, 2FA, macOS, & OSINT Updates

• Uncomfortable (unpopular?) opinion

• A $1,000,000 bounty?

• One of my first ever bug bounties was an XSS against a WordPress host. It wasn’t anything super special but the process I used to find it is one that has yielded loads of bugs over the years.

• Celebrating One Year as a Full-Time Bug Bounty Hunter!

• send help

• I recently got a nice surprise from @IntelSecurity: a $10,000 #BugBounty for a bug they have found internally resulting from one of my report comments.

• Found an endpoint with `something.php?run=`, execute the encoded `%26echo%20`id`%24()%5C%20 ` in HTTP request, surprised to see when server returned ID.

• Beginner

  • How to get started as an API hacker

  • Easy ways to Exploit HTML Injection

  • automation Rxss

  • LDAP protocol basics and the LDAP Injection attack

  • DoS vs DDoS vs DRDDoS vs PoD attack

  • Unveiling the Hidden Dangers: Exploring WordPress Vulnerabilities

  • Understanding Insecure Direct Object References (IDOR)

  • Privileges Escalation Techniques (Basic to Advanced) for Windows

• Intermediate

  • Intro to IOT Hardware Hacking

  • What is Forward Proxy and Reverse Proxy

  • How to Learn Manual SQL Injection for OSCP(Step by Step)

  • Attacking Active Directory & Kerberoasting

  • Unveiling Smart Contract Vulnerabilities: Challenges and Best Practices for Bug Bounty Hunters

  • Insecure Deserialization: Unraveling the Hidden Vulnerabilities 

  • Digging Deeper: Unearthing Business Logic Vulnerabilities in Advanced Web Applications

  • Client Side Template Injection (CSTI)

  • Lateral Movement : Navigating the Intricate Web of Network Protection

  • Automating Adversary Emulation for my Lab Using MITRE Caldera

• Advanced

  • Learn Buffer Overflow for OSCP- TryHackMe

  • Hacking embedded systems using the routersploit tool

  • How I Built My 4th Level Deeper Subdomain Enumeration VAPT Automation Script Tool

  • Exploiting IAM security Misconfigurations — Part 1

  • Advanced Bug Bounty Reporting: Mastering the Art of Persuasive Details

  • Combining Python + ChatGPT + Payload Processor (burp) for brute forcing OTP

  • Detecting & Bypassing Defensive Measures (Canary Token)

  • From Theory to Reality: Explaining the Best Prompt Injection Proof of Concept

  • Tips and tricks for Burp Suite Pro, ten years later

• Security Research

  • Triple Threat: Breaking Teltonika Routers Three Ways

  • “Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer…

  • Synacktiv Webflow Arbitrary Email Forgery

  • redrays-io/SAP_Cloud_Connector_SSFS_Decryption: A PoC of decryption the SAP Cloud Connector SSFS

  • PGP signatures on PyPI: worse than useless

  • Exploit For CVE-2022–41544 — RCE in Get-Simple by vsociety

  • Testing a new encrypted messaging app’s extraordinary claims

• Bugs

  • Malicious code in PDF Toolbox extension

  • Python Penetration Testing: Microsoft 365 Session ID Login

  • SQL injection on a hidden API endpoint

  • How I was able to use Premium Feature for Free

  • Free Wallet TopUps

  • Fuzzing ends with XSS

  • Cors Misconfiguration

  • Hardcore RCE via directory name for $3.000

  • Account Takeover using Inspect element

  • Easy CSRF bypass

  • how i accidentally discovering XSS

  • Blind OS Command Injection via Activation Request

  • Stored Iframe Injection & Permanent Open Redirection – Zero Day

  • How improper OTP implementation could lead to Account Take Over (Part 2)

  • Bypassing Rate Limit

  • Why You Should Always Check The Audit Log [Medium] — $500

  • How I got My First Bug on a public Bug bounty program??

  • Reflected Cross-Site Scripting Vulnerability in Ellucian Ethos Identity CAS Logout Page

  • How ChatGPT exposes conversations from other users without being considered a vulnerability

  • IDOR leading to Privilege Escalation!

  • AEM Bug in Adobe

  • Full website takeover

  • DOS via cache poisoning

  • Behind the Scenes: Discovering an OTP Leakage Bug in a Leading Broadband Service’s Website

  • Path Traversal Vulnerability

  • My Second VDP Bug Went Critical: Grafana Admin Panel Bypass

  • .

  • Uploading the Webshell using filename of Content-Disposition Header Story!

  • Account Takeover + IDOR

• CTF challenges

  • TryHackMe — Steel Mountain Simple Writeup by Karthikeyan Nagaraj | Mr. Robot | 2023

  • HackTheBox WriteUp — Ghoul

  • Network Services — Enumerating and Exploiting variety of network services and misconfiguration & Network Services 2 — Enumerating and Exploiting More Common Network Services & Misconfigurations

  • SQL Injection Vulnerability in GoLang Code #2

  • Crack the Code: A Guide to Defend the Web CTF Crypt Challenges 1–5

  • Beginner’s Guide: Defending Web SQLi 1–2 CTF Challenges

  • OverTheWire Bandit: Solving Level 4 — Dealing with Hidden Directories

  • HTB: Precious

  • Intro to Docker | Tryhackme Writeup/Walkthrough

  • How to Pass the APIsec University — API Penetration Testing Certificate

• PASTIS For The Win!

• ADCSKiller – An ADCS Exploitation Automation Tool

• C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves

• KeePass 2.X Master Password Dumper (CVE-2023-32784)

• WebPalm is a command-line tool that enables users to traverse a website and generate a tree of all its webpages and their links. 

• KoodousFinder – A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

• Bypass-403 – A Simple Script Just Made For Self Use For Bypassing 403

• nuclei-burp-plugin – A Burp Suite plugin intended to help with Nuclei template generation

• Nginxpwner – Simple tool to look for common Nginx misconfigurations and vulnerabilities

• SubDomainizer – A tool to find subdomains and interesting things hidden inside.

• Walking the Tightrope: Maximizing Information Gathering while Avoiding Detection for Red Teams – TrustedSec

• Here’s a useful recon one-liner using 2 of my tools!

• How to use Amass to find ASNs and CIDRs and then enumerate subdomains with them!

• Extract all URL endpoints from an application and dump them to the command-line with hakrawler

• Consistency is key in bug hunting. Regular practice not only sharpens your skills but also keeps you updated on new vulnerabilities.

• One of the fundamentals you need to exploiting issues you find is trying to understand what you have from the data you observed

• Don’t ever post this type of shit, but everyone always talking JS files or GitHub etc. There is always shit hanging around in the HTML, don’t forget to check

• Oh wow! In @Burp_Suite you can scope your search to ONLY a specific host by right clicking -> engagement tools -> search. The more you know

• f you are using Powershell and are going to use ADS to inside the restricted /bin/ folder, remember to escape the $ sign: bin::`$INDEX_ALLOCATION

• Google releases .zip domain names, everyone has questions and concerns

• Montana becomes first U.S. state to ban TikTok