This is a neat vulnerability caused by a difference in how applications process logon requests for valid and non-existent accounts. I then decided to focus on something a little less obvious: time-based username enumeration. Unsurprisingly, these were duplicates and I quickly decided not to waste any more time writing up header issues. I was also lured by the numerous instances of people getting paid hundreds of dollars for noticing missing headers. Idea #1: Weak Cache SettingsÄuring application testing, we typically report everything we find and let the client make the ultimate decision on risk, so when I noticed some weak cache controls while mapping an application I reported them more or less out of habit. My financial goal was low enough that I figured I could reasonably achieve it with a few quick wins, after which I'd get down more serious testing. I'd originally planned on ONLY using tools I wrote, but then decided that I didn't want to create the universe before winning a bounty. Any tools I did need I would write in Go.Use only free resources or tools I wrote myself.I have a wife and two kids, so my free time is a bit limited to begin with, but to make things even more interesting I decided to add a few more constraints: Also, $400 is a nice round number that should spur me on through at least a couple of bounties. I had a few reasons for this challenge but the main one was that I didn't want to drop $400 USD on Burp Pro and then decide that bug bounties weren't for me. To make things interesting I set a goal of buying Burp Pro with bounty money. In August of 2019, after procrastinating for ages, I decided to finally give bug bounties a try. The following is a write-up of a presentation I gave at the April 2020 YEGSEC meetup.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |