vinax
@vin4x.bsky.social
Beginner bug hunter from Quebec ⚜️👾
I will be sharing my bug bounty journey. Posting about my progress, challenges, and wins—follow along
https://bugcrowd.com/vinax
I will be sharing my bug bounty journey. Posting about my progress, challenges, and wins—follow along
https://bugcrowd.com/vinax
Just finished reporting a critical vulnerability, but it’s almost midnight and I have school at 7 AM tomorrow. Fingers crossed it gets accepted and isn’t a duplicate 😭
January 17, 2025 at 4:33 AM
Just finished reporting a critical vulnerability, but it’s almost midnight and I have school at 7 AM tomorrow. Fingers crossed it gets accepted and isn’t a duplicate 😭
Yay! I just had 7 different reports, which were in the triaged state for almost 2 months, marked as duplicates of a single report. Love bug bounty!
January 7, 2025 at 8:20 PM
Yay! I just had 7 different reports, which were in the triaged state for almost 2 months, marked as duplicates of a single report. Love bug bounty!
Reposted by vinax
A rating system that hackers can use to provide public feedback about programs.
Performing speculative work for companies that may, or may not, abuse you feels gross.
Performing speculative work for companies that may, or may not, abuse you feels gross.
December 28, 2024 at 4:08 PM
A rating system that hackers can use to provide public feedback about programs.
Performing speculative work for companies that may, or may not, abuse you feels gross.
Performing speculative work for companies that may, or may not, abuse you feels gross.
Reposted by vinax
I propose we replace semantic versioning with pride versioning
December 21, 2024 at 7:07 PM
I propose we replace semantic versioning with pride versioning
Reposted by vinax
I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested
gist.github.com/n1nj4sec/5e3...
gist.github.com/n1nj4sec/5e3...
FreeMarker SSTI tricks
FreeMarker SSTI tricks. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
December 18, 2024 at 8:13 PM
I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested
gist.github.com/n1nj4sec/5e3...
gist.github.com/n1nj4sec/5e3...
Thrilled to have my first two bugs accepted! Both are P3s. Still waiting on 14 in triage and 1 in the new state. Feeling more motivated now
December 9, 2024 at 7:46 PM
Thrilled to have my first two bugs accepted! Both are P3s. Still waiting on 14 in triage and 1 in the new state. Feeling more motivated now
Reposted by vinax
Today in my #Hacker #News feed:
Holy crap. Sometimes web research is like magic, all you need is a foot in the door.
Also, how do you screw up authorization so bad?
As a last note, it's unbelievable that EA doesn't have a bug bounty program. Wtf
battleda.sh/blog/ea-acco...
Holy crap. Sometimes web research is like magic, all you need is a foot in the door.
Also, how do you screw up authorization so bad?
As a last note, it's unbelievable that EA doesn't have a bug bounty program. Wtf
battleda.sh/blog/ea-acco...
Hacking 700 Million Electronic Arts Accounts
(Ethically). Here's how I did it.
battleda.sh
December 5, 2024 at 9:36 PM
Today in my #Hacker #News feed:
Holy crap. Sometimes web research is like magic, all you need is a foot in the door.
Also, how do you screw up authorization so bad?
As a last note, it's unbelievable that EA doesn't have a bug bounty program. Wtf
battleda.sh/blog/ea-acco...
Holy crap. Sometimes web research is like magic, all you need is a foot in the door.
Also, how do you screw up authorization so bad?
As a last note, it's unbelievable that EA doesn't have a bug bounty program. Wtf
battleda.sh/blog/ea-acco...
Reposted by vinax
This is really great research by @ryotak.net -
I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc.
A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...
flatt.tech
December 7, 2024 at 11:45 AM
This is really great research by @ryotak.net -
I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
I appreciated that he covered some of his experiments along the way, and how he landed on a finely tuned way of finding a 12-char hash collision with a command injection payload at the end.
flatt.tech/research/pos...
Reposted by vinax
Doing some @portswigger.net advent calendar this year as well. Join me on advent.j15.se
Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)
Its created 100% using Cursor so any bugs is AI’s fault
Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)
Its created 100% using Cursor so any bugs is AI’s fault
PortSwigger Advent Calendar
advent.j15.se
December 1, 2024 at 2:11 PM
Doing some @portswigger.net advent calendar this year as well. Join me on advent.j15.se
Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)
Its created 100% using Cursor so any bugs is AI’s fault
Its not affiliated with Portswigger but it will link you to one of their chapters each day (random for max excitement)
Its created 100% using Cursor so any bugs is AI’s fault
Is it normal for a program to triage bugs in less than an hour sometimes, but then take several weeks to complete validation?
November 29, 2024 at 12:16 PM
Is it normal for a program to triage bugs in less than an hour sometimes, but then take several weeks to complete validation?
Reposted by vinax
This is so pathetic.
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
November 29, 2024 at 9:49 AM
This is so pathetic.
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
Company with a annual revenue of 25 BILLION USD reduces my bounty by $5 because I didn't supply my IP address.
For a postMessage XSS, so the only thing showing up in their logs would be me opening the homepage...
Hehe just got a report triaged in 22min !!
#bugbounty
#bugbounty
November 27, 2024 at 1:29 AM
Hehe just got a report triaged in 22min !!
#bugbounty
#bugbounty
Reposted by vinax
👋 @bsky.app you are exposing users to potential SSRF attacks in your documentation. Let's fix this.
p.s. you don't have a security contact address in your support website, and no security.txt meta. Let's fix this one too.
p.s. you don't have a security contact address in your support website, and no security.txt meta. Let's fix this one too.
November 25, 2024 at 10:59 AM
👋 @bsky.app you are exposing users to potential SSRF attacks in your documentation. Let's fix this.
p.s. you don't have a security contact address in your support website, and no security.txt meta. Let's fix this one too.
p.s. you don't have a security contact address in your support website, and no security.txt meta. Let's fix this one too.
Yesterday - found a really nice bug but missing something to achieve greater impact. Decided to sleep on it and figure it out today.
Today - wake up, no electricity 😭 Just hoping no one submits it before me lol
Today - wake up, no electricity 😭 Just hoping no one submits it before me lol
November 25, 2024 at 4:17 PM
Yesterday - found a really nice bug but missing something to achieve greater impact. Decided to sleep on it and figure it out today.
Today - wake up, no electricity 😭 Just hoping no one submits it before me lol
Today - wake up, no electricity 😭 Just hoping no one submits it before me lol
Reposted by vinax
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
November 22, 2024 at 5:50 AM
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...
Reposted by vinax
☝️ With Bluesky's increasing popularity, bug-bounty hunters can demonstrate the impact of a subdomain takeover in yet another way: if foo[.]example[.]com is vulnerable, you may be able to claim @foo[.]example[.]com as your handle. Handy for impersonation and phishing. 😈
bsky.social/about/blog/4...
bsky.social/about/blog/4...
vuln.example.com
November 22, 2024 at 8:46 AM
☝️ With Bluesky's increasing popularity, bug-bounty hunters can demonstrate the impact of a subdomain takeover in yet another way: if foo[.]example[.]com is vulnerable, you may be able to claim @foo[.]example[.]com as your handle. Handy for impersonation and phishing. 😈
bsky.social/about/blog/4...
bsky.social/about/blog/4...
Reposted by vinax
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
go.bsky.app/GD7hKPX
Bug bounty hunters & content creators
Join the conversation
go.bsky.app
November 23, 2024 at 4:21 PM
The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!
go.bsky.app/GD7hKPX
go.bsky.app/GD7hKPX
After more than 6 months of no success in bug bounty I’m finally starting to see results. In the last two week I submitted 12 bugs here are the results:
1 N/A
3 dups
7 in the triaged state !!!
1 in the new state
Let’s hope I finally get some bugs in.
1 N/A
3 dups
7 in the triaged state !!!
1 in the new state
Let’s hope I finally get some bugs in.
November 23, 2024 at 11:26 PM
After more than 6 months of no success in bug bounty I’m finally starting to see results. In the last two week I submitted 12 bugs here are the results:
1 N/A
3 dups
7 in the triaged state !!!
1 in the new state
Let’s hope I finally get some bugs in.
1 N/A
3 dups
7 in the triaged state !!!
1 in the new state
Let’s hope I finally get some bugs in.