Oh why. CTF Dramas.

Hmm..This will be my first time publishing non-tech related just to clear up the dramas from the local cybersecurity scene. I'll try to answer each of them in chronologies, mentioning friends' names (some will be redacted)...

I had fun with this XSS

Recently, in a private bug-bounty program I've found an interesting XSS vulnerability where the vulnerable endpoint limits the use of special characters. The user's input got reflected in the following: <script type="text/javascript"> ...

Tricky Oracle SQL Injection Situation

Recently I learnt few new stuff when solving SQL Injection found during pentest and also bugbounty. One of the new technique that seems new to me is the one that I learnt from my master, pokleyzz. This injection was found...

XPS 13 - Boot from USB

It seems booting Linux through USB (created via Unetbootin) is quite tricky. The following configuration need to be set in your XPS BIOS setting before you can boot Linux from USB. Start your XPS 13 and press F12 to...

Parrot OS - Couldn't connect to Wifi even SSIDs can be seen

Problem: Couldn't connect to the wireless connection even the SSID's can be seen in the list Solution: Edit the NetworkManager configuration sudo nano /etc/NetworkManager/NetworkManager.conf Add the following lines...

BUG-000114489 : SSRF in Portal for ArcGIS Leaking NTLMv2 Hashes

This was found and responsibly disclosed to the ArcGIS team last year. Issue was given BUG id 000114489 and patch has been released. TL;DR The attacking point can be captured from ArcGis Portal that located at /home/webmap/viewer.html...

$1800 in less than an hour.

Sometimes, visiting an old program is gold. October, 2017. I just finished writing up my report and while waiting the report ready for QA process, I visited one of my favourite program in Bugcrowd, Indeed.comI noted that...

Accidentally typo to bypass administration access

A new post from me to kill some times. This was from an old invited private program in one of the bugbounty platform. This program offers $15,000 in total. There were several targets given, but most of them were limited...

From JS to another JS files lead to authentication bypass

This was found in a private bug bounty. The scope is limited to a few of features that available to the public. Based on the previous reported issues (5 bugs submitted by others so far when I was initially invited), seems...

Blind SQL Injection in er..I'm not sure what's the DBMS is.

A short blogpost from me. Recently participated in a private bounty program and found an SQL Injection issue on one of the available parameter. Injection looks like follow: id=11) and (1=1 Normal eh? But SQLmap and few...

Bug Bounty : Account Takeover due to a Misconfiguration

First of all, I would like to thanks Bugcrowd's analyst especially beemo_bugcrowd for patiently updating the issue during the validation process. Fiat Chrysler Automobiles announced their public bug bounty program through...