I consider myself, in my infinite laziness, to be primarily an information disclosure-oriented hunter. This is, of course, subject to change, but due to work commitments and whatnot, this is what I am at this moment in time. The most effective method of finding info disclosure bugs is arguably dorking.…
Trello is a nice website owned by Atlassian. It lets you create "boards" which contain "cards". Tasks can be moved between cards. It's a great system for keeping track of things. You can configure boards to be public or private. This is where the problems start. Jimmy is impatient. He…
This XSS was accidental. For whatever reason, I was messing about with the searchbar, putting various payloads into it without expecting to find anything. So eventually, I put in the following payload into the searchbar: "><img src=x> And of course, nothing happened. But something caught…
I've recently come across an interesting misconfiguration. This is regarding Apache Flink. What is Flink? Flink is a framework for processing data streams. It runs on port 8081 by default. What are data streams? Re the Flink documentation: Any kind of data is produced as a stream of events. Credit…
This is my account of my first CTF. It started at 10:30am or so. Having had no previous experience with CTFs, this CTF really hooked me into the world of competitive hacking. I'll only be talking about the problems I solved here. BSides DublinBSides DublinI ended up in 27th…
While doing my own research recently, I discovered exposed Jira dashboards for several companies. While there is no guarantee that those companies own those dashboards, it is a reasonably safe assumption to make. Circle K: https://circlek.atlassian.net/jira/filters?searchName=&Search=Search&filterView=search Waterstones: https:…
The first bounty is a milestone that many hope to hit. It marks the starting line for a lot of bug bounty hunters today. Mine was interesting. For privacy's sake, I won't disclose the company. My first bug was an IDOR. IDOR stands for Insecure Direct Object Reference - that…