Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mรฅrten Mickos pay poor hackers
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mรฅrten Mickos pay poor hackers


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mรฅrten Mickos pay the poor hackers who had been waiting so long for their bounties. First part: Web I started by finding all subdomains for challenge: https://bountypay.h1ctf.com https://app.bountypay.h1ctf.com https://staff.bountypay.h1ctf.com https://api.bountypay.h1ctf.com https://www.bountypay.h1ctf.com https://software.bountypay.h1ctf.com Fuzzing the subdomains, I found this: https://app.bountypay.h1ctf.com/.git/HEAD Checking /.git/config showed the link to the github repo and an interesting file: https://github.com/bounty-pay-code/request-logger/blob/master/logger.php which referenced the file bp_web_trace.log which could be found here: https://app.bountypay.h1ctf.com/bp_web_trace.log Decoding the contents of that file gave: {"IP":"192.168.1.1","URI":"\/","METHOD":"GET","PARAMS":{"GET":[],"POST":[]}} {"IP":"192.168.1.1","URI":"\/","METHOD":"POST","PARAMS":{"GET":[],"POST":{"username":"brian.oliver","password":"V7h0inzX"}}} {"IP":"192.168.1.1","URI":"\/","METHOD":"POST","PARAMS":{"GET":[],"POST":{"username":"brian.oliver","password":"V7h0inzX","challenge_answer":"bD83Jk27dQ"}}} {"IP":"192.168.1.1","URI":"\/statements","METHOD":"GET","PARAMS":{"GET":{"month":"04","year":"2020"},"POST":[]}} This looked like a server log which included credentials for the user 'brian.oliver', plus a... ...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ Marten Mickos wants to let a million hackers loose on corporate America


๐Ÿ“ˆ 59.98 Punkte

๐Ÿ“Œ Marten Mickos wants to let a million hackers loose on corporate America


๐Ÿ“ˆ 59.98 Punkte

๐Ÿ“Œ Newsmaker Interview: Marten Mickos on the Future of Bug Bounty


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ An Interview With HackerOne CEO, Mรฅrten Mickos


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ Mรฅrten Mickos: Why I Joined HackerOne as CEO


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ An Interview With HackerOne CEO, Mรฅrten Mickos


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ Mรฅrten Mickos: Why I Joined HackerOne as CEO


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ An Interview With HackerOne CEO, Mรฅrten Mickos


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ Mรฅrten Mickos: Why I Joined HackerOne as CEO


๐Ÿ“ˆ 54.52 Punkte

๐Ÿ“Œ Swiss banking software has Swiss cheese security, says Rapid7


๐Ÿ“ˆ 45.72 Punkte

๐Ÿ“Œ Swiss electronic voting system like... wait for it, wait for it... Swiss cheese: Hole found amid public source code audit


๐Ÿ“ˆ 45.72 Punkte

๐Ÿ“Œ T-Mobile Spectrum Auction Win Helps It Solve 'Swiss Cheese' Network Problem


๐Ÿ“ˆ 34.08 Punkte

๐Ÿ“Œ Microsoft pins hopes on AI once again โ€“ this time to patch up Swiss cheese security


๐Ÿ“ˆ 34.08 Punkte

๐Ÿ“Œ Swiss cheese security? Play ransomware gang milks government of 65,000 files


๐Ÿ“ˆ 34.08 Punkte

๐Ÿ“Œ Why Poor People Make Poor Decisions


๐Ÿ“ˆ 30.23 Punkte

๐Ÿ“Œ Poor Management of Security Certificates and Keys Leads to Preventable Outages


๐Ÿ“ˆ 27.84 Punkte

๐Ÿ“Œ Cheap Android Phones and Poor Quality Control Leads to Malware Surprise


๐Ÿ“ˆ 27.84 Punkte

๐Ÿ“Œ DEF CON Safe Mode Voting Village - Martin Mickos - See Something, Say Something


๐Ÿ“ˆ 27.04 Punkte

๐Ÿ“Œ Logitech: Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]


๐Ÿ“ˆ 25.44 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)


๐Ÿ“ˆ 24.05 Punkte

๐Ÿ“Œ Whatsapp Pay gestartet: So sieht der neue Bezahldienst aus, mit dem Whatsapp Apple Pay und Google Pay angreift


๐Ÿ“ˆ 23.06 Punkte

๐Ÿ“Œ Whatsapp Pay gestartet: So sieht der neue Bezahldienst aus, mit dem Whatsapp Apple Pay und Google Pay angreift


๐Ÿ“ˆ 23.06 Punkte

๐Ÿ“Œ Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices


๐Ÿ“ˆ 22.8 Punkte

๐Ÿ“Œ Hey, pull your nose out of BlackBerry's poor financials and pay attention to this all-singing security doodah


๐Ÿ“ˆ 22.8 Punkte

๐Ÿ“Œ Hard work and poor pay stresses out open-source maintainers


๐Ÿ“ˆ 22.8 Punkte

๐Ÿ“Œ CryptoMix Ransomware โ€“ Tricks Users to Pay Ransom for Helping Children


๐Ÿ“ˆ 21.08 Punkte

๐Ÿ“Œ From this interview it seems that Purism will consider an elementaryOS-style pay-what-you-want model for the PureOS Store


๐Ÿ“ˆ 19.71 Punkte

๐Ÿ“Œ WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover


๐Ÿ“ˆ 18.86 Punkte

๐Ÿ“Œ Linux Study Argues Monolithic OS Design Leads To Critical Exploits


๐Ÿ“ˆ 18.86 Punkte

๐Ÿ“Œ Man faces up to 35 years in prison for helping hackers evade detection by anti-virus software


๐Ÿ“ˆ 18.85 Punkte

๐Ÿ“Œ Journalist Matthew Keys gets 2-Year Prison term for helping Anonymous Hackers


๐Ÿ“ˆ 18.85 Punkte

๐Ÿ“Œ Journalist Matthew Keys gets 2-Year Prison term for helping Anonymous Hackers


๐Ÿ“ˆ 18.85 Punkte

๐Ÿ“Œ ISPs May Be Helping Hackers to Infect you with FinFisher Spyware


๐Ÿ“ˆ 18.85 Punkte

๐Ÿ“Œ Ex-US Intelligence Agent Charged With Spying and Helping Iranian Hackers


๐Ÿ“ˆ 18.85 Punkte

๐Ÿ“Œ How Hackers Are Helping Fight Coronavirus - ThreatWire


๐Ÿ“ˆ 18.85 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software