Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Cloudflare Public Bug Bounty: Take over subdomains of r2.dev using R2 custom domains

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Cloudflare Public Bug Bounty: Take over subdomains of r2.dev using R2 custom domains


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆโ–ˆ [โ–ˆโ–ˆโ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ]โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ It is possible to take over any subdomain of r2.dev (possible also the base domain) and have it serve the contents of an R2 bucket in your account. Requirements Access to R2 public buckets in the dashboard is currently behind a flag. The server-side check for access to R2 public buckets was recently removed, so you can just use an mitmproxy script to toggle the flag client-side. ```py import json import mitmproxy import re class R2PublicBuckets: async def response(self, flow: mitmproxy.http.HTTPFlow): if re.match(r'https?://dash.cloudflare.com/api/v4/accounts/[0-9a-f]{32}/flags', flow.request.url): data = json.loads(flow.response.text) data['result']['workers']['r2_publicbuckets'] = True flow.response.text = json.dumps(data, separators=(',', ':')) addons = [ R2PublicBuckets() ] ``` Steps Add r2.dev to your Cloudflare account and follow the steps until you're asked to complete zone ownership verification. Create an R2 bucket if you don't already have one and add e.g. albert.r2.dev as a custom domain in the "Domain Access" section. {F1926348} Wait a few seconds and then refresh the page. The custom domain should now show "Status: Active". In case "Access to Bucket" is "Not allowed", click the three dots besides the domain and then "Enable domain". {F1926346} Visit the custom domain and notice how it serves content from your R2 bucket. {F1926347}... ...



๐Ÿ“Œ Cloudflare Public Bug Bounty: Take over subdomains of r2.dev using R2 custom domains


๐Ÿ“ˆ 98.36 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: YAML schema injection risk in Swagger UI via schema_url parameter at developers.cloudflare.com


๐Ÿ“ˆ 43.49 Punkte

๐Ÿ“Œ FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server


๐Ÿ“ˆ 38.88 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests


๐Ÿ“ˆ 37.69 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: HTTP request smuggling with Origin Rules using newlines in the host_header action parameter


๐Ÿ“ˆ 37.31 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Using special IPv4-mapped IPv6 addresses to bypass local IP ban


๐Ÿ“ˆ 37.31 Punkte

๐Ÿ“Œ Phishers Using Redirector Sites with Custom Subdomains for Evasion


๐Ÿ“ˆ 33.04 Punkte

๐Ÿ“Œ Nodesub - Command-Line Tool For Finding Subdomains In Bug Bounty Programs


๐Ÿ“ˆ 32.83 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Password Policy Restriction Bypass


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Bypass two-factor authentication


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Bypass R2 payment screen


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Sign in with Apple works on existing accounts, bypasses 2FA


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Origin IP address disclosure through Pingora response header


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ Cloudflare Public Bug Bounty: Permanent CASB Integration Takeover due to Improper Access Controls+Confused Deputy Problem


๐Ÿ“ˆ 32.15 Punkte

๐Ÿ“Œ AnalyticsRelationships - Get Related Domains / Subdomains By Looking At Google Analytics IDs


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ assetfinder โ€“ Find Related Domains and Subdomains


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ assetfinder โ€“ Find Related Domains and Subdomains


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ How Do Attackers Hijack Old Domains and Subdomains?


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ APIDetector - Efficiently Scan For Exposed Swagger Endpoints Across Web Domains And Subdomains


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ assetfinder โ€“ Find Related Domains and Subdomains


๐Ÿ“ˆ 30.69 Punkte

๐Ÿ“Œ Ultra fast public IP address lookup using Cloudflare's 1.1.1.1 Using awk


๐Ÿ“ˆ 28.6 Punkte

๐Ÿ“Œ [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Naked Security Live โ€“ When is a bug bounty not a bug bounty?


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Bug Bounty Benefits | Why You Need a Bug Bounty Program


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Fear and hacking on the bug bounty trail: write up of Atlassian's first (Bugcrowd) Bug Bounty event in Sydney


๐Ÿ“ˆ 27.75 Punkte

๐Ÿ“Œ Zomato Bug Bounty - Account Take Over Vulnerability


๐Ÿ“ˆ 27.61 Punkte











matomo