1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000


Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

IT Security Nachrichten vom | Direktlink: grahamcluley.com Nachrichten Bewertung

Vulnerability-reporting platform HackerOne has paid out a US $20,000 bounty after a researcher discovered he was able to access some other users’ bug reports on HackerOne’s website.



Externe Webseite mit kompletten Inhalt öffnen

➤ Ähnliche Beiträge

  • 1.

    WhatBreach - OSINT Tool To Find Breached Emails And Databases

    vom 822.53 Punkte ic_school_black_18dp
    WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there (if there are any breaches) it will search for the query link on Dehashed pertaining to the database, and output all breaches along with all pastes that this email is included in (if any). If you are t
  • 2.

    Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters

    vom 390.46 Punkte ic_school_black_18dp
    Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-h
  • 3.

    Ubuntu 18.04 hangs on shutdown/restart

    vom 326.09 Punkte ic_school_black_18dp
    I'm running a fresh install of Ubuntu 18.04LTS. When I go to either Power Off or Restart a fresh ubuntu session https://i.redd.it/280ghjkfz7j31.png ​ my computer will freeze for about a 30 seconds until popping up the options to Cancel, Restart, or Po
  • 4.

    Seccomp Tools - Provide Powerful Tools For Seccomp Analysis

    vom 162.57 Punkte ic_school_black_18dp
    Provide powerful tools for seccomp analysis.This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.Features Dump - Automaticall
  • 5.

    Google's AlphaGo Will Face Its Biggest Challenge Yet Next Month -- But Why Is It Still Playing?

    vom 157 Punkte ic_school_black_18dp
    From a report on The Guardian: A year on from its victory over Go star Lee Sedol, Google DeepMind is preparing a "festival" of exhibition matches for its board game-playing AI, AlphaGo, to see how far it has evolved in the last 12 months. Headlining the
  • 6.

    Developers: Get Ready for New SameSite=None; Secure Cookie Settings

    vom 139.37 Punkte ic_school_black_18dp
    In May, Chrome announced a secure-by-default model for cookies, enabled by a new cookie classification system (spec). This initiative is part of our ongoing effort to improve privacy and security across the web.Chrome plans to implement the new model with Chrome 80 in February 2020. Mo
  • 7.

    Evilginx 2 - Next Generation of Phishing Attack and Bypass 2FA written in Go

    vom 133.16 Punkte ic_school_black_18dp
    About Evilginx 2 - Next Generation of Phishing Attack and Bypass 2FA written in Go    Evilginx2 is a Man-In-The-Middle Attack Framework used for phishing login credentials along with session cookies, which in turn allows to bypass Two-Factor Authentication protection.   This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide m
  • 8.

    CentOS Blog: New CentOS Pastebin Instance

    vom 132.6 Punkte ic_school_black_18dp
    After many years of excellent service by the Oregon State University Open Source Lab the CentOS Project has decided to migrate our web-based pastebin instance to a self-hosted platform running on our infrastructure.  This has provided us the opportunity
  • 9.

    Final Cut Pro X update introduces new Metal engine for increased performance

    vom 122.82 Punkte ic_school_black_18dp
    Final Cut Pro X update introduces new Metal engine for increased performance<br/>New Version Includes Optimizations for Mac Pro and Pro Display XDR<br/>Today, Apple updated <a href="https://www.apple.com/final-cut-pro/" target="_blank">Final
  • 10.

    Rpi-Hunter - Automate Discovering And Dropping Payloads On LAN Raspberry Pi's Via SSH

    vom 120.53 Punkte ic_school_black_18dp
    Automate discovering and dropping payloads on LAN Raspberry Pi's via ssh.rpi-hunter is useful when there are multiple Raspberry Pi's on your LAN with default or known credentials, in order to automate sending commands/payloads to them.GUIDE:Installation I
  • 11.

    HackerOne: A small set of users were assigned someone else's payout preference

    vom 97.18 Punkte ic_school_black_18dp
    On December 20th, 2016, HackerOne introduced a new payout preference that allowed employee bounties to be paid through payroll. At the time, a feature was added to our support backend that allowed the IT department to provision this special payout pr
  • 12.

    I've slightly improved my X session selector (0.2), and I require more feedback.

    vom 96.25 Punkte ic_school_black_18dp
    The x-session-selector is a simple utility which presents the user with a list of sessions and window managers and launches a X session with the selected one. It is a rather simple utility and assumes a lot of things. I've only tested it so far on an

Kommentare ber Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000