1분기에 공개된 WEB 환경의 Bug bounty중에 괜찮은 포스팅 목록입니다. 분기별로 주기적으로 연재할 생각이니까 많이 사랑해주세요!

Posts

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

작성자 Marin Moulinier
https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff

Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities

작성자 : Brett Buerhaus
https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/

Airbnb – Ruby on Rails String Interpolation led to Remote Code Execution

작성자 : Brett Buerhaus
http://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-execution/

Getting read access on TGI Friday’s online ordering system

작성자 : Adam Logue
https://www.adamlogue.com/getting-read-access-on-tgi-fridays-online-ordering-system-fixed/

SQL injection in an UPDATE query - a bug bounty story!

작성자 : Zombiehelp54
http://zombiehelp54.blogspot.kr/2017/02/sql-injection-in-update-query-bug.html

Bypassing Ebay XSS Protection to launch XSS by Nirmal Dahal

작성자 : White Hats - Nepal
http://blog.pentestnepal.tech/post/153333332112/xssonebay

XSS in payments.google.com

작성자 : Frans Rosén
https://www.youtube.com/watch?v=YdXkw3DwDd4

Unpatched (0day) jQuery Mobile XSS

작성자 : sirdarckcat
http://sirdarckcat.blogspot.kr/2017/02/unpatched-0day-jquery-mobile-xss.html

0day writeup: XXE in uber.com

작성자 : httpsonly
https://httpsonly.blogspot.kr/2017/01/0day-writeup-xxe-in-ubercom.html

[Bug Bounty] GitHub Enterprise SQL Injection

작성자 : Orange
http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html