A developer's notes in the world of security research and bug bounty, by pmnh
open-menucloseme
Home
About
githubtwitterrss
  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

    calendarDec 4, 2022 · 10 min read · writeup rce bugcrowd waf  ·
    Share on: twitterfacebooklinkedincopy

    Summary This writeup talks about a successful collab that I did with Dark9T (@UsmanMansha) on a private program hosted on Bugcrowd. We ended up able to bypass Akamai WAF and achieve Remote Code Execution (P1) using Spring Expression Language injection on an application running Spring Boot. This was the 2nd RCE via SSTI …


    Read More
  • Reflecting on 2 Years of Bug Bounty

    calendarSep 27, 2022 · 9 min read · learning  ·
    Share on: twitterfacebooklinkedincopy

    In September 2022, I celebrated 2 years doing bug bounty as the anniversary of my first paid bounty on HackerOne passed. I thought it might be useful to write up some of the lessons learned and some tips and tricks that might help new hunters (things I wish I knew when I started). Bug bounty has been an incredible …


    Read More
  • CTF Writeup: 2022 HTB Cyber Apolcalypse Web Challenge: Genesis Wallet

    calendarMay 19, 2022 · 11 min read · ctf nodejs varnish csrf  ·
    Share on: twitterfacebooklinkedincopy

    Summary Genesis Wallet was one of the harder web challenges in the 2022 Hack the Box (HTB) CTF. Our team composed of Synack Red Team members finished a respectable 21st place, unfortunately we were very close to solving this challenge and literally were about 5 minutes from a successful solve when time expired - so …


    Read More
  • LuxCal 5.1.x and below Authentication Bypass: CVE-2021-45914, CVE-2021-45915

    calendarMay 9, 2022 · 2 min read · cve authentication  ·
    Share on: twitterfacebooklinkedincopy

    Summary In research related to a Synack Red Team client, I was able to discover several authentication bypass issues in the LuxCal web calendar component. The limited details of these issues, which have been resolved by the vendor in version 5.2.0 of the software, are listed below. As an agreement with the vendor, we …


    Read More
  • Advanced sqlmap Case Study

    calendarMay 6, 2022 · 6 min read · sqlmap sqli advanced  ·
    Share on: twitterfacebooklinkedincopy

    Summary Many new bug bounty hunters will blindly rely on the output of tools to magically find them bugs. As most experienced hunters know, the key to long-term success is to understand how to effectively use the many great tools and fine-tune these tools to achieve results in the form of valuable, challenging bugs. …


    Read More

Disclaimer

The opinions expressed on this site are my own personal opinions and do not represent my employer’s view in any way. All content on this site should be used for legal, research purposes only on assets you are permitted to test. The author expressly disclaims any and all liability from misuse of material on this site.

Featured Posts

  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  • Reflecting on 2 Years of Bug Bounty

Recent Posts

  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  • Reflecting on 2 Years of Bug Bounty
  • CTF Writeup: 2022 HTB Cyber Apolcalypse Web Challenge: Genesis Wallet
  • LuxCal 5.1.x and below Authentication Bypass: CVE-2021-45914, CVE-2021-45915
  • Advanced sqlmap Case Study

Tags

ADVANCED 1 AUTHENTICATION 1 BUGCROWD 1
All Tags
ADVANCED1 AUTHENTICATION1 BUGCROWD1 CSRF1 CTF1 CVE1 INDEX1 LEARNING1 NODEJS1 RCE1 SQLI1 SQLMAP1 VARNISH1 WAF1 WRITEUP1
[A~Z][0~9]
A developer's notes in the world of security research and bug bounty, by pmnh

Copyright  A DEVELOPER'S NOTES IN THE WORLD OF SECURITY RESEARCH AND BUG BOUNTY, BY PMNH. All Rights Reserved

to-top