Published on March 29th, 2019 📆 | 2258 Views ⚑
0Nicolas Grégoire – Hunting for Top Bounties
Convert Text to Speech
https://www.hacktivity.com
After one of these stupid bets, I had to look at bug bounty programmes.
I first tried to apply a typical OWASP Top 10 methodology during the Deutsche Telekom programme. Not very efficient... So I decided to participate in other programmes with a focus on two narrow fields, XML and SSRF. As expected, few people had a look at this area. As a result, I totally pwned Prezi and Yahoo.
For both of them, I was quickly able to read non-privileged files
like /etc/passwd. I later accessed the private key of Prezi's cloud
deployment system (using a EC2/OpenStack trick) and got root privileges on every outbound Yahoo proxy (with a vulnerability previously closed as WONTFIX).
Big compromises implying big rewards, I earned the top rewards from both programs. Around 25k$ in a few days, for pwning production networks, that's a hobby that most sane people should enjoy!
source
0 Responses to Nicolas Grégoire – Hunting for Top Bounties