CVE-2020-35580

I will start by saying I am not that smart. Never have been, never will be. I know when things are bad and sometimes I can translate that into being top 25 on the all time points list on Bugcrowd. Dropping things like that has never really been my style, but sometimes when I am feeling annoyed at things I see in the world I like the take it out on something else. With that said, I would love to take this opportunity to dedicate this post to a special redditor out there. You know who you are. Well, you dont. Let me give you a hint. You love stupid comments like That’s a lot of text for effectively a Burp Active Scan finding. Cough,cough @WTF-BOOM. Congratulations! You should feel lucky that you are finally being noticed for something! Even if it is for stupid takes on things you might not understand or know much of anything about. Here’s to you!

Super Glamorous Recon with Intended Functionalities

Another night of sacrificed sleep yielded an interesting bug that I figured I would share (probably with myself, but I have made peace with that). I haven’t shared any blog posts with myself in some time (so let there be blog posts! One post. None of that plural crap, not a machine here). Taking a deep dive through an application, regardless of the number of accepted submissions always seems to yield the most results for me. It seems like those #BugBountyTips floating around on the Twitter and other tips or advice that is thrown about regarding recon seems to be synonymous with finding hidden endpoints, undocumented application features or that subdomain a developer who quit five years ago stood up and never told anybody about. Those things are fine and good and can prove to be worthwhile but focusing on documented and intended functionalities need not be forgotten.

CVE-2016-3473

Having nearly zero organizational skills absolutely dictates I put things somewhere that I can’t lose them. This post is being published mostly for the sake of documenting CVE-2016-3473 for myself and if it helps anyone else save five minutes well that’s fantastic!

CVE-2018-8819

I like to do bug bounties from time to time. Mostly when I am sacrificing sleep once the kids are finally out cold and this seemed like a worthy experience to document. Let me just start by saying I don’t plan on going into the whole recon bits too deep here. Maybe I will someday if I ever have enough time to give the topic the justice it deserves. Needless to say, do it. It is important. In the meantime, I suggest you learn from legit folks. I will point you to two of my favorites which are:

hateshape?

So hateshape huh? So you people don’t think I hate you (and I might now after requiring that I have to explain myself), the following is the origin that is hateshape.