IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection, and much more.
Hey 👋
Welcome to the twelfth edition of Infosec Weekly — the Monday newsletter that brings the best in Infosec straight to your inbox.
In today’s edition, we’ve included freshly brewed Infosec content in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, and 1 job alert, to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Sounds interesting? Let’s dive in👇
📝 5 Infosec Articles
#1 Pending Intents: A pentester’s view By @Ch0pin
#2 Find here if analyzing javascript files can lead to remote code execution.
@Melotover achieved RCE by analyzing the Javascript code at admin panel paths, where he used the filename rename functionality to change the file type from whitelisted to blacklisted and got RCE.
#3 Abusing Facebook’s feature for a permanent account confusion (logic vulnerability)
Read how @terminatorLM abused logic vulnerability on Facebook which led to 2FA bypass/denial of service by locking users to login into the attacker’s controlled account forever.
#4 From open redirect to RCE in one week
@byq turned open redirect into RCE on several hosts of the Mail.Ru group by exploitation of unsafe deserialization in PHP.
#5 Weird email verification bypass
@vaibhav-atkale disclosed a nice tip to check email verification token bypass by creating multiple accounts.
🧵4 Trending Threads
#1 Check this awesome broken access control tips thread from @_zwink
#2 7 methods you can try to bypass CSRF protection by @harshbothra_
#3 Disclose a Unfixed Google Cloud Platform Vulnerability by @itspeterc
#4 A nice SSRF bypass explanation thread from @cyberzeel
📽️ 3 Insightful Videos
#1 Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS [Bug Bounty Podcast)
Amazing Bug Bounty podcast by Day [0] explaining some cool vulnerabilities | XML stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus.
#2 From $O to $150,000/month — Hacking Methodology & Mindset
If you’re struggling to find bugs in bug bounty, then check this video by @_zwink. He discusses what are the most important factors to succeed in bug bounty hunting, and lays out an easy to follow multi-step formula.
#3 OAuth 2.0 and OpenID Connect (in plain English)
Developer advocate Nate Barbettini breaks down OpenlD and OAuth 2.0 in plain English.
⚒️2 Github repositories & Tools
#1 Osmedeus by @j3ssiejjj
It’s a workflow engine for offensive security. It was designed to build a foundation with the flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.
#2 Hakoriginfinder by @hakluke
Check this awesome tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies.
💰1 Job alert ⚠️
Quantiphi is looking for Jr. cyber security engineer. Apply here.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we’d really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
Editorial team,
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Nithin R (thebotsite.me), Mehedi Hassan Remon, Manikesh Singh, Vinay Kumar, Hardik Singh, Tamim Hasan, and Nithissh.
Newsletter formatting by: Nithin R, Bhavya Jain and Vinay Kumar.
If you wish to join our Ambassadors channel and contribute to the newsletter, reply to this email with your discord username.
