Bug Bounty
NBB-2330
NBB-2330
2022.04.21📅 Timeline 2022-03-14: Reported vulnerability. 2022-03-14: Checked report. 2022-03-16: Verified a vulnerability and reported to dev department. 2022-04-21: Fixed a Vulnerability. Comming soon.
NBB-2301
NBB-2301
2022.04.21📅 Timeline 2022-02-21: Reported vulnerability. 2022-02-22: Checked report. 2022-02-22: Verified a vulnerability and reported to dev department. 2022-04-13: Fixed a Vulnerability. Comming soon.
NBB-2238
NBB-2238
2022.04.21📅 Timeline 2022-01-06: Reported vulnerability. 2022-01-06: Checked report. 2022-01-06: Verified a vulnerability and reported to dev department. 2022-02-23: Fixed a Vulnerability. 2022-03-22: Bounty time.
NBB-2217
NBB-2217
2022.04.21📅 Timeline 2021-12-21: Reported vulnerability. 2021-12-22: Checked report. 2021-12-22: Verified a vulnerability and reported to dev department. 2022-01-12: Fixed a Vulnerability. 2022-02-08: Bounty time.
NBB-1810
NBB-1810
2022.04.21📅 Timeline 2021-04-09: Reported vulnerability. 2021-04-12: Checked report. 2021-04-12: Verified vulnerability and reported to dev department. 2021-05-17: Fixed Vulnerability.
KVE-2021-1414
KVE-2021-1414
2022.04.21📅 Timeline 2021-11-10: Reported vulnerability. 2021-11-10: Checked report. 2021-11-10: Verified vulnerability and forword to manufacturer. 2021-12-06: Bounty time.
KVE-2022-0015
KVE-2022-0015
2022.04.21📅 Timeline 2021-12-27: Reported vulnerability. 2021-12-27: Checked report. 2021-02-15: Verified vulnerability and forword to manufacturer. 2021-04-05: Bounty time.
KVE-2021-1222
KVE-2021-1222
2022.04.21📅 Timeline 2021-10-12: Reported vulnerability. 2021-10-12: Checked report. 2021-10-12: Verified vulnerability and forword to manufacturer. 2022-01-04: Bounty time.
KVE-2021-0742
KVE-2021-0742
2022.04.21📅 Timeline 2021-06-10: Reported vulnerability. 2021-06-30: Checked report. 2021-07-30: Verified vulnerability and forword to manufacturer. 2021-10-14: Bounty time.
[hackerone] - 너무 많이 늦은 버그 바운티 제보
[hackerone] - 너무 많이 늦은 버그 바운티 제보
2020.08.17Title Internal Ports Scanning and IPs Scanning via SSRF Weakness SSRF 이번에 제보한 보고서는 SSRF 취약점 이다. SSRF 공격으로 내부 IP 또는 Port를 스캔 할 수 있다. 해당 사이트는 이미지를 업로드 하거나, 이미지 URL를 입력하여 서버가 그 이미지를 가져오는 기능이 있다. 혹시나 하는 마음에 http://127.0.0.1 라고 입력했는데 아래와 같은 결과가 출력 되었다. [127.0.0.1]: Image could not be downloaded (curl error: 56; Received HTTP code 503 from proxy after CONNECT) Error 내용을 보면 127.0.0.1에 요청을 보냈는데, 503 을 받..
[bug bounty] - 나의 첫번째 hackerone 버그 바운티
[bug bounty] - 나의 첫번째 hackerone 버그 바운티
2020.05.27Weakness Information Exposure Through an Error Message Summary hackerone 에서 bug bounty를 하고 있었다. 어떤 사이트를 대상으로 공격을 했는지는 말 할 수는 없지만, 나의 첫 버그 바운티 보고는 에러를 이용한 서버 정보 노출이었다. 타킷 사이트의 파라미터는 아래와 같다. cartCode=00000652597083&CSRFToken=4ffccfb9-76fc-48aa-9625-a93a2ff31bb4 필자는 SQLI 공격을 하려고 시도 했지만 WAF에 차단되었다. cartCode=00000652597083||sleep(/*&CSRFToken=*/1)#4ffccfb9-76fc-48aa-9625-a93a2ff31bb4 WAF 차단 조건이 특정 문자..