Yeah, you heard me right: SvelteKit. The past few weeks I have found myself increasingly developing full-stack applications using SvelteKit. I have my reservations about the framework but that is not what this blog post is about. In line with the whole shift-left philosophy, I wanted to make it easy to add security headers across my whole application. In similar fashion to how Helmet plugs into Express apps, I found that SvelteKit could do with something similar using a handle hook. The way t...| EdOverflow | Web Developer, Security Researcher, and Author of security.txt o...
An old story of a bug I uncovered and reported to Razer’s vulnerability disclosure programme resurfaced recently while I was chatting with Linus Särud. Back in 2017, I uncovered a snippet of JavaScript code on deals.razerzone.com which handled redirection after a user logged in. // let rurl = document.location.href; if (razerUserLogin) { rurl=rurl.split("rurl=")[1]; location.href= decodeURIComponent(rurl); } The code extracted the value from the rurl GET parameter, and redirected the user ...| EdOverflow | Web Developer, Security Researcher, and Author of security.txt o...
Web-of-trust services (WOT) such as Keybase, Onename, and Blockstack promise to verify individuals' identities on the web. Since many applications on the web are not consistent this often leads to unintended behaviour and therefore security vulnerabilities in web-of-trust services.| edoverflow.com
⚠️ Disclaimer (2022): The embedded code no longer works in this blog post since updating my website to Hugo. Some of the content may be missing. Inspired by Daniel Adams’ work, Tom Hudson and I have assembled a formula to calculate the final bounty amount based on the impact of the reported security vulnerability. The formula can be expressed as follows where $b$ is the bounty amount, $C$ is the CVSS score, and $N$ is a constant that creates a direct correlation between $b_{max}$ and $C...| EdOverflow | Web Developer, Security Researcher, and Author of security.txt o...
Summary This is a security advisory for a bug that I discovered in Resolv::getaddresses that enabled me to bypass multiple Server-Side Request Forgery filters. Applications such as GitLab and HackerOne were affected by this bug. The disclosure of all reports referenced in this advisory follow HackerOne’s Vulnerability Disclosure Guidelines. This bug was assigned CVE-2017-0904. Vulnerability Details Resolv::getaddresses is OS-dependent, therefore by playing around with different IP formats o...| EdOverflow | Web Developer, Security Researcher, and Author of security.txt o...
The following is a lightweight reconnaissance setup that should help you quickly gather information on a given target. We will run through the basic installation steps and then take a look at how to use this setup while hunting. Please keep in mind that there are hundreds of tools out there and there is no way they could all be included in this write-up. This write-up is targeted towards people getting started or for those that want a simple setup. The author assumes that the reader already h...| EdOverflow | Web Developer, Security Researcher, and Author of security.txt o...
My solutions to the "reversing the passwords" CTF by Jobert.| edoverflow.com
Recently, @ant0inet (Antoine) tweeted about a cursory scan they did against the .ch TLD to determine how many security.txt files are hosted on the .ch zone. Quick workflow to scan for @securitytxt files on the .ch zone.pic.twitter.com/XfE6xhTDeO — @realCookieMonster (@ant0inet) January 15, 2022 I decided it would be fun to explore the data set of $288$ security.txt files. If you have scanned for security.txt files in the past, you are probably aware that a significant portion of these files...| edoverflow.com
A list of questions that bug bounty hunters frequently DM me about. 😄| edoverflow.com
Learn security by building. Embrace application-specific insights over checklists. Recognise patterns for effective vulnerability discovery.| edoverflow.com
Yesterday, I received an email from a reader concerning IETF Request for Comments (RFCs): “I have heard about hackers reading RFCs. Is there a guide on reading RFCs and what to search for? Because there is way too much information in RFCs, one cannot start going through it manually.” — Afolic This is a brilliant question and one I have heard before but never covered in a blog post. Having worked on the security.| edoverflow.com
On the evening of January 30th, I checked my phone one last time before going to bed as we millennials do to simulate waking up with a hangover. Tweets started showing up on my feed about a hack related to Houseparty. I notified Karim Rahal and Karel Knibbe that what was unfolding on Twitter could be something we could look into the next day. At first, we did not think much of it but agreed it would be interesting to explore further.| edoverflow.com
I must confess, I have been holding on to a small trick that could allow anybody — even those of you that are not into developing and maintaining software — to set up a monitoring system in mere minutes. The reason why I call it the poor man's monitoring setup is simply to indicate that this setup is not extremely sophisticated, but it does its job beautifully.| edoverflow.com
For the past few months, I have been playing around with a tool developed by Tom Hudson called 'meg' and I have fallen in love with this tool. meg is a lightweight URL fetcher that stores the output in organised directories and files. This tool has become the quintessential element in my reconnaissance workflow and has been incorporated into many of my personal tools.| edoverflow.com
Solving the "H1-212" CTF by HackerOne.| edoverflow.com
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.| edoverflow.com
My basic workflow when using GitHub for recon purposes.| edoverflow.com
My tips for finding security issues in GitHub projects.| edoverflow.com
When it comes to bug bounty hunting and finding exciting areas to explore, it is vital to familiarise yourself with the technologies vendors, and companies rely on. One particularly interesting environment that caught our eye was popular integrations used by various open-source projects, primarily as part of their development life cycle. Some continuous-integration services turned out to be extremely rewarding for us as bug bounty hunters.| edoverflow.com
If you have ever ventured into the archives of old UNIX books and mailing lists, you will have undoubtedly come across the legend of ed. ed (pronounced /iː diː/) is a text editor just like vim and emacs. However, contrary to its counterparts, ed comes with what an interface that could be best summarised as… $ ed q ? q ? q ? qqqqqqqqqqqqqqqqqq ? q ? q ? q $ In spite of all of this, legend has it: “ed is the standard text editor”.| edoverflow.com