We're continuing our stories of bad bugs theme with some business logic flaws. Unfortunately, I couldn't find the link to the whitepaper with the e-commerce flaws, but I remember it being quantity manipulation, price manipulation by changing the currency and guessing giftcards. In today's video we look at a pretty basic authentication issue, a pretty boring price manipulation issue and end with an utterly underwhelming order number adjustment. Each of these bugs got paid a bounty between $500-1000, though some were duplicates that were split between me and other hackers because they were bugs found at live hacking events)
There are a ton of vulnerabilities out there, like Prototype Pollution, SQL Injection, and remote code execution. And while they can be fun to exploit during CTFs but when they are lurking in our code…it’s not as fun
But that’s where our sponsor Snyk comes in - Snyk scans your code, dependencies, containers, and configs, all in real time. Snyk not only finds but also fixes vulnerabilities on the fly.
You can try it out yourself by signing up for free using my link, snyk.co/insiderphd. Import your repos, and voilà - Snyk identifies vulnerabilities, ready for you to fix with a simple click. It even opens fix PRs, so you can merge and get back to what you do best - coding (or hacking… ethically that is!).
Plus, it does it all from your existing toolkit - IDEs, CLI, repos, pipelines, Docker Hub, and more.
So check it out and find out if there are any vulnerabilities affecting your projects. It’s free forever so sign up using my link snyk.co/insiderphd
Негізгі бет E-commerce Flaws and $500-1000 Bounties
No video
Пікірлер: 23