-
- A critical privilege escalation vulnerability found using a fun fuzzing technique for BO
- SAP Advisory 2039905
-
Denial of Service XML Expansion (CVE-2014-8080)
- For good reason it wasn't advertised, the PoC could remotely DoS any Rails installation with little effort.
-
CVE-2014-5265, CVE-2014-5266, CVE-2014-5267
- This impacted all versions of Drupal and Wordpress.
-
SAP HANA Web-based Development Workbench Code Injection (SAP Advisory 2015446)
-
Unauthenticated Username Enumeration in Business Objects (SAP Advisory 2001109)
-
Unauthenticated Remote Crash of Business Objects (CVE-2014-8310)
- Also found via the same fuzzing technique
- SAP Advisory 2001106
-
- On paper, it was a default password issue 🤷. In practice, it was an application that was packaged with many products that allowed trivial RCE out of the box and a nice metasploit module.
- SAP Advisory 1432881
Selected Bug Bounties
I have had a mixed experience with bug bounties. I think in total I have received a bounty or Hall of Fame from 40+ companies; not a ton but enough to see some of the good and bad. Below are some programs I really enjoyed participating with.
- AT&T
- Top 50 hacker at one point.
- Bugcrowd MVP 2018
- 2019 I had the points and bugs, but one of the programs unfairly gave me a negative rating which dropped me below the threshold. As you can tell, I am still salty 👷.
- Mozilla
- I believe I had the highest payout for a Web bounty up to that point.
- Tesla
- HP
- I had a handful of critical bugs in devices including RCE but the details are unfortunately private.
- IBM
- Slack