- A critical privilege escalation vulnerability found using a fun fuzzing technique for BO
- SAP Advisory 2039905
- For good reason it wasn't advertised, the PoC could remotely DoS any Rails installation with little effort.
- This impacted all versions of Drupal and Wordpress.
- Also found via the same fuzzing technique
- SAP Advisory 2001106
- idk what happened 2011-2013 😂
- On paper, it was a default password issue 🤷. In practice, it was an application that was packaged with many products that allowed trivial RCE out of the box and a nice metasploit module.
- SAP Advisory 1432881
- FCKEditor.NET File Upload Code Execution
Selected Bug Bounties
I have had a mixed experience with bug bounties. I think in total I have received a bounty or Hall of Fame from 40+ companies; not a ton but enough to see some of the good and bad. Below are some programs I really enjoyed participating with.
- Top 50 hacker at one point.
- Bugcrowd MVP 2018
- I should've gotten 2019 as well but one of the programs gave me a negative rating which dropped me below the threshold. As you can tell, I am still salty 👷.
- I believe I had the highest payout for a Web bounty up to that point.
- I had a handful of critical bugs in devices including RCE but the details are unfortunately private.