Burp Suite Japan LT Carnivalの登壇資料
View Slide
:-> @8ayac (Twitter/HackerOne/Flickr)2PSIRT (’18/04~)MBSD Cybersecurity Challenges (’17/’18)GitLab Bug Bounty Program - Hall of Fame 7 (2018)45BugHunt / (←New!)CWECWE-79 / CWE-400Follow @8ayac 1
Follow @8ayac 2
Free Bugs CampaignFollow @8ayac 3
Free Hugs Campaign※Follow @8ayac 4
Burp ProCy-PSIRTHackerOneFollow @8ayac 7
CVE-XXXX-XXXX …( Burp Pro )Follow @8ayac 8
Follow @8ayac 10
Follow @8ayac 11
Follow @8ayac 14
Follow @8ayac 15
+ DEMO + αStored XSS(1) - $0- $0Stored XSS(2) - $0Free Bugs CampaignFollow @8ayac 16
OSSGitLab Issue Tracker/✨Follow @8ayac 18
Title: Issue Stored XSSIssue Type: XSS(CWE-79)Severity: High(7~8.9)Affected Versions:11.3.x < 11.3.111.2.x < 11.2.411.1.x < 11.1.7Report: https://hackerone.com/reports/384255Follow @8ayac 20
https://github.com/gitlabhq/gitlabhq/commit/6d360c210d3d822fc266eecc04753481ae4bda70#diff-ebb2ac556337fa87bae1c9e999fca8cfR2Follow @8ayac 22
Follow @8ayac 24
Follow @8ayac 25
Follow @8ayac 26
Follow @8ayac 27
GitLab Public Program10Follow @8ayac 28
Title:Issue Type: Information Exposure Through Browser Caching(CWE-525)Severity: MediumAffected Versions:11.4.x < 11.4.311.3.x < 11.3.811.2.x < 11.2.7Report: https://hackerone.com/reports/407763Follow @8ayac 29
https://github.com/gitlabhq/gitlabhq/commit/782badd0a2cd00d2a9cbe591e78b30aca32e252b#diff-55c5b7aecfb519d0e4880eaf2788eb6eFollow @8ayac 31
Follow @8ayac 33
Follow @8ayac 34
Follow @8ayac 35
Follow @8ayac 36
Follow @8ayac 37
Follow @8ayac 38
Follow @8ayac 39
Follow @8ayac 40
Follow @8ayac 41
Follow @8ayac 42
Public ProgramPrivateFollow @8ayac 43
Title: Stored XSSIssue Type: XSS(CWE-79)Severity: HighAffected Versions:11.4.x < 11.4.311.3.x < 11.3.811.2.x < 11.2.7Report: https://hackerone.com/reports/409380Follow @8ayac 44
Follow @8ayac 46
GitLab Public Program !!(Low $1000): https://hackerone.com/gitlab/policy_versions?change=3597572#Follow @8ayac 49
Follow @8ayac 50
Follow @8ayac 51
Follow @8ayac 52
Follow @8ayac 53
Follow @8ayac 54
Follow @8ayac 55
Follow @8ayac 56
@zseano: Are you submitting bugs for free when others are being paid?...Follow @8ayac 59
Follow @8ayac 60
PrivatePrivateResearcherFollow @8ayac 61
PrivatePrivateResearcherFollow @8ayac 62
Free Bugs Campaign: Public PrivateFollow @8ayac 63
Follow @8ayac 64
Follow @8ayac 65
$500( )“Private Program”GitLab( HackEDU)100Burp ( )Follow @8ayac 67
☺