$30 off During Our Annual Pro Sale. View Details »

Free Bugs Campaign

8ayac
March 11, 2019

Free Bugs Campaign

Burp Suite Japan LT Carnivalの登壇資料

8ayac

March 11, 2019
Tweet

More Decks by 8ayac

Other Decks in Technology

Transcript

  1. View Slide

  2. :
    -> @8ayac (Twitter/HackerOne/Flickr)
    2
    PSIRT (’18/04~)
    MBSD Cybersecurity Challenges (’17/’18)
    GitLab Bug Bounty Program - Hall of Fame 7 (2018)
    45
    BugHunt / (←New!)
    CWE
    CWE-79 / CWE-400
    Follow @8ayac 1

    View Slide

  3. Follow @8ayac 2

    View Slide

  4. Free Bugs Campaign
    Follow @8ayac 3

    View Slide

  5. Free Hugs Campaign

    Follow @8ayac 4

    View Slide

  6. View Slide

  7. View Slide

  8. Burp Pro
    Cy-PSIRT
    HackerOne
    Follow @8ayac 7

    View Slide

  9. CVE-XXXX-XXXX …
    ( Burp Pro )
    Follow @8ayac 8

    View Slide

  10. View Slide

  11. Follow @8ayac 10

    View Slide

  12. Follow @8ayac 11

    View Slide

  13. View Slide

  14. View Slide

  15. Follow @8ayac 14

    View Slide

  16. Follow @8ayac 15

    View Slide

  17. + DEMO + α
    Stored XSS(1) - $0
    - $0
    Stored XSS(2) - $0
    Free Bugs Campaign
    Follow @8ayac 16

    View Slide

  18. View Slide

  19. OSS
    GitLab Issue Tracker
    /

    Follow @8ayac 18

    View Slide

  20. View Slide

  21. Title: Issue Stored XSS
    Issue Type: XSS(CWE-79)
    Severity: High(7~8.9)
    Affected Versions:
    11.3.x < 11.3.1
    11.2.x < 11.2.4
    11.1.x < 11.1.7
    Report: https://hackerone.com/reports/384255
    Follow @8ayac 20

    View Slide

  22. View Slide

  23. https://github.com/gitlabhq/gitlabhq/commit/6d360c210d3d822fc266eecc04753481ae4bda70#diff-ebb2ac556337fa87bae1c9e999fca8cfR2
    Follow @8ayac 22

    View Slide

  24. View Slide

  25. Follow @8ayac 24

    View Slide

  26. Follow @8ayac 25

    View Slide

  27. Follow @8ayac 26

    View Slide

  28. Follow @8ayac 27

    View Slide

  29. GitLab Public Program
    10
    Follow @8ayac 28

    View Slide

  30. Title:
    Issue Type: Information Exposure Through Browser Caching(CWE-525)
    Severity: Medium
    Affected Versions:
    11.4.x < 11.4.3
    11.3.x < 11.3.8
    11.2.x < 11.2.7
    Report: https://hackerone.com/reports/407763
    Follow @8ayac 29

    View Slide

  31. View Slide

  32. https://github.com/gitlabhq/gitlabhq/commit/782badd0a2cd00d2a9cbe591e78b30aca32e252b#diff-55c5b7aecfb519d0e4880eaf2788eb6e
    Follow @8ayac 31

    View Slide

  33. View Slide

  34. Follow @8ayac 33

    View Slide

  35. Follow @8ayac 34

    View Slide

  36. Follow @8ayac 35

    View Slide

  37. Follow @8ayac 36

    View Slide

  38. Follow @8ayac 37

    View Slide

  39. Follow @8ayac 38

    View Slide

  40. Follow @8ayac 39

    View Slide

  41. Follow @8ayac 40

    View Slide

  42. Follow @8ayac 41

    View Slide

  43. Follow @8ayac 42

    View Slide

  44. Public Program
    Private
    Follow @8ayac 43

    View Slide

  45. Title: Stored XSS
    Issue Type: XSS(CWE-79)
    Severity: High
    Affected Versions:
    11.4.x < 11.4.3
    11.3.x < 11.3.8
    11.2.x < 11.2.7
    Report: https://hackerone.com/reports/409380
    Follow @8ayac 44

    View Slide

  46. View Slide

  47. Follow @8ayac 46

    View Slide

  48. View Slide

  49. View Slide

  50. GitLab Public Program !
    !(Low $1000)
    : https://hackerone.com/gitlab/policy_versions?change=3597572#
    Follow @8ayac 49

    View Slide

  51. Follow @8ayac 50

    View Slide

  52. Follow @8ayac 51

    View Slide

  53. Follow @8ayac 52

    View Slide

  54. Follow @8ayac 53

    View Slide

  55. Follow @8ayac 54

    View Slide

  56. Follow @8ayac 55

    View Slide

  57. Follow @8ayac 56

    View Slide

  58. View Slide

  59. View Slide

  60. @zseano
    : Are you submitting bugs for free when others are being paid?...
    Follow @8ayac 59

    View Slide

  61. Follow @8ayac 60

    View Slide

  62. Private
    Private
    Researcher
    Follow @8ayac 61

    View Slide

  63. Private
    Private
    Researcher
    Follow @8ayac 62

    View Slide

  64. Free Bugs Campaign
    : Public Private
    Follow @8ayac 63

    View Slide

  65. Follow @8ayac 64

    View Slide

  66. Follow @8ayac 65

    View Slide

  67. View Slide

  68. $500
    ( )
    “Private Program”
    GitLab
    ( HackEDU)
    100
    Burp ( )
    Follow @8ayac 67

    View Slide


  69. View Slide