The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: bug bounty

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

April 14, 2014Wang Wei
Yahoo-owned Flickr , one of the biggest online photo management and sharing website in the world was recently impacted by critical web application vulnerabilities, which left website's database and server vulnerable hackers. Ibrahim Raafat , a security researcher from Egypt has found SQL injection vulnerabilities on  Flickr Photo Books , new feature for printing custom photo books through Flickr that was launched 5 months ago. He claimed to have found two parameters ( page_id , items ) vulnerable to Blind SQL injection and one  (i.e. order_id ) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements. A Successful SQL exploitation could allow an attacker to steal the Database and MYSQL administrator password. Furthermore, Flickr's SQL injection flaws also facilitate the attacker to exploit remote code execution on the server and using  load_file("/etc/passwd")   function he was successfu
Researchers Get $10,000 for Hacking Google Server with Malicious XML

Researchers Get $10,000 for Hacking Google Server with Malicious XML

April 12, 2014Anonymous
A critical vulnerability has been uncovered in Google that could allow an attacker to access the internal files of Google's production servers. Sounds ridiculous but has been proven by the security researchers from Detectify. The vulnerability resides in the Toolbar Button Gallery ( as shown ). The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. So, for the developers, it is easy to create their own buttons by uploading XML files containing metadata for styling and other such properties. This feature of Google search engine is vulnerable to  XML External Entity (XXE) . It is an XML injection that allows an attacker to force a badly configured XML parser to " include " or " load " unwanted functionality that can compromise the security of a web application. " The root cause of XXE vulnerabilities is naive XML parsers that blindly interpret the DTD of t
Google adds its Chrome apps and extensions to Bug Bounty Program

Google adds its Chrome apps and extensions to Bug Bounty Program

February 05, 2014Anonymous
Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products.  Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as " by Google ". The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers. " We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly. " Google said in a blog post . Not only this, to improve the security of open-source proje
Facebook Hacker received $33,500 reward for Remote code execution vulnerability

Facebook Hacker received $33,500 reward for Remote code execution vulnerability

January 23, 2014Mohit Kumar
Facebook has paid out its largest Bug Bounty ever of $33,500 to a Brazilian security researcher for discovering and reporting a critical Remote code execution vulnerability, which potentially allows the full control of a server. In September, ' Reginaldo Silva' found an XML External Entity Expansion vulnerability affecting the part of Drupal that handled OpenID, which allows attacker to read any files on the webserver. As a feature, Facebook allows users to access their accounts using OpenID in which it receives an XML document from 3rd service and parse it to verify that it is indeed the correct provider or not i.e. Receives at https://www.facebook.com/openid/receiver.php  In November 2013, while testing Facebook's ' Forgot your password ' functionality, he found that the OpenID process could be manipulated to execute any command on the Facebook server remotely and also allows to read arbitrary files on the webserver. In a Proof-of-Concept ,
LinkedIn iOS app HTML Message Parsing Vulnerability

LinkedIn iOS app HTML Message Parsing Vulnerability

December 10, 2013Anonymous
LinkedIn's iOS application is prone to a vulnerability that may permit remote attackers to execute arbitrary code. Security Researcher Zouheir Abdallah  has disclosed HTML parsing vulnerability in LinkedIn iOS an app, that can be used to phish for credentials or be escalated into a full blown attack. LinkedIn's vulnerability occurs when the messaging feature of LinkedIn's mobile app parses invalid HTML and an attacker can exploit this vulnerability remotely from his/her account, which could have serious impact on LinkedIn's users.  He created Proof of concept of the flaw and submitted it to the LinkedIn Security team in September 2013. Later in October 2013, the vulnerable application was patched. One of the possible attack vector is that, using this vulnerability attacker can easily phish LinkedIn user on iOS app. As shown in the screenshot, POC message says: Hey, Can you please view my LinkedIn profile and endorse me! Thanks! I appreciate it! The iOS app will d
Facebook vulnerability allows to view hidden Facebook Friend List

Facebook vulnerability allows to view hidden Facebook Friend List

November 22, 2013Mohit Kumar
Facebook is one of the most powerful and reliable social networking website. It allows users to interact with other users after being friends with one another. Facebook allows users to make the friend list public or private. If it is made private, your friend list won't appear on your publicly viewable profile. Irene Abezgauz , a security researcher from the Quotium Seeker Research Center has found a vulnerability in Facebook  website that allows anyone to see a users' friends list, even when the user has set that information to private. v The exploit is carried out by abusing the ' People You May Know ' feature on Facebook , which suggests new friends to users. It suggests friends to you based on mutual connections and other criteria such as work or education information. This Hack is really very simple! All a hacker would have to do would be to create a fake Facebook profile and then send a friend request to their target. Even if the targeted user ne
Hacking Gmail accounts with password reset system vulnerability

Hacking Gmail accounts with password reset system vulnerability

November 22, 2013Wang Wei
Oren Hafif , a security researcher has discovered a critical vulnerability in the Password reset process of Google account that allows an attacker to hijack any account. He managed to trick Google users into handing over their passwords via a simple spear-phishing attack by leveraging a number of flaws i.e. Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a flow bypass. In a proof of concept video demonstration, the attacker sends his victim a fake " Confirm account ownership " email, claiming to come from Google. The link mention in the mail instructs the recipient to confirm the ownership of the account and urged user to change their password. The link from the email apparently points to a HTTPS  google.com URL, but it actually leads the victim to the attacker's website because of CSRF attack with a customized email address. The Google HTTPS page will will ask the victim to confirm the ownership by entering his last password and then will ask to res
Facebook Open URL Redirection vulnerability

Facebook Open URL Redirection vulnerability

November 16, 2013Anonymous
Security Researcher Dan Melamed discovered an Open URL redirection vulnerability in Facebook that allowed him to have a facebook.com link redirect to any website without restrictions. An open URL Redirection flaw is generally used to convince a user to click on a trusted link which is specially crafted to take them to an arbitrary website, the target website could be used to serve a malware or for a phishing attack . An Open URL Redirection url flaw in Facebook platform and third party applications also exposes the user's access token at risk if that link is entered as the final destination in an Oauth dialog . The Facebook Open URL Redirection vulnerability exists at landing.php  page with " url " parameter, i.e. https://facebook.com/campaign/landing.php?url=https://yahoo.com This URL will always redirects user to the Facebook 's homepage, but it is sufficient to manipulate the "url" parameter assigning a random string: https://facebo
Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts

Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts

October 29, 2013Mohit Kumar
There are more than 100 Million users who are using Facebook mobile app. Facebook has fixed multiple critical vulnerabilities in its Android based applications that allows hackers to steal access tokens and hijack accounts. Egyptian security researcher Mohamed Ramadan, Security researcher with Attack Secure, has who disclosed  a couple of vulnerabilities in the Facebook Main app and Facebook messenger app and Facebook page's manager application for Android. User's access token is the key to accessing a Facebook account and according to him, an attacker only needs to send a message that contains an attachment of any type, i.e. Videos, documents, and pictures. Once the victim will click on that file to download, immediately victim's access_token will be stored in the Android's log messages called -  logcat ,  that enables other apps to grab user's access token and hijack the account. Video Demonstration: The second flaw which is reported by Ramadan
Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

October 07, 2013Wang Wei
Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 (IE11). The program was designed to run during Internet Explorer 11's browser beta test on June 26 and went on till July 26. They said it would pay researchers up to $11,000 for each Internet Explorer 11 vulnerability they found. In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric. Today Microsoft has released the names of all the people who the company said found vulnerabilities that qualified for a bounty and paid out $28k a total of six researchers for reporting 15 different bugs. J ames Forshaw, Context Security 4 Internet Explorer 11 Preview Bug Bounty - $4,400 1 Bonus for finding cool IE design vulnerabilities - $5,000 Jose Antonio Vazquez Gonzalez, Yenteasy - Security Research 5 Internet Explorer 11
Yahoo is now offering up to $15,000 in bug bounty after policy review

Yahoo is now offering up to $15,000 in bug bounty after policy review

October 03, 2013Mohit Kumar
Offering cash rewards for vulnerability reports has become something of a norm when it comes to big tech companies these days.  Yahoo has changed its bug bounty policies following a deluge of negative feedback in the wake of the news that ethical hackers were rewarded with $12.50 in gift vouchers for security flaw discoveries. The company unveiled a new program to reward reporters who shed light on bugs and vulnerabilities classified as new, unique and/or high risk issues. Starting October 31, 2013, individuals and firms who report bugs will be rewarded with anything between $150-$15,000. " The amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue ," Director of security, Ramses Martinez, announced . Yahoo denied that its new program was a response to the criticism, saying it was already working on a new bug bounty system before the furore. Martinez begins by labelling himself as the &q
Yahoo! discourages Security Researchers with just $12.50 bug bounty for vulnerability reporting

Yahoo! discourages Security Researchers with just $12.50 bug bounty for vulnerability reporting

October 02, 2013Wang Wei
Today more and more companies are looking for external security researchers to help identify vulnerabilities and weaknesses in their applications through Bug Bounty Programs. While companies like Facebook and Google are paying out hundreds of dollars to researchers for reporting security vulnerabilities, But according to Yahoo! Your email's security worth only $12.50 ! Yahoo is not having very good run in the reputation department when it comes to user security. Researchers at High-Tech Bridge found a few bugs, and were not exactly impressed with Yahoo's reward. They pointed out cross-site scripting (XSS) flaws affecting two Yahoo domains and in return they received $12.50 bounties for each vulnerability they found. This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate T-shirts, cups, pens and other accessories. This isn't exactly a great reward for spending time reporting security vulnerabilities
Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

September 23, 2013Anonymous
Apple has marketed TouchID both as a convenience and as a security feature. " Your fingerprint is one of the best passwords in the world ," says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple's TouchID fingerprint authentication system. The Apple TouchID it the technology developed by Apple to replace passcode on its mobile and help protect users' devices, it is based on a sensor placed under the home button and it is designed to substitute the four-digit passcode to unlock the handset and authorize iTunes Store purchases. But is it really so? Hackers members of the Chaos Computer Club claim to have defeated Apple TouchID fingerprint sensor for the iPhone 5S, just after the start of its sale to the public. " Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints, " a hacker named Starbug was quoted as sa
Hacking Facebook to delete any account; Facebook again refuses to pay Bounty

Hacking Facebook to delete any account; Facebook again refuses to pay Bounty

September 05, 2013Mohit Kumar
In the past few days, Facebook refused to pay bounty to Khalil Shreateh , the security researcher who used the bug he discovered to post directly on Facebook CEO Mark Zuckerberg 's Timeline after Facebook Security rejected his attempts to report it. Ehraz Ahmed, an independent Security Researcher claimed that he reported a critical vulnerability to the Facebook Security team, which allows the attacker to delete any account from Facebook. But Facebook refuses to Pay Bug Bounty , because he tested flaw once on his friend's account, " I reported this bug to Facebook, I'm really not happy with them. After waiting for such a long time for their reply, they denied it saying that you used this bug only works for test accounts, where as I used it for removing real accounts and now the vulnerability is also fixed after their email." he said on his blog . Video Demonstration of Exploit: Vulnerable  URL : https://www.facebook.com/ajax/whitehat/delete_
Palestinian Hacker posted vulnerability details on Mark Zuckerberg’s Timeline

Palestinian Hacker posted vulnerability details on Mark Zuckerberg's Timeline

August 17, 2013Mohit Kumar
A Palestinian Web Developer and Hacker, ' Khalil Shreateh ' found an interesting  vulnerability in Facebook, that allows hacker to bypass the Privacy settings to make a post on anyone's Timeline / Wall. He was forced to post vulnerability details on Mark Zuckerberg (Facebook Founder) Timeline to prove his point, after the Facebook Security Team failed to recognize his critical vulnerability three times. The flaw even working for those victims, who is not included in the attacker friend list.  According to Facebook's Bug Bounty program, a researcher has to submit the flaw details via email to Facebook Security Team without disclosing the details in Public. In order to get the minimum reward of US$500, the flaw should be valid. The reported vulnerability is in " composer.php " file on Facebook mechanism. First Khalil made a post on the timeline of a girl, " Sarah Gooden " who studied at the same college as Facebook CEO Mark Zuckerbe
Server Misconfiguration discloses passwords of all Barracuda Network Employees

Server Misconfiguration discloses passwords of all Barracuda Network Employees

July 24, 2013Anonymous
Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we
Another Facebook hack exposes primary email address facebook users

Another Facebook hack exposes primary email address facebook users

July 20, 2013Mohit Kumar
Last week we explained a critical vulnerability in Facebook that discloses the primary email address of facebook user. Later the bug was patched by Facebook Security Team. Today another similar interesting Facebook hack disclosed by another bug hunter, Roy Castillo. On his blog he explained a new facebook hack method that allows anyone to grab primary emails addresses of billions of Facebook users easily. Facebook Provides a App Dashboard for creating and managing your Facebook apps, with a range of tools to help you configure, build and debug your Facebook apps. The flaw exists in App settings, where application admin can add developer's profile also, but if the user is not a verified user, a error messages on page will disclose his primary email address. Using following mentioned steps, one was able to grab email addresses of all facebook users: Collect profile links of all facebook users from Facebook People Directory i.e https://www.facebook.com/directo
Hacking Facebook Account with just a text message

Hacking Facebook Account with just a text message

June 27, 2013Mohit Kumar
Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing , keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, " fin1te " is able to hack any Facebook account within a minute by doing one SMS. Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username. According to hacker , the loophole was in phone number linking process, or in technical terms, at file  /ajax/settings/mobile/confirm_phone.php This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form h
Hack Windows 8.1 to earn $100,000 bounty from Microsoft

Hack Windows 8.1 to earn $100,000 bounty from Microsoft

June 25, 2013Mohit Kumar
If you don't know yet, Microsoft is offerings up to $100,000 in exchange for finding vulnerabilities and exploits in the upcoming Windows 8.1 Preview which is expected to launch on June 26, the same time as the Microsoft Build Developer Conference. Qualifying submissions with accompanying defensive ideas will also be eligible for a BlueHat Bonus worth up to $50,000. " These are super challenging to discover and they require a new technique ," says Mike Reavey, director of Microsoft's Security Response Center. Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned. " Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would ," he said. Microsoft's senior s
Hacking PayPal accounts to steal user Private data

Hacking PayPal accounts to steal user Private data

May 29, 2013Mohit Kumar
If you're making a lot of money and you want to keep records of your transactions, then using PayPal 's Reporting system you can effectively measure and manage your business. Nir Goldshlager , founder of Breaksec and Security Researcher reported  critical flaws in Paypal Reporting system that allowed him to steal private data of any PayPal account. Exploiting the  vulnerabilities  he discovered, allowed him to access the financial information of any PayPal user including victim's shipping address Email addresses, Phone Number, Item name, Item Amount, Full name, Transaction ID, Invoice ID,  Transaction, Subject, Account ID, Paypal Reference ID etc. He found that PayPal is using the Actuate Iportal Application (a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website. After going deeply through the source code of trial version, Nir located a file named getfolderitems.
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.