Forbidden Does’t Mean Impossible — Discovering Hidden Endpoints with 403Bypasser
In this article, the researcher discovered a technique for bypassing 403 Forbidden errors and uncovering hidden endpoints. The vulnerability stemmed from a lack of proper error handling and insufficient input validation on the application's side. By using the 403Bypasser tool, the researcher sent crafted requests to test for potential bypasses. The payload contained an If-Modified-Since header with a future timestamp. If the response included a 200 OK status instead of the expected 403 Forbidden, it indicated that the endpoint was vulnerable. The researcher found that the application failed to handle invalid timestamps, allowing them to access sensitive information. This flaw could potentially lead to unauthorized data access or information disclosure. The researcher earned $1,500 for this discovery. Proper remediation involves implementing proper input validation for timestamps, as well as thorough error handling. Key lesson: Inadequate error handling and input validation can lead to information disclosure and bypassing intended access restrictions. #BugBounty #InformationDisclosure #403Bypasser #InputValidation #Cybersecurity #WebSecurity

https://medium.com/bug-bounty-hunting-a-comprehensive-guide-in/forbidden-doesnt-mean-impossible-%EF%B8%8F-discovering-hidden-endpoints-with-403bypasser-c65d7d5e6b9f?source=rss------bug_bounty-5

XXE Injection Guide: Fundamentals, Payloads, and Bug Bounty Strategies
This write-up describes the XML External Entity (XXE) injection vulnerability, focusing on its fundamentals, payloads, and bug bounty strategies. The root cause is an application's failure to properly handle XML entities, allowing external data (DTD or XML entity references) to be loaded. By crafting payloads with DTD-based entities to force external file inclusions or Remote File Inclusion (RFI), the researcher discovered vulnerable applications. The mechanism involves tricking the application into parsing malicious XML entities, causing it to read and execute arbitrary files or network resources. This vulnerability can lead to serious consequences such as data breaches, information disclosure, and even Remote Code Execution (RCE). A $2,000 bounty was awarded for discovering an XXE vulnerability on a popular platform. To remediate, enforce strict XML entity handling, limit DTD processing, and consider using XML parsers with built-in protection against XXE injections. Key lesson: Always validate and sanitize user-supplied XML input to prevent XXE injections. #BugBounty #Cybersecurity #XML #XXEInjection #InformationDisclosure

https://medium.com/@jpablo13/xxe-injection-guide-fundamentals-payloads-and-bug-bounty-strategies-1a11e73856a5?source=rss------bug_bounty-5

Clobbering DOM Attributes to Bypass HTML Filters and Trigger DOM-Based XSS
This article demonstrates a unique form of DOM-based Cross-Site Scripting (XSS) by exploiting property collisions in the Document Object Model (DOM). The application filters user comments for restricted HTML but overlooks unsafe assumptions about specific DOM properties. By intentionally clobbering an existing property (onclick), the researcher overwrites its original value with malicious code, effectively bypassing filtering mechanisms that should have removed it. Although event handlers such as onclick and onfocus were supposed to be removed, the clobber attack allowed their retention. This vulnerability can result in sensitive data exposure or account takeover. The researcher did not disclose a bounty amount, but the article serves as a valuable lesson for security researchers to scrutinize assumptions about DOM properties during sanitization. Key lesson: Carefully examine all DOM properties when implementing HTML filtering to avoid clobber attacks. #BugBounty #Cybersecurity #DOMXSS #InformationDisclosure

https://meetcyber.net/clobbering-dom-attributes-to-bypass-html-filters-and-trigger-dom-based-xss-cc2afb437bde

Here's something that wasn't on your bingo card. Secrets, like API keys were gobbled up in a huge dataset used to train most GenAI models. People leave them in GitHub, then the model absorbs the code, and bobs your uncle.

https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html?m=1

#genai #informationdisclosure

Check Point Vulnerability Report: CVE-2024-24919

Date: May 29, 2024

CVE: CVE-2024-24919

Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

CWE: [[CWE-22]], [[CWE-425]]

Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

Synopsis

A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

Issue Summary

The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

Technical Key Findings

The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

Vulnerable Products

• Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

Impact Assessment

Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

Patches or Workaround

Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

Tags

#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence