I liked this. I also wonder if it'd be worthwhile for me to take a few months off of work and try just poking away at security bounty programs. I doubt it would pay off to start with, but it seems like a pretty lucrative path. I know the OWASP Top 10, but don't really know my way around Burp Suite or anything.
If you decide to give it a shot, pay close attention to the policies and procedures that companies post. Facebook has refused to pay people in the past because they didn't use the framework/channels that they have provided.
Sign up for Bugcrowd and give it a go in your spare time. I would say it pays really well, in that it forces you to exercise and stretch your brain, over time you'll start getting better and work to the point you could quit your day job and do security full time.
How do things like bugcrowd (and bug bounties in general) work from a legal point of view? It seems very risky to go poking around without some kind of formal contract with the target.
It's a pretty common technique for exploiting Blind SQLi. You can use this as the one of the Branches in a SELECT IF to be able to determine the value of something in the DB.
I don't think so. There's creativity in hacking any server. You won't find a straight same path every time. I think security researchers are the most patient people or most determined.
16 comments
[ 3.8 ms ] story [ 41.4 ms ] threadThis was done after Facebook announced that Oculus is a part of their Whitehat program. OP was awarded 25000$ total for finding the vulnerabilities.
Very effective.
This is a clear and effective writeup. Congrats OP.
Can you explain? To me it just looks like a way to prove the exploit exists without revealing any actual injections.
https://www.owasp.org/index.php/Blind_SQL_Injection#Time-bas...