2015
2014
-
- A critical privilege escalation vulnerability found using a fun fuzzing technique for BO
- SAP Advisory 2039905
-
Denial of Service XML Expansion (CVE-2014-8080)
- For good reason it wasn't advertised, the PoC could remotely DoS any Rails installation with little effort.
-
CVE-2014-5265, CVE-2014-5266, CVE-2014-5267
- This impacted all versions of Drupal and Wordpress.
-
SAP HANA Web-based Development Workbench Code Injection (SAP Advisory 2015446)
-
Unauthenticated Username Enumeration in Business Objects (SAP Advisory 2001109)
-
Unauthenticated Remote Crash of Business Objects (CVE-2014-8310)
- Also found via the same fuzzing technique
- SAP Advisory 2001106
2011-2013
- idk what happened 2011-2013 😂
2010
- CVE-2010-0219
- On paper, it was a default password issue 🤷. In practice, it was an application that was packaged with many products that allowed trivial RCE out of the box and a nice metasploit module.
- SAP Advisory 1432881
- FCKEditor.NET File Upload Code Execution
Selected Bug Bounties
I have had a mixed experience with bug bounties. I think in total I have received a bounty or Hall of Fame from 40+ companies; not a ton but enough to see some of the good and bad. Below are some programs I really enjoyed participating with.
2019
- AT&T
- Top 50 hacker at one point.
2018
- Bugcrowd MVP 2018
- I should've gotten 2019 as well but one of the programs gave me a negative rating which dropped me below the threshold. As you can tell, I am still salty 👷.
- Mozilla
- I believe I had the highest payout for a Web bounty up to that point.
- Tesla
- HP
- I had a handful of critical bugs in devices including RCE but the details are unfortunately private.
- IBM