Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus...
Transcript of Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus...
![Page 1: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/1.jpg)
Disclosing Vulnerabilities
FOR FUN & PROFIT
Nikhil.P.Kulkarni
www.twitter.com/nikchillz
![Page 2: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/2.jpg)
Nikhil.P.Kulkarni
intro.me
Web Application Pen-testing
Bug Hunter Blogger
Listed in Various Hall Of Fames
Web Designer Researcher at CSPF
![Page 3: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/3.jpg)
![Page 4: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/4.jpg)
![Page 5: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/5.jpg)
File Inclusion BUG
![Page 6: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/6.jpg)
VULNERABILITY
DISCLOSURE
FULL DISCLOSURE
RESPONSIBLE DISCLOSURE
![Page 7: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/7.jpg)
![Page 8: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/8.jpg)
![Page 9: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/9.jpg)
Tools Proxy:
Burp Suite
Web Scarab
Fiddler
And many more…!!!
Firefox Addons:
Tamper Data
Web Developer Extensions
Live HTTP Headers
Firebug
Hackbar
XSS Me
And many more…!!!
Optional:
Camtasia Studio(Screen Recorder)
Snipping Tool(Screenshots)
Useful Tools:
IRONWASP
XENOTIX
And many more…!!!
![Page 10: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/10.jpg)
$100 to $20,000
$500 to $5000
500 to $3000
![Page 11: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/11.jpg)
Unknown Price money (Approx. $50 to $10,000)
$500 + T-Shirt
![Page 12: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/12.jpg)
https://bugcrowd.com/list-of-bug-bounty-programs/
![Page 13: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/13.jpg)
Normal
Resume Resume with
HOF
![Page 14: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/14.jpg)
Find Bugs
Report Them
Get Reward
Party
Broke
![Page 15: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/15.jpg)
Never go for Full Disclosure without company’s permission.
Always see that, you’ve made a Responsible Disclosure before going for
Full Disclosure.
![Page 16: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/16.jpg)
![Page 17: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/17.jpg)
![Page 18: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/18.jpg)
![Page 19: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/19.jpg)
![Page 20: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/20.jpg)
Stored XSS in the Official Website of
DELL
![Page 21: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/21.jpg)
![Page 22: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/22.jpg)
DEMO
![Page 23: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/23.jpg)
XSS CSRF SQLi And many
more
![Page 24: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/24.jpg)
![Page 25: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/25.jpg)
![Page 26: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/26.jpg)
Kislay Bhardwaj
Prasanna
Karthik Ranganath
And everyone else related to DEFCON Bangalore DC9180
![Page 27: Disclosing Vulnerabilities FOR FUN & PROFITsecurityresearch.cysecurity.org/wp-content/uploads/...Bus hapaka Rajesh MVSR Engineering College D.VSudhir raju Individua No man Ramzan RHA](https://reader033.fdocuments.us/reader033/viewer/2022051322/6028e9f7566f313a67333b32/html5/thumbnails/27.jpg)
Thank You
DEFCON
Bangalore Nikhil.P.Kulkarni www.facebook.com/nikchillz www.twitter.com/nikchillz