Skip to main content

Want a P5 bug or escalate it to P3 or P4

Hello Everyone,

Many months back when i was testing on hackerone and i came across Jenkins instance.

So first and foremost i did directory bruteforce and found interesting thing  on Jenkins instance i reported it got closed as informational as it was a VDP (was noob back there)


I came across some more programs on jenkins instance and same error also appeared there .

So i searched for more instances and it was working on all of then.

What was the issue?

Let's say target.com is jenkins instance so if we hit http://target.com/assets/
It throws stack error giving us instance information


REPORTED

I reported this to jenkins https://www.jenkins.io/security/ and after some days i recieved a  mail
 

I was so glad that i was going to get CVE in my pocket.
BUT unfortunately




So i guess i wasn't getting any CVE

So if anyone want any information about instance or plugins feel free to use above method if not fixed

Here's Jira issue https://issues.jenkins-ci.org/browse/JENKINS-58736

Still i got Ranked #1 on this https://hackerone.com/xhunt3r

Comments

Post a Comment

Popular posts from this blog

Skills needed to become a Hacker

The Essential Skills to Becoming a Master Hacker DISCLAIMER:  I blatantly copied this from http://null-byte.wonderhowto.com/how-to/essential-skills-becoming-master-hacker-0154509/ for all aspiring hackers (if they haven't seen it already, or just to remind). I will not take credit for the content, only for copying/pasting it like a God for you all. There are many already skilled people in the community, and also just curious minds starting out. This is what you need. ---START OF COPY_PASTE--- Many of my aspiring hackers have written to me asking the same thing. "What skills do I need to be a good hacker?" As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. To truly be a great hacker, one must master many skills. Don't be discouraged if you don't have all the skills I list here, but rather use this list as a starting ground for what you need to study and master in ...
3 comments
Read more

Do IDOR( Insecure direct object references ) Exists Everywhere ?

Hello everyone,   As infosec community has given me so much so i also plan to contribute in it Also take it as a tip , i guess you can learn and report something out of it . For those who don't know what IDOR is. Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly .  Explanation of IDOR   Lets's assume a user has a user_id 123 so he access his/her account by visiting this link https://xxxx/profile/123 He change user_id to 456 https://xxxx/profile/456 and he can get details of 456 So that is IDOR in simple terms.     What was the bug exactly So I was hunting on a company website and i subscribed for its alerts. So i reported some bugs that some performed good and some were duplicates. On late evening i got a mail from that company of some errors t...
Post a Comment
Read more