$2,500 Leaking parts of private Hackerone reports – timeless cross-site leaks
https://mailing.bugbountyexplained.com/
This video is an explanation of bug bounty report submitted on Hackerone to Hackerone’s own bug bounty program. The bug was a timeless cross-site leaks attack (also known as timeless timing attack). It allowed disclosing parts of private Hackerone reports.
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
Report:
https://hackerone.com/reports/493176
Reporter’s twitter:
https://twitter.com/tomvangoethem
The presentation about Timeless timing attacks from @DEFCONConference
https://youtu.be/s5w4RG7-Y6g
The whitepaper:
https://www.usenix.org/system/files/sec20-van_goethem.pdf
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:30 What is /bugs.json endpoint on Hackerone?
01:30 Time-based XSleak technique
04:32 Timeless XSleak technique
06:28 TCP congestion – How to force the browser to send 2 HTTP requests in 1 TCP packet?
08:12 Extracting contents of private Hackerone reports
Add comment