✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

This video is an explanation of bug bounty report submitted on Hackerone to Hackerone’s own bug bounty program. The bug was a timeless cross-site leaks attack (also known as timeless timing attack). It allowed disclosing parts of private Hackerone reports.

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

Report:
https://hackerone.com/reports/493176

Reporter’s twitter:
https://twitter.com/tomvangoethem

The presentation about Timeless timing attacks from @DEFCONConference
https://youtu.be/s5w4RG7-Y6g

The whitepaper:
https://www.usenix.org/system/files/sec20-van_goethem.pdf

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:

00:00 Intro
00:30 What is /bugs.json endpoint on Hackerone?
01:30 Time-based XSleak technique
04:32 Timeless XSleak technique
06:28 TCP congestion – How to force the browser to send 2 HTTP requests in 1 TCP packet?
08:12 Extracting contents of private Hackerone reports

Add comment

Your email address will not be published. Required fields are marked *