RCE due to Dependency Confusion — $5000 bounty!

2 min readMay 10

--

Hey everyone! I’m back with another cool write-up about a bug bounty report I submitted to a private program on HackerOne. Guess what? I got a $5,000 reward and they took care of it in just 30 minutes!

I won’t go into the nitty-gritty of dependency confusion since there are plenty of awesome write-ups out there that cover it.

Chevon Phillip

Written by Chevon Phillip

Application Security Engineer. I helped secure top companies and organizations.

More from Chevon Phillip

Chevon Phillip

Blind XSS via SMS Support Chat — $1100 Bug Bounty!

Hello Hunters, This is a quick write-up on how my blind XSS payload executed within an internal support portal via an SMS support chat.

1 min readApr 3

--

Chevon Phillip

10 Ways to Keep Your Developers Happy and Secure — A Guide for Application Security Engineers

As an application security engineer, your job is to ensure the security of your company’s software and systems. But in order to do that…

3 min readDec 15, 2022

--

Chevon Phillip

Building a Strong Foundation — How to Create and Maintain an Effective Application Security Program

As businesses increasingly rely on digital technologies and applications to support their operations and interact with customers, the need…

2 min readDec 15, 2022

--

AI within a computer screen

Chevon Phillip

Can ChatGPT and OpenAI Replace Application Security Engineers — Pros and Cons

As the world becomes increasingly reliant on technology and the internet, the need for skilled application security engineers to protect…

3 min readDec 15, 2022

--

See all from Chevon Phillip

Recommended from Medium

CyberSec_Sai
in
InfoSec Write-ups

How I Earned My First Bug Bounty Reward of $1000

In this article, I want to discuss about my journey of making $1000 dollars from Bug Bounty program and the lessons I learned through this…

7 min readDec 28, 2022

--

Stephen Adesina
in
Level Up Coding

10 websites that pay you up to $1000 to start your technical writing journey.

Are you at the point in your tech journey where you want to share your experiences? It doesn’t matter if you’re a tech baby with a passion…

8 min readJan 19

--

Lists

Staff Picks

332 stories84 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories117 saves

Ajak Cyber security

How to Become a Successful Bug Bounty Hunter in 2023?

Hello Ajak Amico, I Hope Everybody is fine, Many fail at bug bounty at the initial stage and drop out soon, so today I will share how to…

4 min readApr 27

--

Aliraza

Admin Account Takeover worth $5,657

Hello Viewers! I hope you’re doing well today! I found a stored cross-site scripting vulnerability that I could escalate to account…

3 min readMay 8

--

Allam Rachid (zhero_)
in
InfoSec Write-ups

DOS via cache poisoning

Today I’m going to talk about cache, denial of service, and a vulnerability I recently found in a very large company.

8 min readMay 17

--

WHO AM I ?

How I found Reflected XSS in Users login page on Public Program ?

here I will discuss some ideas not tools so if you only use tools and don’t have any idea about real hunting please don’t waste your time…

3 min readMay 23

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech