Events related content by Club for Cyber Vigilance. A central point to access all the resources related but not limited to our tech talks and expert sessions.
0
stars
1
forks
source link
How I got CVE-2019-13655 for DOS by Buffer overflow #6
Title:
How I got CVE-2019-13655 for DOS by Buffer overflow
I will explain what was the vulnerability and how I found it and registered CVE ID with the following points:
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13655
-how I reached to the specific API request.
-how I get to know potentially there is DOS by buffer over flow via pixel flood.
-why server was taking 55000+ millisecond to response for one GET request.
-DOS is not bulk requesting.
-exploitation scenario.
-How I registered the CVE ID.
-Difference between bug bounty hunter and web application penetration tester.
Msc. Cyber security student passively working as a bug bounty hunter From 2yr on online bug hunting platforms like Bugcrowd.com with rank in top 320, Google VRP with rank in top 280, Microsoft Security Response Center’s bounty program, National Critical Information Infrastructure Protection Centre of india’s RVDP etc.
Title: How I got CVE-2019-13655 for DOS by Buffer overflow
I will explain what was the vulnerability and how I found it and registered CVE ID with the following points: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13655 -how I reached to the specific API request. -how I get to know potentially there is DOS by buffer over flow via pixel flood. -why server was taking 55000+ millisecond to response for one GET request. -DOS is not bulk requesting. -exploitation scenario. -How I registered the CVE ID. -Difference between bug bounty hunter and web application penetration tester.
Special Requirements: -I will need a projector.
Link for Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13655
The img used a for pixel flood : https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/file-upload/malicious-images/lottapixel.jpg
About my self:
Name: Dipak Prajapati
Msc. Cyber security student passively working as a bug bounty hunter From 2yr on online bug hunting platforms like Bugcrowd.com with rank in top 320, Google VRP with rank in top 280, Microsoft Security Response Center’s bounty program, National Critical Information Infrastructure Protection Centre of india’s RVDP etc.
Twitter: https://twitter.com/mrprajapati_360 Youtube: https://www.youtube.com/channel/UCrOPdHx9TMmsQg16o29y8fQ Instagram: https://www.instagram.com/dipak_1337