Because You Gotta Beg for Disclosure!

My name is Parsia. I am an independent security engineer/researcher. This is where I (hopefully) collect my disclosed security issues.

I am not a proper bug bounty hunter, I’d rather play videogames in my spare time. Click on the link above to go to my personal website at parsiya.net.

Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer

Write-up is at https://parsiya.net/blog/2019-06-18-chaining-three-bugs-to-get-rce-in-microsoft-attacksurfaceanalyzer/.

Fix PRs:

CVE-2020-13621 - Websites Can Run Arbitrary Code on Machines Running the ‘PlayStation Now’ Application - $15,000

Write-up is at https://hackerone.com/reports/873614. My first (and highest to date) bounty.

Unfortunately, the images do not show up in the summary because the rest of the report is not disclosed. However, the report goes through the whole discovery process and should give you enough information to find your own bugs.

Note: The CVE is reserved but I never asked for assignment.

CVE-2021-43907 - Remote Code Execution in Visual Studio Code’s Remote WSL Extension

Yet another open local WebSocket server. Open a website while running VS Code in WSL and get pwned!

The write-up has a lot of info about how VS Code server works which may help if you want to hack it.

AWS Original Malicious Exploit at https://awsome.pw

It’s a joke vulnerability. Off-Off-Topic is the everything goes chat channel from the good ole’ Cigital. We can squat S3 bucket names to prevent people from deploying static websites.

In short, you need to own the bucket apple.com to deploy it as a static website through S3. AWS bucket names are unique so you can hope someone else has not created it.

I keep paying $15 a year for this domain because I like it.