Disposable mail Crowdsource monthly recap | July 2017 – 10 minute mail

Disposable mail Crowdsource is our crowdsourced security initiative that allows us to implement white hacker knowledge into our service and work with the world’s best security researchers. Read our community manager Kristian Bremberg’s recap to find out what’s been going on in the Crowdsource community last month.

In July, Crowdsource has gotten many interesting submissions from hackers around the world, proving that hacking is in full swing even during the summer months.

From enterprise systems to content management platforms

This month’s submissions vary in severity and cover a wide range of technologies, including enterprise systems and consumer content management platforms.

Many of the submissions are vulnerabilities that affect WordPress plugins. However, we have also received submissions with a high severity (Remote Code Execution and SQL injection) affecting rather exotic systems. The variety in July’s submissions shows that we can find vulnerabilities in most systems thanks to the diverse skillsets of our Crowdsource hackers.

Over 800 hits

Crowdsource submissions are built into the Disposable mail service, allowing us to scan hundreds of websites for the submitted vulnerabilities. This way, researchers can extend their reach and make an impact with the help of automation while getting paid for every unique finding based on their submission.

Disposable mail Crowdsource total hits

Disposable mail Crowdsource | July 2017

In July, Crowdsource submissions generated over 800 hits on our customers’ sites, bringing the total number of hits since the platform’s launch to 5940. That’s 5940 vulnerabilities discovered by modules based on Crowdsource hackers’ security research, a number that continues to grow as our customers run Disposable mail scans on their web applications. White hat knowledge leveraged by the power of automation is a force to be reckoned with!

Crowdsource improvements

To make the Crowdsource experience better for our hackers, we have added several improvements to the platform, such as the frequently requested ability to stay anonymous on the leaderboard, and faster payouts via BugCrowd.

As Crowdsource continues to grow, Disposable mail security researcher Linus Särud will be joining the Crowdsource team. Linus has been working at Disposable mail for over 2 years years and will help us develop the platform so that our customers can access even more white hat hacker knowledge.

Stay tuned for next month’s Crowdsource update!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail Crowdsource Monthly Recap | August 2017 Breaks New Records – 10 minute mail

Disposable mail Crowdsource is our crowdsourced security initiative that allows us to implement white-hat hacker knowledge into our service and work with 100+ of the world’s best ethical hackers. Read our community manager Kristian Bremberg’s recap to find out what’s been going on in the Crowdsource community the past month.

August marks the best month so far

In August, submissions from Disposable mail Crowdsource generated more than 1500 unique hits in total, which is a monthly all-time high! Security never sleeps, so a big thank you to all our Crowdsource hackers for submitting new vulnerabilities that helped secure our users.

Top finding: URL path traversal due to url-encoded slashes

Nearly half of the hits were generated by one single module: URL path traversal due to url-encoded slashes. The submission itself is not critical, but can easily be used together with other vulnerabilities, which could lead to severe consequences. The vulnerability relies within certain load balancers configuration, which makes it possible to append paths via path traversal so that data (such as tokens) in the URL can be leaked to an attacker’s website.

Severe Flash vulnerabilities

August was also the month of severe Flash vulnerabilities. A great deal of them were submitted to the platform, such as XSS vulnerabilities in bookContent.swf, ZeroClipboard.swf and Jplayer. This proves that Flash is a dying technology with increasing amount of vulnerabilities, and we hope that this trend keeps rising; more submissions for technologies that are disappearing from the Internet, such as Flash, Java and Silverlight.

This month’s CS Hacker: Evgeny Morozov

We would also like to thank Evgeny Morozov, a highly skilled hacker in Crowdsource, who found a vulnerability which made it possible to validate a domain in Disposable mail by using a DNS spoofing vulnerability.

For this, Evgeny earned a place in our Hall of Fame.

Big plans for the future

The team behind Disposable mail Crowdsource has planned the roadmap for the upcoming years. We aim to make Crowdsource the ultimate bug bounty experience, and have a lot of plans on how the platform should develop in the future. We believe in the idea to include real, top skilled hackers in building a security tool, which means its authentic white-hat knowledge that will make the Internet a more secure place.

We’re looking for more researchers

If you’re ready for a new challenge in your bug bounty life, we recommend you to try out Disposable mail Crowdsource. We are inviting the best hackers from all over the world to join our platform – and all competences are welcomed. With your unique way of hacking, you can both make the Internet a secure place while earning a bounty along the way! If you think you have what it takes, please write a short introduction to [email protected], and we will get back to you if your skillset is relevant for our platform.

Read more: How to become a Crowdsource hacker 
That’s all for now!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail Crowdsource Monthly Recap | WordPress vulnerabilities galore – 10 minute mail

With over 1200 hits generated by Crowdsource submissions, September was our second best month so far. We have added many new vulnerabilities affecting WordPress, both core and plugins. A few of the plugins were used by a large amount of WordPress installs, as you can read in our article where we list all our newly added vulnerabilities. Many of these modules were submitted by this month’s hacker Yasin Soliman.

Crowdsource monthly recap - September

Improvements in the platform

New vulnerabilities are far from all that has happened in September. The platform and community have had a few big changes, and many of the improvements were based on the feedback we received from members of the Crowdsource community. We sent a survey to all invited researchers, and we want to thank everyone who took the time to answer it. The results showed us that we are focusing on the right things, and the platform will see a few major changes that our researchers will love. Stay tuned!

The first update we’ve released is that researchers from Crowdsource can now get a “fixed bounty” for their submissions. This means that the researcher will receive a fixed payout besides the regular payout per hit. We hope that this change will encourage researchers to submit modules of high quality that may not generate a lot of hits, but are equally important to us.

Top finding

In September, the top finding was an open redirect affecting the latest version of WordPress.

Hacker of the month

The Disposable mail Crowdsource hacker of the month is Yasin Soliman, a 17-year old UK based security researcher who submitted more than 25 valid modules to Crowdsource in September. We got the opportunity to interview Yasin about his participation in Crowdsource, security role models and his view on other bug bounty programs.

Guest Blog: Don’t Leave your Grid Wide Open

Our guest blogger and Disposable mail Crowdsource hacker Peter Jaric explains how Selenium Grid could be exploited to read files on the server.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.