Inkundla ye-HackerOne, evumela abacwaningi bezokuphepha ukuthi bazise abathuthukisi mayelana nokuhlonza ubungozi futhi bathole imiklomelo yalokhu, yamukelwe. mayelana nokugebenga kwakho. Omunye wabacwaningi ukwazile ukufinyelela ku-akhawunti yomhlaziyi wezokuphepha kwa-HackerOne, onekhono lokubuka izinto ezihlukanisiwe, okuhlanganisa ulwazi olumayelana nokuba sengozini okungakalungiswa. Kusukela yasungulwa le nkundla, i-HackerOne ikhokhele abacwaningi isamba semali engu-$23 million ukuze bahlonze ubungozi emikhiqizweni evela kumakhasimende angaphezu kwe-100, okuhlanganisa i-Twitter, Facebook, Google, Apple, Microsoft, Slack, Pentagon, kanye ne-US Navy.
Kuyaphawuleka ukuthi ukuthathwa kwe-akhawunti kwenzeke ngenxa yamaphutha omuntu. Omunye wabacwaningi uthumele isicelo sokuthi sibuyekezwe mayelana nokuba sengozini okungaba khona ku-HackerOne. Ngesikhathi sokuhlaziywa kwesicelo, umhlaziyi we-HackerOne uzame ukuphinda indlela ehlongozwayo yokugebenga, kodwa inkinga ayikwazanga ukuphinda ikhiqizwe, futhi impendulo yathunyelwa kumbhali wohlelo ecela imininingwane eyengeziwe. Ngesikhathi esifanayo, umhlaziyi akazange aqaphele ukuthi, kanye nemiphumela yesheke elingaphumelelanga, wathumela ngokungaqondile okuqukethwe kweseshini yakhe i-Cookie. Ikakhulukazi, phakathi nenkhulumomphendvulwano, umhlaziyi unikeze isibonelo sesicelo se-HTTP esenziwe yi-curl utility, kuhlanganise nezihloko ze-HTTP, lapho ekhohlwe khona ukusula okuqukethwe kwe-Cookie yeseshini.
Umcwaningi ukubonile lokhu kwengamela futhi wakwazi ukuthola ukufinyelela ku-akhawunti eyinhlanhla ku-hackerone.com ngokufaka nje inani eliqashelwayo le-Cookie ngaphandle kokuthi adlule ekuqinisekiseni izinto eziningi ezisetshenziswa kusevisi. Ukuhlasela kwenzeke ngoba i-hackerone.com ayizange ibophe iseshini ku-IP noma isiphequluli somsebenzisi. I-ID yeseshini eyinkinga yasuswa emahoreni amabili ngemuva kokushicilelwa kombiko oputshuziwe. Kwanqunywa ukukhokhela umcwaningi amadola ayizinkulungwane ezingama-20 ngokwazisa ngale nkinga.
I-HackerOne iqale ukuhlola ukuze ihlaziye ukuthi kungenzeka yini ukuvuza kwe-Cookie okufanayo esikhathini esidlule kanye nokuhlola ukuvuza okungase kube khona kolwazi lobunikazi mayelana nezinkinga zamakhasimende esevisi. Ukucwaninga akuvezanga ubufakazi bokuvuza esikhathini esidlule futhi kunqume ukuthi umcwaningi obonise inkinga angathola ulwazi mayelana ne-5% yazo zonke izinhlelo ezethulwe kusevisi ezifinyeleleke kumhlaziyi okhiye weseshini osetshenziswe.
Ukuze sivikeleke ekuhlaselweni okufanayo ngokuzayo, sisebenzise ukubophezela kokhiye weseshini ekhelini le-IP nokuhlunga okhiye beseshini namathokheni okuqinisekisa emazwaneni. Ngokuzayo, bahlela ukufaka esikhundleni sokubophezela ku-IP ngokubophezela kumadivayisi omsebenzisi, njengoba ukubophezela ku-IP kungenangqondo kubasebenzisi abanamakheli akhishwe ngamandla. Kuphinde kwanqunywa ukuthi kunwetshwe uhlelo lokungena ngolwazi olumayelana nokufinyelela komsebenzisi kudatha futhi kusetshenziswe imodeli yokufinyelela kwe-granular kubahlaziyi kudatha yamakhasimende.
Source: opennet.ru