Table of Contents
👋 Editor's Note
When selecting items for the Top Picks section, I generally prioritize recently published posts. However, I sometimes discover hidden gems in older content that simply didn't get enough traction to reach us.
On that note, many of you have asked for BugBountyDaily to display the original publication date. I deployed a scraper to fetch the dates and updated the website. However, since many of these sources do not prioritize OpenGraph tags or proper content structure, we may have to deal with some missing data 😅
A quick break before we get to our top picks! Did you know you can also submit content you think belongs on BugBountyDaily?
🔥 Top Picks
This is what I call gold content. I had the chance to meet Valentino in Mexico during the last Google LHE, and he deserves all the recognition in the world. Smart guy, smart hacks. His content has improved significantly since Command injection in Vertex AI, and I am glad he's sharing more and more.
Many people are saying that SQL injection is dead. This confirms what I already knew: it isn't dead, just more complex to exploit. I think the same applies to XSS. By the way, who doesn't love testing languages with type coercion? It reminds me of Account Takeover via Password Reset without user interaction which paid $35,000.
It's refreshing to see a blog post like this that actually details the full path and challenges, from the beginning leading up to the vulnerability. I think this is a must-read because it really opens your mind to all the new attack surfaces AI is introducing.
🌊 It is worth mentioning
Not all content makes it to the top picks of the day, but some of it is worth mentioning!