📈 Content Stats
14th July 2022
List of secrets, passwords, API keys, tokens stored inside a system environment variables.
19th March 2022
[P1][HIGH] CVE-2021-21123 | Reward: $10.000 | Reported by: Maciej Pulikowski ( pulik.io ) Write-up and code proof of concept: https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera Keep it safe! Thanks to Google Dev Team for the fixes 😊 In conclusion, the user after holding the ENTER button on the keyboard for 2 seconds could lead to a leak of his system environments variables. This is a significant problem because users could store important secrets in system environments variables ex. Access to his AWS services, Github account or Binance. 🐦 Twitter: https://twitter.com/pulik_io 🐈 GitHub: https://github.com/Puliczek ℹ️ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ #bugbounty #bugbountytips #cybersecurity
Write-up - [CVE-2022-0337] [Reward: $10.000] System environment variables leak on Google Chrome, Microsoft Edge and Opera
19th March 2022
Successful exploitation of this vulnerability can lead to the leak of users secrets stored inside a system environment variables. A security bug was found in Chromium 92 version and patched in 97 version. There are several web browsers based on the chromium engine, for instance, Google Chrome, Microsoft Edge, Opera, and Brave. All of them were vulnerable, except for Brave. The vulnerability is in the File system access API, more specifically in window.showSaveFilePicker() method.
18th December 2021
LOG4J Java exploit - WAF and patches bypass tricks
22nd March 2021
The main security issue here is the operating system dialog "Save as" launched by Google Chrome, is showing to the user the wrong file extension of downloaded the file. It shows "Save as type: JPEG (.jpg)" but downloads virus.jpg.lnk that can download and run virus.exe by PowerShell.
20th March 2021
Code PoC can be found here: https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome File System Access API - vulnerabilities found by Maciej Pulikowski ( pulik.io ) This is my first video on youtube 🤩 So sorry for the weak video edit 😊 Keep it safe! Thanks to Google Dev Team for the fixes 😊 The total reward of $5.000 is for: (Google Security_Severity) CVE [HIGH] CVE-2021-21123 [MEDIUM] CVE-2021-21129 [MEDIUM] CVE-2021-21130 [MEDIUM] CVE-2021-21131 [MEDIUM] CVE-2021-21172 [LOW] CVE-2021-21141 🐦 Twitter: https://twitter.com/pulik_io 🐈 GitHub: https://github.com/Puliczek ℹ️ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ 📞 Discord: Puliczek(hash)5549 #bugbounty #bugbountytips #cybersecurity –––––––––––––––––––––––––––––– Coffee Break by Pyrosion https://soundcloud.com/pyrosion Creative Commons — Attribution 3.0 Unported — CC BY 3.0 Free Download / Stream: http://bit.ly/-coffee-break Music promoted by Audio Library https://youtu.be/SCaVppohv88 ––––––––––––––––––––––––––––––