I come in peace!
I hope everyone is safe and well! I have not been active on the blog recently. It's time for an update of what I've been doing.
Today I am writing a short article on my disclosure to Oracle.
Casual day, browsing the internet, looking for my next victim (joke!) a page that belonged to Oracle had an error that caught my attention. I decided to have a look into it, this was mainly because of the domain name where the error occurred, it was a bank that provides financial infrastructure to deliver a range of B2B banking solutions and services, enabling businesses to trade globally.
They are using digitally disruptive technology that frees it from the legacy systems that make those traditional banks slow and expensive.
After doing some white magic (DNS level) and taking over the bank's domain which would also result in taking over Oracle's domain, essentially owning 2 high authority domains in one go.
This is the type of issue would benefit someone with malicious intent and little know-how, this was concerning to me because the banking company currently processes 130 billion in payments annually for its clients, which include banks, card entities, and payment gateways that choose. It also has partnerships with several other banks to provide direct clearing access, making the payments faster and cheaper.
Because I found this through Oracle, it was time to send them an e-mail and point out my concern. Oracle security team were prompt and fixed the issue that relied on their end and informed the 3rd party as well.
A few weeks go by and I receive an e-mail to say that I will be given credit in the upcoming Critical Patch Update, due to be released at 1:00 PM, U.S. Pacific Time, on January 19, 2021.
Since ~2 months, it looks like I've been absent from my blog and my usual hobbies Hack The Box, CTFs and so on. I had to get my priorities first, my University assessments, which were quite odd, due to this year's being digitally delivered.
Unfortunately, there is only so many hours in a day and my time is already so limited, as my kids are growing they require more and more of my attention.
Despite all this, I have been doing lots of cool stuff and I have many stories like this one to talk about! At the moment Hack The Box is on pause, CTFs are on pause and looking for bugs is on pause as well, This is because I've committed to a bigger project! Stay tuned to find out more.
Have you got any suggestions or questions for me ? Get in touch!
Thank you for reading my article, Until next time!
Your friendly neighbourhood Hacker.