Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

A simple way to make easy bug bounty money? Solr on Jetty XSS

John Menerick

 A really great way to earn some easy money on bug bounty programs: pay attention to popular vendor's bugs.   

 

 Vulnerability

https://issues.apache.org/jira/browse/SOLR-4861

 

Here are a few Solr services which run on Jetty.   http://www.shodanhq.com/search?q=solr+jetty  

 

Add in some correlation magic and one will find a few vulnerable services which have bug bounty programs. 

 

#Carberp vulnerabilities - Overview and poor cryptography

Batik parse double vulnerability