https://netacoding.com/categories/bug-bounty/ Recent content in Bug Bounty on Netacoding | Cybersecurity, Assembly & Network Research Hugo en-us Mon, 01 Jun 2026 00:00:00 +0000 https://netacoding.com/posts/ghost-leak/ Mon, 01 Jun 2026 00:00:00 +0000 https://netacoding.com/posts/ghost-leak/ ArubaOS 8.13.2.0 trusts the IP Total Length field without frame size validation, leaking up to 18 bytes of NIC buffer per ICMP Echo. TTL=0 acceptance makes the attack invisible to all monitoring systems. Same class as CVE-2003-0001 and CVE-2021-3031. https://netacoding.com/posts/smurf-reflection/ Mon, 01 Jun 2026 00:00:00 +0000 https://netacoding.com/posts/smurf-reflection/ ArubaOS 8.13.2.0 accepts spoofed ICMP Echo Requests without source validation and replies to broadcast source addresses, enabling reflection and Smurf amplification. Confirmed with two-machine wire-level evidence. Closed as expected functionality. https://netacoding.com/posts/xxe-ssrf/ Mon, 01 Jun 2026 00:00:00 +0000 https://netacoding.com/posts/xxe-ssrf/ A pre-authentication XXE injection on ArubaOS 8.13.2.0 port 32000 enables OOB SSRF. Confirmed via wire-level pcap and the controller's own sshd logs. Submitted to HPE Bugcrowd — closed as theoretical despite four evidence items.