Bug Bounty

I recently reported an unauthenticated SQL injection in Relevanssi, a WordPress search plugin that was active on more than 100,000 sites. There were two things that made this bug especially fun to work on: first, a type confusion issue where input that only looked like a numeric term ID could carry extra SQL with it, and second, an exploitation trick where one SQL injection payload was smuggled inside another in order to get around the limitations of the first query.

If you do any kind of penetration testing or bug bounty hunting from your home PC, then as a necessity you will be sending malicious-looking traffic to your target. If your target happens to be protected by Akamai or CloudFlare, and you don’t take any special precautions, then unfortunate things may happen. Unfortunate, as in your home IP gets blocked from half the sites on the internet.

To avoid this, you need to make your web traffic look like it came from a different IP address than it actually did. This means using some kind of proxy server. There are a few different ways you can do this, but my preferred way is to use a virtual private server (VPS) rented out from a cloud provider.