A bug bounty hunter used Shodan to scan an IP range in scope, discovered a Pike HTTP Server with unusual open ports, and found a Denial of Service vulnerability on port 8888. POST requests to the server's 'ext' module caused connections to hang indefinitely with no timeout enforcement, allowing an attacker to exhaust server
Table of contents
The Hunt Begins: Shodan ReconnaissanceThe Interesting HostPeeling Back the LayersNFS on Port 2049?Port 1080: Closed SOCKSPort 8888: Where Things Got InterestingThe Vulnerability Reveals ItselfUnderstanding the BugProving the ImpactThe Multi-Connection TestGet Hacker MD’s stories in your inboxThe Evidence PackageVulnerability ClassificationWriting the ReportThe Triage ResponseKey Takeaways for Bug Hunters1. Don’t Ignore IP Ranges in Scope2. Unusual Servers = Unusual Vulnerabilities3. Test All HTTP Methods Separately4. Silence is a Signal5. Measure Everything6. netstat is Your Best Friend for DoS PoC7. Clarify Method-Specific Bugs in ReportsTechnical SummaryFinal ThoughtsSort: