The Metasploit team is excited to announce a new incentive for community exploit contributions: Cash! Running until July 20th, their Exploit Bounty program will pay out $5,000 in cash awards (in the form of American Express gift cards) to any community member that submits an accepted exploit module for an item from their Top 5 or Top 25 exploit lists. This is their way of saying thanks to the open source exploit development community and encouraging folks who may not have written Metasploit modules before to give it a try.
All accepted submissions will be available under the standard Metasploit Framework license (3-clause BSD). Exploit selection is first-come, first-serve; please see the official rules for more information.
Contributors will have a chance to claim a vulnerability from the Top 25 ($100) and Top 5 ($500) lists. Once a vulnerability has been claimed the contributor will be given one week to work on a module. After a week the vulnerability will be open again to the community. Prizes will only be paid out to the first module contributor for a given vulnerability. The process of claiming a vulnerability is an attempt at limiting situations where multiple contributors submit modules for the same vulnerability. To stake a claim, send an email to bounty@metasploit.com with the name of the vulnerability from the list below. All claims will be acknowledged, so please wait until receiving the acknowledgement before starting on the exploit. Each contributor can only have one outstanding claim at a time.
If you need help with the Metasploit module format, feel free to drop by the IRC channel (#metasploit on irc.freenode.net), and take a look at the some of the community documents:
Rules and claim status of the 2011 Metasploit Exploit Bounty program.
2. Email bounty@metasploit.com and wait for an ackknowledgement of your claim.
3. Within one week, submit an exploit module to the Metasploit Redmine tracker as a new ticket with attachment.
4. Receive feedback on the module via Redmine and acceptance status.
Payment
The program ends July 20th, this is the submission deadline for modules to be considered for the contest. Payment will be in the form of American Express gift cards sent within 60 days from the end of the program.
Via -
Contributors will have a chance to claim a vulnerability from the Top 25 ($100) and Top 5 ($500) lists. Once a vulnerability has been claimed the contributor will be given one week to work on a module. After a week the vulnerability will be open again to the community. Prizes will only be paid out to the first module contributor for a given vulnerability. The process of claiming a vulnerability is an attempt at limiting situations where multiple contributors submit modules for the same vulnerability. To stake a claim, send an email to bounty@metasploit.com with the name of the vulnerability from the list below. All claims will be acknowledged, so please wait until receiving the acknowledgement before starting on the exploit. Each contributor can only have one outstanding claim at a time.
Rules and claim status of the 2011 Metasploit Exploit Bounty program.
Submission
1. Choose an exploit from the list below that has an empty Owner field.2. Email bounty@metasploit.com and wait for an ackknowledgement of your claim.
3. Within one week, submit an exploit module to the Metasploit Redmine tracker as a new ticket with attachment.
4. Receive feedback on the module via Redmine and acceptance status.
Rules
- All submissions must come from the Top 25 or Top 5 lists below
- All exploits should be submitted to Metasploit Redmine. 1 ticket per exploit.
- Modules MUST conform to the HACKING style guidelines
- Should work reliably on all targets listed in the module.
- Should bypass ASLR/DEP when applicable (ROP)
- English-based targets should be included
- Denial-of-service modules do not count
- Contributors may not be residents of a US embargoed country
Payment
The program ends July 20th, this is the submission deadline for modules to be considered for the contest. Payment will be in the form of American Express gift cards sent within 60 days from the end of the program.
TOP 5 List ($500 bounty)
| CVE | Description | Owner |
| 2011-1807 | Google Chrome before 11.0.696.71 does not properly handle blobs execution of arbitrary code. | |
| 2011-1218 | Lotus Notes - Autonomy Keyview(.zip attachment) | Alino |
| 2011-1206 | IBM Tivoli Directory Server | |
| 2011-0657 | Vulnerability in DNS Resolution Could Allow Remote Code Execution | |
| 2011-0041 | Vulnerability in GDI+ Could Allow Remote Code Execution |
TOP 25 List ($100 bounty)
| CVE/ZDI | Description | Owner |
| 2011-0663 | Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution | |
| 2010-3757 | IBM Tivoli Storage Manager (TSM) FastBack Server _Eventlog Function Format String Arbitrary Code Execution | |
| 2011-0065 | Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability | |
| 2010-3708 | JBoss Enterprise Multiple Products JBoss Drools Deserialization Static Initializer Remote Code Execution | |
| 2011-0682 | Opera Large Form Input Handling Crafted HTML Document Memory Corruption | |
| 2010-3972 | Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution | |
| 2011-0975 | IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability | |
| 2011-0917 | IBM Lotus Domino nLDAP.exe LDAP Bind Request Remote Code Execution (poc) | |
| 2010-0111 | Symantec Alert Management System Intel Alert Handler Service (HDNLRSVC.EXE) Remote Code Execution | |
| ZDI-10-128 | ZDI-10-128 Ipswitch Imail Server Queuemgr Format String Remote Code Execution Vulnerability | |
| 2010-3582 | Oracle VM ovs-agent XML-RPC Multiple Function Remote Command Execution | |
| 2011-0116 | Apple Safari WebKit htmlelement Library setOuterText Method Handling Memory Corruption | |
| 2011-1248 | Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution | |
| 2011-0918 | IBM Lotus Domino NRouter Service Calendar Request Attachment Name Parsing Remote Code Execution | |
| 2011-0807 | Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability | |
| 2011-0073 | Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability (POC) | |
| 2011-0647 | EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability | |
| 2011-0034 | OpenType Compact Font Format driver in Microsoft Windows allows remote attackers to execute arbitrary code | |
| 2011-1290 | Integer overflow in WebKit allows remote attackers to execute arbitrary code | |
| None | Siemens Tecnomatic FactoryLink logging function stack based buffer-overflow caused by the usage of vsprintf | |
| None | Iconics GENESIS32 and GENESIS64 Integer overflow during allocation of the memory used to create an array | |
| None | DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username. | B|H |
| TBA | ( This entry is being updated ) | |
| ZDI-11-023 | Citrix Provisioning Services streamprocess.exe Remote Code Execution Vulnerability | |
| 2011-1804 | Google Chrome Floats Rendering Stale Pointer Remote Code Execution |
Via -
:D
ReplyDelete