{"id":8532,"date":"2017-08-01T14:19:03","date_gmt":"2017-08-01T22:19:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/01\/news-2306\/"},"modified":"2017-08-01T14:19:03","modified_gmt":"2017-08-01T22:19:03","slug":"news-2306","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/01\/news-2306\/","title":{"rendered":"Hack2Win \u2013 The Online Version &#8211; Ubiquiti Router"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Tue, 01 Aug 2017 12:55:01 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3342\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3342');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<div class=\"pf-content\">\n<p>After the great success of the first &#8220;Hack2Win \u2013 The Online Version&#8221; (<a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3310\" target=\"_blank\">https:\/\/blogs.securiteam.com\/index.php\/archives\/3310 <\/a>) we decided to raise the bar.<\/p>\n<p>The rules are very simple \u2013 you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD.<\/p>\n<p>To try and help you win \u2013 we bought a Ubiquiti EdgeRouter X device and plugged it to the internet (we will disclose the IP address on 10th of August 2017) for you to try to hack it, while the WAN access is the only point of entry for this device, we will be accepting LAN vulnerabilities as well.<\/p>\n<p>Just to make things clear &#8211; the competition has began &#8211; you can submit your findings from today!<\/p>\n<p>If you successfully hack it \u2013 submit your findings to us ssd[]beyondsecurity.com, you will get paid and we will report the information to the vendor.<\/p>\n<p>The competition will end on the 1st of October 2017 or if a total of 20,000$ USD was handed out to eligible findings.<\/p>\n<p><span id=\"more-3342\"><\/span><\/p>\n<p>Product details:<\/p>\n<ul>\n<li><strong>Model<\/strong>: ER\u2011X<\/li>\n<li><strong>Product name<\/strong>: EdgeRouter X <\/li>\n<li><strong>Firmware<\/strong>: EdgeRouter ER-X\/ER-X-SFP\/EP-R6: Firmware v1.9.7<\/li>\n<li><strong>Updated<\/strong>: Latest == 2017-07-24<\/li>\n<\/ul>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan.jpg\" data-slb-active=\"1\" data-slb-asset=\"371838319\" data-slb-internal=\"0\" data-slb-group=\"3342\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan-300x152.jpg\" alt=\"\" width=\"300\" height=\"152\" class=\"alignnone size-medium wp-image-3343\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan-300x152.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan-768x389.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan-1024x519.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131900.jpg\" data-slb-active=\"1\" data-slb-asset=\"496226996\" data-slb-internal=\"0\" data-slb-group=\"3342\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131900-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" class=\"alignnone size-medium wp-image-3345\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131900-300x225.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131900-768x576.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131900-1024x768.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131554.jpg\" data-slb-active=\"1\" data-slb-asset=\"164086597\" data-slb-internal=\"0\" data-slb-group=\"3342\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131554-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" class=\"alignnone size-medium wp-image-3346\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131554-300x225.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131554-768x576.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131554-1024x768.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131518.jpg\" data-slb-active=\"1\" data-slb-asset=\"1468711944\" data-slb-internal=\"0\" data-slb-group=\"3342\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131518-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" class=\"alignnone size-medium wp-image-3347\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131518-300x225.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131518-768x576.jpg 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/IMG_20170725_131518-1024x768.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><strong>Prizes:<\/strong><\/p>\n<ol>\n<li>Unauthenticated Remote Code Execution \u2013 up to <strong>10,000$ USD<\/strong><\/li>\n<li>Authentication Bypass (bypassing authentication mechanism without any knowledge, or resetting of the password to the default) \u2013 up to <strong>5,000$ USD<\/strong><\/li>\n<li>Information Disclosure (access to current password) \u2013 up <strong>2,500$ USD<\/strong><\/li>\n<li>Other \u2013 the amount paid will depend on the risk and seriousness of the vulnerability<\/li>\n<\/ol>\n<p>The total amount paid during the contest will be up to <strong>20,000$ USD<\/strong>.<\/p>\n<p>If more than one person submits an unauthenticated RCE, the first one to submit the vulnerability to us will win the amount promised, while the other person will receive 50% of the above promised amount.<\/p>\n<p>If you submit a RCE vulnerability, for example, and you need to use couple of vulnerabilities in order to do so &#8211; you will get paid for the RCE vulnerability and not for the components.<\/p>\n<p>All items will be considered, unless they are a duplicate \u2013 duplication will be considered for any vulnerability that targets the same URL or mechanism to preform the attack.<\/p>\n<p>For any duplicate submissions we will receive, we will give the researcher a free T-shirt as well as an acknowledgement in the vendor\u2019s advisory and our advisory for finding the vulnerability.<\/p>\n<p><strong>Judging Criteria<\/strong><\/p>\n<ul>\n<li>The participant uses an unknown vulnerability (no record of it can be found Google, Exploit-DB, etc)<\/li>\n<li>Complexity of attack \u2013 what was required to achieve the attack<\/li>\n<li>Innovative method \u2013 SQLi, RCE, etc from least to most innovative<\/li>\n<li>Whether Attack affects the LAN or WAN \u2013 more points if it affects the WAN<\/li>\n<li>What is achieved by the attack \u2013 no access is given to the challengers, so they would need to reach from no-access to some access \u2013 therefore a guest access would be considered less valuable than root<\/li>\n<li>Write-up Quality \u2013 the best write up (in English), most detailed, best explanation, etc<\/li>\n<\/ul>\n<p><strong>Device Settings<\/strong><br \/> The router will be accessible to participants via IP we will disclose the IP address on 10th of August 2017.<\/p>\n<p>The router has been updated to the latest version available from the vendor website (<a href=\"https:\/\/www.ubnt.com\/download\/edgemax\/edgerouter-x\/default\/edgerouter-er-xer-x-sfpep-r6-firmware-v197\" target=\"_blank\">https:\/\/www.ubnt.com\/download\/edgemax\/edgerouter-x\/default\/edgerouter-er-xer-x-sfpep-r6-firmware-v197<\/a>) at the time of writing its Security Advisement (EdgeRouter ER-X\/ER-X-SFP\/EP-R6: Firmware v1.9.7)<\/p>\n<p>We left the default settings, and the only non-default setting is that we changed the password for the \u2018admin\u2019 account and disabled the \u201cdefault firewall\u201d feature.<\/p>\n<p><strong>What counts as \u2018hacked\u2019<\/strong><br \/> A device would be considered \u2018hacked\u2019 if the participant can prove they:<\/p>\n<ul>\n<li>Gained access to the device\u2019s post-authentication admin web interface (remember \u2013 you will not be given any credentials)<\/li>\n<li>Changed some configuration value, like WiFi password<\/li>\n<li>Made the device do something it\u2019s not supposed to do: like execute code, open a port\/service which was previously closed (like SSH, telnet, etc)<\/li>\n<p><a><br \/> <\/a><\/ul>\n<p><strong>What we won\u2019t count as a \u2018hacked\u2019<\/strong><\/p>\n<ul>\n<li>Causing a malfunction to the device, DoS \/ XSS \/ CSRF, making it unresponsive, making it no longer boot, etc<\/li>\n<li>Usage of any known method of hacking \u2013 known methods including anything that we can use Google\/Bing\/etc to locate \u2013 this includes: documented default password (that cannot be changed), known vulnerabilities\/security holes (found via Google, exploit-db, etc)<\/li>\n<\/ul>\n<p><strong>Eligibility<\/strong><br \/> The contest is open to anyone who is at the legal age to receive a contest prize in your country, if you are not allowed to receive prizes \u2013 and please make sure to check this before participating \u2013 you may want to team up with a person that is at the legal age to receive prizes.<\/p>\n<p>The contest is not allowed to anyone working for Ubiquiti, or are involved in development of the above device.<\/p>\n<p><strong>Submitting your findings<\/strong><br \/> In order to submit your findings \u2013 please send us email to ssd[]beyondsecurity.com with the following title: \u201cHack2Win [TYPE-OF-VULNERABILITY] [YOUR-NAME]\u201d<\/p>\n<p>The email should contain the following information:<\/p>\n<ol>\n<li>Vulnerability Title<\/li>\n<li>Date of submission<\/li>\n<li>Description of Vulnerability<\/li>\n<li>Configuration Requirements (if needed)<\/li>\n<li>Vulnerability Requirements (if needed)<\/li>\n<li>Vulnerability Summary Information<\/li>\n<li>Affected Versions Tested<\/li>\n<li>Attack Vector<\/li>\n<li>Exploitation Impact (Code Execution, Denial of Service, etc)<\/li>\n<li>Exploitation Context (runs on Server\/ attacks User)<\/li>\n<li>Vulnerability Technical Details<\/li>\n<li>Exploitation<\/li>\n<\/ol>\n<p>Please use the following gpg encryption key when submitting us a report:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5980fe571585f677486784\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<p><span class=\"crayon-language\">XHTML<\/span><\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;&#8211;BEGIN PGP PUBLIC KEY BLOCK&#8212;&#8211;  Version: SKS 1.1.5  Comment: Hostname: pgp.mit.edu    mQINBFi+n8QBEAC3VZAVDgMRDzFHsrwhgJdLxelthsMt+Mvo42uCFjZcdkKDVC56DixKsA8g  McaUWTazJZ1uH5HE5qq9HPO5zL61LfsMC4beTNnKR7kOsoEpFkEiNzfQZ0k5TeOhts2aW3Wj  gLzcDib\/FITpjvvkL75XoZXPjMz3ISqAx9lYi2ZI+UqfwBHyxxlt2FCFzOmbTmnn7NE25Z23  cXZ3cMk2vpItGt6\/U6q\/lmwG2hpUEAzXKtk3VrH9ULHbvv44RTNroEVsagNA06B6eZpqWVdh  sb6u37nsFKOkt6Fj\/fEDiOGXsmqJ418ZLKRyuKAj7d9qbmmPWv16GB9Ovy62TsZrOkFWRUvB  iuoHi+ydOsINp2lzyJlo+8eLDPW0lts\/8qa9FCtjD0WwbIrJt6wRuD6C7qXPzG2LxDUG4QQi  5wZOlHAX5WSYDUwkGZzaaQ2mPfPP8u6mLydrUpbF4H9jfhmV+xv8MHdY3fklJNpBSJr+Tsp0  RzE2NAIeWFqW65d62AiphoueZR1lu9EmtSgaAlZ1SG0TNczlZJf6jjd0PqqTc95zKnztKS9n  aHSBoeCzS61SDvluLDJtRXHhIlW4R1EixC7MMM8dyfnNynJ0dlJYMRiyADxqUm\/Q+GIue47d  a6OMWr9rB6u\/sxOToekukSWsgnpbllZAJsMmc5E62yiEfPN18QARAQABtCdOb2FtIFJhdGhh  dXMgPG5vYW1yQGJleW9uZHNlY3VyaXR5LmNvbT6JAj8EEwEIACkFAli+n8QCGwMFCQHhGFwH  CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAtJLJ1setEdSs2D\/9ChGLIrvdpRMscMo1A  1Dm2xmHZWWJLNnc3wN4RnGmPche9l5vij0PsDAeeahddCGJ18u4HmLwVk21FGITX5ANo582S  VjIMVXwY7ct6y8z\/jAzgqpXDZrbSx\/D6UpWydJcgs\/VGpcZH8NMWIDytJj7uqvHADbJ87Q\/5  jiWM6ukdVubQnUNUAwDFUndOT6tPHB7f3rHl\/LolJsH8\/pvOxVGUDUSrTf0WLXUpmxvOP\/VY  M7aRpM6FGBBcrlKSC\/TE+TKKqR8VKaB\/1M\/iJienHeN5WeLem1Hi3\/0EriaSK1xk8wE1u9+E  DiGmZQkFS6uDaNQJs8xcEnST3Xe4USPWXS3vc9F9KxfeQna5Q58MU2zxEs9cyzzP\/emlUvxX  K\/JxGbS9qL6wWwJvvp47e8m1tgmtXqpG00Nd7B3eI6MWXollCTCIp34ntAYLexXXOIPWJaEz  oFrMHfxD7Cu8tk9WDN6db+GPT97UNLzv1BUtGW\/bRGYeB1z0bTw0yscWYQwVnZa4tL1bACsB  MKcvVLKHYBMKax\/yfCbZFYOiLwsPI22iU0fpY+ESkRpb6Sjyke72S3qISXemXZiyM6ufA6u\/  NDzbZTlLawbCjlaaSlBVOEC7AmDeTJ3VLugFE2G5WXI7sRlFzNV42O4lA\/OyQE3qHKeH9CKE  t7V2Q+QM0WF6jlr8QrkCDQRYvp\/EARAAtvWXZI2CkUZp+NKkslNpMqBrMwEmmGdImxGNKvKn  VXO0fXieSZ9\/q\/8U0IFLQR4+bFHQSAzVOgHZfsZej23Q99FoqZDfasOwzsorOfUZyZnBNrZx  USEgZ0HKlkAPPQpeGmh+R2cm+1VNUQCUktm97cBiKahCPT6XRSDnaj2kdRhqcp3GB5BYSYur  StlNL2RbxF01niw\/KjzVTaAGrxal84k42Qpe33wDCTUqEHTqFys83W2vDqdhPYI7r6Rm4G1I  XEaCUDELw5dhtZQyolwnQOPBgV+Kq70G5Z0oDBsRIk7yq5gxo0b8NSvxVhH+kXwZ\/J\/bSGqE  SodnYbHUZ2KwKiHGl0EeqkRFQNlq+8pyoEytdT2893SBOLJ2M3p2d6SFdzkkNrPiNKUDNRPC  vK4iPRkeN92yGXps1OUtU4wYh+AJ8dAgBFQcxz6xIjxZHDR9c6Z94oJI6w9QwTj07+KB3aXP  +eUIvX\/pM0X0hSxiC0+Fl3zSxSuk9Vu7K5fZH5xl93NI1ucsyJEv48IBKJ6r7G0RLL+t0Qfi  bE\/Vk0yXLtvb\/MUZXqy8oGF6o03yXrSchyMGMC4pDUvYhFyrhqOPX\/6DO7ZvnCs8RZndAuY4  zBACYgVwt\/zvXbkUUCds0d77PyYerbsnOlD1WTNTOjiZhopfTqOXsP0dvwaqt\/HDYb0AEQEA  AYkCJQQYAQgADwUCWL6fxAIbDAUJAeEYXAAKCRAtJLJ1setEdZHPD\/9pMCajpo8c6uWVW+Uo  YKHh2wW4Hf6hTZlbOHVJg0NjAvsUzcDLRCxoEyuc2dizsTwc54dnLYDqGJ\/Q8iLE52WIK83P  oSKt6KFil7\/a+2h7YRroXA++yA93+3lCjBG94os\/+Dail5nAUg0D5q80NoOxG98VuXhEefdu  zJyyDzygWWuPIqDWCdrkcDAY2qgi9Dop5A0bGDiZ9h\/6pNawjvLJWCX2y8Ib54Rw4qyW53EF  EE8B688rmIpq34loH\/j6qN4EGWrPyvYZpw71xvio7gEiTbEuaJwlWbGfWjfDJ\/r2m83iFhgp  n3\/kcGWZgIdM8fA7\/s5FalWKcO8HxTUiy8HCxON36JAa\/xUjV9QFRmCCXGcr6GNWfCojADTq  VHOpvSryNgz4Spi8iQmryk3aF1Jo6jQZHfKT7852N1cTJN+12r\/bKy0lu3Au1amRUa9Zeo8j  PVZnxZtQ+PqoqUt2VRHvaBxOx1QinOTonUuLtdmegf+u2LiBxaCe2QW8CWrFFl09XR3nDWTC  CorsiShnxs0HJC2qQrnYW6kI1vDteJVvnkbo7GKjO0017X2aBGgySENwbbGl+MS5UHTiaEqn  7RpTzWo5bpn5GBEqFXRskHFGVElr94BfT\/zpERTNr21ol\/f8ySqGziCJwrAigaDlMyYTqv7i  3Y4BBrBVFHNATaV+Pg==  =0Muu  &#8212;&#8211;END PGP PUBLIC KEY BLOCK&#8212;&#8211;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0094 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3342\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/07\/ER-X-shodan-300x152.jpg\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Tue, 01 Aug 2017 12:55:01 +0000<\/strong><\/p>\n<p>After the great success of the first &#8220;Hack2Win \u2013 The Online Version&#8221; (https:\/\/blogs.securiteam.com\/index.php\/archives\/3310 ) we decided to raise the bar. The rules are very simple \u2013 you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To try and help you win \u2013 we bought a Ubiquiti &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3342\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Hack2Win \u2013 The Online Version &#8211; Ubiquiti Router<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12603,10757],"class_list":["post-8532","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-hack2win","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8532"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8532\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8532"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}