About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Leaky John Deere API’s- 512

sick codesPosted 4 Years Ago
  • John Deere is the most popular brand for tractors and other big machinery used on farms. John Deere is a major technology company now as well. They have a developer portal in order to do interesting things with the data and machinery.
  • The first vulnerability was a username enumeration issue. When doing this, the author used found a list of the fortune 1000 companies to see who had made an account.
  • After playing with the APIs for a while, the author found an authorization issue that allowed for the queries of sensitive personal information about tractor owners. This is essentially all that was found, even though the article is incredibly long.
  • The author was asked to join a private bug bounty program that was created just for him. Because of this, and no public disclosure, the author declined the invitation and made the research public.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed