Auditing JDBC Drivers at Scale with AI led to 85000 bounty (www.hacktron.ai)

A researcher used an LLM-assisted toolchain (Hacktron CLI) to audit dozens of decompiled JDBC drivers during a two-day bug-bounty sprint and uncovered multiple high-impact flaws that netted $85,000 in bounties. Instead of manually scanning each driver for file I/O, reflection, JNDI, deserialization, SSRF and command-injection patterns, they assembled a “JDBC driver pack” of automated agents that enumerate file-related sinks, taint-trace inputs back to user-controllable sources, and surface candidate methods. What would have taken hours per driver was reduced to minutes: the pack was built in about an hour and the sink-tracing ran in ~15 minutes. Key technical findings included a Databricks JDBC driver flaw where a connection-string property (StagingAllowedLocalPaths) is user-supplied and thus can be abused to perform arbitrary local file reads/writes; combined with Databricks’ Volume storage and a platform repo-clone feature, the team overwrote .git/config to inject an sshCommand and escalate file primitives into remote code execution. They also found arbitrary file reads in the Exasol driver (with character-based limitations) and additional SSRF/RCE issues across other vendors (e.g., Teradata). The case demonstrates how LLM-driven, agentized static/taint analysis can scale vulnerability triage, shift pentesters from mechanical scanning to creative exploit chaining, and accelerate large-scope audits.