Authentication

Advisory: MyBB Two Factor Authentication extension Vulnerabilities

[-] Product Description:MyBB-2FA is an unmaintained MyBB plugin that allows MyBB admins to enable Two Factor Authentication in for their forums users. [-] Vulnerability Type:Cross Site Request Forgery [-] Impact and more info:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) [-] Vulnerable Request Type:GET based [-] Vulnerable Module/Parameter/Path:MyBB_Installation/usercp.php?action=mybb2fa&do=[ACTION] [-] Proof of Concept URL:MyBB_Installation/usercp.php?action=mybb2fa&do=deactivateMyBB_Installation/usercp.php?action=mybb2fa&do=activate [-] Fix Suggestion:Implement an Anti-CSRF token to protect forging […]

A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)

Hello Geeks and Security Evangelists, My name is Mohamed Abdelbaset Elnoby, Just another Senior Information Security Researcher and Web Application Pentester in the world :D, Today I would like to show you a “hilarious” Broken Authentication bug I found on ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate millions […]

Previous page Next page

Translate this blog