In this blogpost we will clarify how we found A tail of vulnerabilities from leaking thousands of Job Applicants CVs and documents online to Path Disclosure and Information Disclosure Vulnerabilities in one of United Nations WordPress websites but first what is United Nations?
The United Nations (UN) is an intergovernmental organization tasked to promote international co-operation and to create and maintain international order. A replacement for the ineffective League of Nations, the organization was established on 24 October 1945 after World War II with the aim of preventing another such conflict. At its founding, the UN had 51 member states; there are now 193. The headquarters of the UN is in Manhattan, New York City, and is subject to extraterritoriality. Further main offices are situated in Geneva, Nairobi, and Vienna. The organization is financed by assessed and voluntary contributions from its member states. Its objectives include maintaining international peace and security, promoting human rights, fostering social and economic development, protecting the environment, and providing humanitarian aid in cases of famine, natural disaster, and armed conflict. The UN is the largest, most familiar, most internationally represented and most powerful intergovernmental organization in the world. –Wikipedia
ASUS Control Center is a whole new centralized IT management software. The software is capable of monitoring and controlling ASUS servers, workstations, and commercial products including notebooks, desktops, All-in-One (AiO) PCs, thin client, and digital signage.
“ازاى ابدأ فى مجال اختبار اختراق تطبيقات الويب؟” – “ازاى ادخل مجال ال Web Application Security Pentesting” دا مثال للأسئلة اللى بنستقبلها مراراً وتكراراً، كنت كتبت بوست قبل كدا بيشرح كل دا من A to Z هنزله النهارده تانى بس فى صورة مقال علشان يبقى سهل الرجوع ليه.
فى المقال دا حاولت بقدر الامكان انى اجاوب فيه على كل الاسئلة اللى اتسألتلى فى الفتره اللى فاتت وعن معظم الاسئلة اللى هتجول فى خاطرك علشان تبدأ بسهولة فى مجال القرصنة الاخلاقية Ethical Hacking او تحديداً وبشكل ادق مجال حماية وامان واختبار اختراق تطبيقات الويب Web Application Penetration Testing فى صورة نصائح لراغبى البدء فى اى منهم، النصائح دى بتتلخص فى بعض النقاط وهى:
Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in stealing Microsoft Office facebook App Access Token and that’s due to a misconfiguration in Microsoft Office Facebook App itself.
During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named as EgFace.com). Our team responsibly contacted the vendor of the script but we got no answer and based on our Seekurity responsible disclosure rules which is a 90-day-disclosure-deadline or NON-Responsive vendor the bug details became visible to the public through our official communication channels.
Hi Guys, I hope all of you are doing great and in a well state.
Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your account!
Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and an awesome morning cup of coffee, So don’t expect to gain technical skills from this blog post, only some pro tips and hunting mentality experience!
This is merely the second time i’m sending a report to Facebook Security Team without writing a piece of code!
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.
[-] Product Description: phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more.
Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info.
OpenProject is a web-based project management system for location-independent team collaboration. This open source application is released under the GNU General Public License Version 3 and is continuously developed by an active open source community.
In addition to numerous smaller OpenProject installations there are also some very large installations in global organizations with more than 2,500 projects.