CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug”

[-] About the Tool:

Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

Continue reading “CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug””

Share

Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]

[-] Product Description:
phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more.

Continue reading “Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]”

Share

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

 

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info.

First what is OpenProject?

OpenProject is a web-based project management system for location-independent team collaboration. This open source application is released under the GNU General Public License Version 3 and is continuously developed by an active open source community.

In addition to numerous smaller OpenProject installations there are also some very large installations in global organizations with more than 2,500 projects.

Continue reading “OpenProject Session Management Security Vulnerability aka CVE-2017-11667”

Share

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System

Hi Guys,

Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself

What is SimpleRisk?

SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. SimpleRisk allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.

SimpleRisk sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations. Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.

Continue reading “CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System”

Share

Vulnerability in Metasploit Project aka CVE-2017-5244

 

Hi Guys,
I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂

Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, Community and Professional) of Metasploit Project.

But first what is Metasploit? (Seriously maybe somebody out there don’t know about it yet :D)

Continue reading “Vulnerability in Metasploit Project aka CVE-2017-5244”

Share

Facebook Messenger and HSTS

Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png

This article was originally covered by Tom Spring of ThreatPost.

On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back.

Facebook is dismissing claims by a researcher who says multimedia content such as audio-based messages sent via its Facebook Messenger service can be intercepted by a third-party under certain conditions.

Facebook is dismissing Baset’s claims, telling Threatpost, “We appreciate researcher reports, but this is not a flaw and does not impact the normal functioning of voice clips on Messenger.”

Baset concedes that the alleged threat he illustrates represents a “narrow attack surface” and is “not really that dangerous for most users.”

Continue reading “Facebook Messenger and HSTS”

Share

QRLJacking – Your QR-based session belongs to us!

qrljacking

Introduction

Before we start we need to explain some frequently mentioned terms which are: QR Code, SSO and Clickjacking.

What is QR Code?

QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to efficiently store data; extensions may also be used.

Continue reading “QRLJacking – Your QR-based session belongs to us!”

Share

BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!

Hi Folks,
Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service!

.

First what is BMW ConnectedDrive service?
BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to the world around you. It makes tasks easier and quicker to perform, giving you more time for what’s really important: your family, friends and free time.

Continue reading “BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!”

Share

RunKeeper Stored XSS Vulnerability – Where worms are able to run too!

 

RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Continue reading “RunKeeper Stored XSS Vulnerability – Where worms are able to run too!”

Share