Mohamed A. Baset
Mohamed A. Baset
CyberSec Dragon since (Y2K)-1, King of bits, Lord of the Seven OSI Layers and Protector of the realm.

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk - Open Source Risk Management System

Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]

Mohamed A. Baset 0 Comments 2 min read Continue reading

Vulnerability in Metasploit Project aka CVE-2017-5244

    Hi Guys, I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂 Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, […]

Mohamed A. Baset 2 Comments 6 min read Continue reading

Godaddy XSS affects parked domains redirector/processor!

Hi Folks, I’m not going to talk a lot about this issue because it’s a little bit trivial but it affects Godaddy’s parked domains redirector/processor.

Mohamed A. Baset 0 Comments 1 min read Continue reading

Facebook Messenger and HSTS

Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png This article was originally covered by Tom Spring of ThreatPost. On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back. Facebook is dismissing […]

Mohamed A. Baset 0 Comments 3 min read Continue reading

QRLJacking – Your QR-based session belongs to us!

  Introduction Before we start we need to explain some frequently mentioned terms which are: QR Code, SSO and Clickjacking. What is QR Code? QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a […]

Mohamed A. Baset 0 Comments 21 min read Continue reading

Uber Vulnerability

There is no excerpt because this is a protected post.

Mohamed A. Baset 0 Comments 4 min read Continue reading

BMW Vulnerabilities - Hijack Cars ConnectedDrive™ Service!

Hi Folks, Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service! . First what is BMW ConnectedDrive service? BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to […]

Mohamed A. Baset 0 Comments 5 min read Continue reading

RunKeeper Stored XSS Vulnerability - Where worms are able to run too!

    RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Mohamed A. Baset 4 Comments 4 min read Continue reading

TopCoder.com Vulnerabilities - A tail of site-wide bugs leads to accounts compromise & payments hijacking

Hi Folks, TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Mohamed A. Baset 0 Comments 4 min read Continue reading

Microsoft Yammer Clickjacking - Exploiting HTML5 Security Features

    Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best! Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is […]

Mohamed A. Baset 0 Comments 3 min read Continue reading

When your privacy disclosure is a "feature" not a "bug" - Badoo & HotorNot failure!

Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more! Let me tell you a story of two websites that don’t respect yours and putting it on danger…

Mohamed A. Baset 0 Comments 6 min read Continue reading

Fiverr.com Full Accounts Takeover - A Vulnerability Puts $50 Million Company At Risk

Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk. Fiverr raised $30 million in a third round of institutional funding to continue supporting the new version of its […]

Mohamed A. Baset 0 Comments 2 min read Continue reading

Previous page Next page

Translate this blog