close
close Close
Seekurity
menu
Mohamed A. Baset
Mohamed A. Baset
CyberSec Dragon since (Y2K)-1, King of bits, Lord of the Seven OSI Layers and Protector of the realm.
Facebook Vulnerability - a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings

Hi Folks, My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook. Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link

Mohamed A. Baset 2 Comments 4 min read Continue reading
FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

Introduction: Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues! For example android devices can be managed through “Google Device Manager”,  iOS devices […]

Mohamed A. Baset 0 Comments 6 min read Continue reading
Facebook movies recommendation vulnerability - A bug capable of erasing all your important notifications!

Hi Folks, Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work! When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…

Mohamed A. Baset 0 Comments 1 min read Continue reading
WhatsApp Clickjacking Vulnerability - Yet another web client failure!

Hi Folks, I know it’s a little bit lame to mention 2 clickjacking vulnerabilities in row but that what bug hunters always do exposing the largest companies security failures, (Previously was Telegram) this time is the gigantic well-known 19 billion dollar messenger WhatsApp.

Mohamed A. Baset 0 Comments 4 min read Continue reading
Official Telegram Web Client ClickJacking Vulnerability - When crypto is strong and client is weak

    [*] Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Mohamed A. Baset 3 Comments 3 min read Continue reading
Web Application Security on Fire - PHP Developers Cheat Sheet version (Slides from UNAM Mexico talk)

  Hey! Building a website? Or already built a one? Think twice before going public and let us protect your business!

Mohamed A. Baset 0 Comments 1 min read Continue reading
Facebook ClickJacking - How we put a new dress on Facebook UI

Hi Bug Hunters, Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook. Here’s some details about the issue:

Mohamed A. Baset 2 Comments 2 min read Continue reading
Facebook API 2.x Bypassed!

This is the write up of my last Facebook Report, How I was able to bypass the permissions approvals system in the 2.x Facebook API Versions in 2 different ways. FIRST Flow : +++Flow discussion:

Mohamed A. Baset 0 Comments 4 min read Continue reading
A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)

Hello Geeks and Security Evangelists, My name is Mohamed Abdelbaset Elnoby, Just another Senior Information Security Researcher and Web Application Pentester in the world :D, Today I would like to show you a “hilarious” Broken Authentication bug I found on ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate millions […]

Mohamed A. Baset 0 Comments 4 min read Continue reading

Previous page Next page

Translate this blog