I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂
Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, Community and Professional) of Metasploit Project.
But first what is Metasploit? (Seriously maybe somebody out there don’t know about it yet :D)
Continue reading “Vulnerability in Metasploit Project aka CVE-2017-5244”
Hey There, How you doing?
In this blog post I will be talking about my experience with minor bugs chained together to steal sensitive tokens.
#1. Stealing CSRF tokens through Google Analytics.
While randomly testing things on apps.shopify.com, I landed at some random app page and hit the Write a review button, I wasn’t logged in so I was redirected to the login page and after logging in I was redirected to the application page again. Ok, that’s normal. However, what wasn’t normal is that the URL I got redirected to contained this GET parameter
Continue reading “Let’s steal some tokens!”
My name is Mahmoud, a web application penetration tester, I have recently joined Seekurity and today I will share with you the details of the National Cyber Security CTF we recently had in Egypt.
This year, CyberTalents organised a cyber security CTF in Egypt sponsored by Trend Micro which is probably the largest and most-organised CTF we ever had in the middle east.
Continue reading “CyberTalents CTF web security challenges write-up”
Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png
This article was originally covered by Tom Spring of ThreatPost.
On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back.
Facebook is dismissing claims by a researcher who says multimedia content such as audio-based messages sent via its Facebook Messenger service can be intercepted by a third-party under certain conditions.
Facebook is dismissing Baset’s claims, telling Threatpost, “We appreciate researcher reports, but this is not a flaw and does not impact the normal functioning of voice clips on Messenger.”
Baset concedes that the alleged threat he illustrates represents a “narrow attack surface” and is “not really that dangerous for most users.”
Continue reading “Facebook Messenger and HSTS”
Before we start we need to explain some frequently mentioned terms which are: QR Code, SSO and Clickjacking.
What is QR Code?
QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to efficiently store data; extensions may also be used.
Continue reading “QRLJacking – Your QR-based session belongs to us!”
Days ago, one of our clients received an email with the next subject in Spanish: “Problemas con tu membresia de Netflix” (Problems with your Netflix membership).
The email was in his SPAM folder with the follow caption: “Be careful with this message. It contains a suspicious link that has been used to steal people’s personal information. Unless you trust the sender, don’t click on links or reply with personal information.”
Thanks Google SPAM filters! But we aren’t sure if the rest of email service providers can flag the email as SPAM, maybe not because Google has a powerful spam filter. The first time we took down the malicious site, it appeared again in a few hours.
Here is what we found:
Continue reading “#OperationTakeDown: Netflix Phishing Attack & Analysis”
Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service!
First what is BMW ConnectedDrive service?
BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to the world around you. It makes tasks easier and quicker to perform, giving you more time for what’s really important: your family, friends and free time.
Continue reading “BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!”
RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.
Continue reading “RunKeeper Stored XSS Vulnerability – Where worms are able to run too!”
What is Cookie stuffing fraud?
Is an activity which allows actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users (for this case users who made an online purchase in Amazon, Walmart, eBay or any other Online Store), even if the affiliate marketer didn’t actively perform any marketing for the affiliate program. It occurs when a fraudulent publisher, tricks a web user’s browser into visiting an Online Store, that the web user didn’t intent to visit. This links causes to the Online Store to record that the publisher generated the “sale” and gives the fraudulent publisher credit for any purchases the web user might make.
Continue reading “Cookie stuffing: How we are part of a fraud of millions of dollars”