FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

firefox-bug

Introduction:

Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues!

For example android devices can be managed through “Google Device Manager”,  iOS devices can be managed by “iCloud service”, Windows Phone devices can be managed via your Microsoft account, FirefoxOS devices can be managed also through your Mozilla account and finally Internet of Things devices or (IoT) are connected to their own vendors dedicated web apps!!

Continue reading “FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!”

Share

Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!


Hi Folks,

Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work!

When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…

Continue reading “Facebook movies recommendation vulnerability – A bug capable of erasing all your important notifications!”

Share

WhatsApp Clickjacking Vulnerability – Yet another web client failure!

s

Hi Folks,
I know it’s a little bit lame to mention 2 clickjacking vulnerabilities in row but that what bug hunters always do exposing the largest companies security failures, (Previously was Telegram) this time is the gigantic well-known 19 billion dollar messenger WhatsApp.

Continue reading “WhatsApp Clickjacking Vulnerability – Yet another web client failure!”

Share

Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak

Telegram-Banner

 

[*] Introduction:

Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Continue reading “Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak”

Share

Facebook ClickJacking – How we put a new dress on Facebook UI

facebook-banner

Hi Bug Hunters,

Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook.

Here’s some details about the issue:

Share

VoIP Security Analysis with Asterisk

fb-1
Adopting new technologies such as VoIP by small, medium and large companies,
isn’t only  about the benefit representing a decrease in costs, is about an risk increase exposure too,
which can be reflected in the payment of  large sums of money , because (national or international)
calls made by people outside the company.
Share

A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)

fb-1

Hello Geeks and Security Evangelists,

My name is Mohamed Abdelbaset Elnoby, Just another Senior Information Security Researcher and Web Application Pentester in the world 😀 , Today I would like to show you a “hilarious” Broken Authentication bug I found in ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate millions of valid paid Licenses of “ESET Nod32 Antivirus” as per their description “Our award-winning security software offers the most effective protection available today” for free.
(Yes “hilarious” is in bold, it’s not a formatting mistake but you will know why at the end of the story)

Continue reading “A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)”

Share