Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

Hey Folks,

Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems.

In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet the most dangerous bugs I have found in the gigantic photo sharing app Instagram but first lets get an overview of some concepts and general knowledge.

Continue reading “Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!”

Share

Rolling around and Bypassing Facebook’s Linkshim protection on iOS

نتيجة بحث الصور عن ‪facebook‬‏

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru)

Before we go in depth, lets know What is Linkshim ?

Continue reading “Rolling around and Bypassing Facebook’s Linkshim protection on iOS”

Share

FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

firefox-bug

Introduction:

Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues!

For example android devices can be managed through “Google Device Manager”,  iOS devices can be managed by “iCloud service”, Windows Phone devices can be managed via your Microsoft account, FirefoxOS devices can be managed also through your Mozilla account and finally Internet of Things devices or (IoT) are connected to their own vendors dedicated web apps!!

Continue reading “FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!”

Share

Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak

Telegram-Banner

 

[*] Introduction:

Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Continue reading “Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak”

Share