TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our job is to assess not to suggest specific names, they suggested us some names but one among those names were a name-with-a-reputation but they ended up not choosing this name due to insecure implementation.
Continue reading “PAYFORT – Multiple Security Issues and Concerns in a PCI/DSS compliant payment processor SDK!”
Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin.
What is Coinhive?
Continue reading “CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!”
In this blogpost we will clarify how we found A tail of vulnerabilities from leaking thousands of Job Applicants CVs and documents online to Path Disclosure and Information Disclosure Vulnerabilities in one of United Nations WordPress websites but first what is United Nations?
The United Nations (UN) is an intergovernmental organization tasked to promote international co-operation and to create and maintain international order. A replacement for the ineffective League of Nations, the organization was established on 24 October 1945 after World War II with the aim of preventing another such conflict. At its founding, the UN had 51 member states; there are now 193. The headquarters of the UN is in Manhattan, New York City, and is subject to extraterritoriality. Further main offices are situated in Geneva, Nairobi, and Vienna. The organization is financed by assessed and voluntary contributions from its member states. Its objectives include maintaining international peace and security, promoting human rights, fostering social and economic development, protecting the environment, and providing humanitarian aid in cases of famine, natural disaster, and armed conflict. The UN is the largest, most familiar, most internationally represented and most powerful intergovernmental organization in the world. –Wikipedia
Continue reading “United Nations (UN) – A tail of leaking thousands of Job Applicants CVs and documents online, Path Disclosure and Information Disclosure Vulnerabilities!”
What is Asus Control Center?
ASUS Control Center is a whole new centralized IT management software. The software is capable of monitoring and controlling ASUS servers, workstations, and commercial products including notebooks, desktops, All-in-One (AiO) PCs, thin client, and digital signage.
Continue reading “Asus Control Center – An Information Disclosure and a database connection Clear-Text password leakage Vulnerability”
[-] About the Tool:
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.
Continue reading “Hack the Hackers and Track the Trackers: CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug””
Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems.
In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet the most dangerous bugs I have found in the gigantic photo sharing app Instagram but first lets get an overview of some concepts and general knowledge.
Continue reading “Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!”
Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru)
Before we go in depth, lets know What is Linkshim ?
Continue reading “Rolling around and Bypassing Facebook’s Linkshim protection on iOS”
Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues!
For example android devices can be managed through “Google Device Manager”, iOS devices can be managed by “iCloud service”, Windows Phone devices can be managed via your Microsoft account, FirefoxOS devices can be managed also through your Mozilla account and finally Internet of Things devices or (IoT) are connected to their own vendors dedicated web apps!!
Continue reading “FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!”
Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!
Continue reading “Official Telegram Web Client ClickJacking Vulnerability – When crypto is strong and client is weak”