CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug”

[-] About the Tool:

Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

Continue reading “CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug””

Share

Stored XSS in the heart of the Russian email provider giant (Mail.ru)

Hi, I’m Seif Elsallamy a bug hunter from Seekurity Team, Today i will show you a critical reflected Cross Site Scripting bug affecting mail.ru and could be used as an XSS worm but first let’s dive into some general information.

Continue reading “Stored XSS in the heart of the Russian email provider giant (Mail.ru)”

Share

Vulnerability in Metasploit Project aka CVE-2017-5244

 

Hi Guys,
I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂

Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, Community and Professional) of Metasploit Project.

But first what is Metasploit? (Seriously maybe somebody out there don’t know about it yet :D)

Continue reading “Vulnerability in Metasploit Project aka CVE-2017-5244”

Share

FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

firefox-bug

Introduction:

Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues!

For example android devices can be managed through “Google Device Manager”,  iOS devices can be managed by “iCloud service”, Windows Phone devices can be managed via your Microsoft account, FirefoxOS devices can be managed also through your Mozilla account and finally Internet of Things devices or (IoT) are connected to their own vendors dedicated web apps!!

Continue reading “FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!”

Share