I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook fixes for 4 consecutive years.In case you are not familiar with concepts, take a sneak peak on the previous blog before continuing with this one ;).
Continue reading “Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!”
Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!
Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is determined by a user’s Internet domain so that only individuals with approved email addresses may join their respective networks.
Continue reading “Microsoft Yammer Clickjacking – Exploiting HTML5 Security Features”
Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more!
Let me tell you a story of two websites that don’t respect yours and putting it on danger…
Continue reading “When your privacy disclosure is a “feature” not a “bug” – Badoo & HotorNot failure!”
Web Application Security on Fire – PHP Developers Cheat Sheet version
Building a website? Or already built a one? Think twice before going public and let us protect your business!
Hi Bug Hunters,
Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook.
Here’s some details about the issue:
Adopting new technologies such as VoIP by small, medium and large companies,
isn’t only about the benefit representing a decrease in costs, is about an risk increase exposure too,
which can be reflected in the payment of large sums of money , because (national or international)
calls made by people outside the company.