Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys,
I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook fixes for 4 consecutive years.In case you are not familiar with concepts, take a sneak peak on the previous blog before continuing with this one ;).

Continue reading “Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!”

Share

CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug”

[-] About the Tool:

Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

Continue reading “CVE-2017-17713 and CVE-2017-17714 – Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool “Trape” from “Boxug””

Share

Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

Hey Folks,

Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems.

In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet the most dangerous bugs I have found in the gigantic photo sharing app Instagram but first lets get an overview of some concepts and general knowledge.

Continue reading “Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!”

Share

Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems

Photo courtesy of: "Lynda Network" - https://cdn.lynda.com/course/164982/164982-636246770364412772-16x9.jpg

Hi Guys,
I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug Bounty experience but first let’s get a general knowledge about some concepts.

Continue reading “Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems”

Share

BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!

Hi Folks,
Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service!

.

First what is BMW ConnectedDrive service?
BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to the world around you. It makes tasks easier and quicker to perform, giving you more time for what’s really important: your family, friends and free time.

Continue reading “BMW Vulnerabilities – Hijack Cars ConnectedDrive™ Service!”

Share