Archive for October, 2013
Gifts from dropbox for responsibly disclosing vulnerabilities.
Posted: October 31, 2013 in dropbox vulnerabilityTags: bounty, dropbox, gift, responsible disclosure, vulnerability
URI Redressing vulnerability on evernote’s website
Posted: October 22, 2013 in Evernote vulnerabilityTags: clickjacking, evernote, responsible disclosure, uri redressing, vulnerability
Description: This is a URI redressing vulnerability found on evernote’s website. The vulnerability allowed victim’s account to get deleted by few clicks without his knowledge/consent. This vulnerability defeated the CSRFbuster token which was used on their site.
The vulnerability was reported first on 5/10/2013 but due to the issue of evernote’s ticketing system I had to resend the mail after a few days to obtain a ticket. After discussion with evernote’s sec-team, they told me that it had already been reported previously by some other researcher, hence my name wasn’t being listed on the site. Nevertheless, they fixed the vulnerability now.
Vulnerability: URI Redressing
Application(s): https://www.evernote.com/Deactivate.action?view=
Impact: Loss of files/account
Risk/Severity: High
PoC:
Parameter Tampering on Google Jobs
Posted: October 15, 2013 in google vulnerabilityTags: google, google jobs, parameter tampering, vulnerability
This is a vulnerability on google jobs page.
Severity wise this vulnerability can be used as a sad joke and nothing else, no harm done ! 😛
If this was some banking website or a stock related website, the severity posed by such vulnerability would be different.
Anyways back to the vulnerability. This vulnerability allows tampering the parameter ‘job‘ in the URL. Once you change the parameter’s value
you’ll notice that the job you are applying to will also change!
PoC:
Try changing the value for the ‘job’ parameter and you will notice the job you are applying to changes. There is no validation for the same if you fill-out
the form and submit it! So now you can apply for any job that isn’t even listed on google jobs page 😀
Happy job hunting 😀
Here is an image of the job I’m trying to apply to (FOOD JUNKIE !) 😛
This vulnerability was reported to google but since the severity was not ‘High’ and neither was affecting any google customers, it didn’t qualify for a bug bounty.
Owasp PHP Port Scanner Project (O3P)
Posted: October 4, 2013 in OWASPTags: Owasp, PHP, php port scanner, Port Scanner, project
Description:
OWASP PHP Portscanner (OPPP or O3P) is basic TCP port scanner developed in PHP which runs in a browser window. The project demonstrates a simple proof of concept (PoC) as to how sockets can be utilized to scan and determine open ports.
Purpose:
- The project is simple PoC to demonstrate how PHP sockets can be used as a security tool to perform port scanning.
- The PHP port scanner, runs in web browser (not limited to browser, but can even run in CLI mode with a few tweaks).
- No need of hardcore and advance knowledge on PHP is required to construct this scanner, only basics will do just fine!
Links:
1> https://www.owasp.org/index.php/OWASP_PHP_Portscanner_Project
2> https://www.owasp.org/index.php/%27%27%27OWASP_PHP_Portscanner_Project%27%27%27
Contribute:
If you wish to contribute to the project please contact me. Just drop a comment here.