Gifts from dropbox for responsibly disclosing vulnerabilities.

URI Redressing vulnerability on evernote’s website

Description: This is a URI redressing vulnerability found on evernote’s website. The vulnerability allowed victim’s account to get deleted by few clicks without his knowledge/consent. This vulnerability defeated the CSRFbuster token which was used on their site.

The vulnerability was reported first on 5/10/2013 but due to the issue of evernote’s ticketing system I had to resend the mail after a few days to obtain a ticket. After discussion with evernote’s sec-team, they told me that it had already been reported previously by some other researcher, hence my name wasn’t being listed on the site. Nevertheless, they fixed the vulnerability now.

Vulnerability: URI Redressing

Application(s): https://www.evernote.com/Deactivate.action?view=

Impact: Loss of files/account

Risk/Severity: High

PoC:

 

Parameter Tampering on Google Jobs

This is a vulnerability on google jobs page.

Severity wise this vulnerability can be used as a sad joke and nothing else, no harm done ! 😛

If this was some banking website or a stock related website, the severity posed by such vulnerability would be different.

Anyways back to the vulnerability. This vulnerability allows tampering the parameter ‘job‘ in the URL. Once you change the parameter’s value

you’ll notice that the job you are applying to will also change!

PoC:

• https://www.google.com/jobs/application/application?action=add&job=WE%20ARE%20GOOOOOOOOOOOGLERSS

Try changing the value for the ‘job’ parameter and you will notice the job you are applying to changes. There is no validation for the same if you fill-out

the form and submit it! So now you can apply for any job that isn’t even listed on google jobs page 😀

Happy job hunting 😀

Here is an image of the job I’m trying to apply to (FOOD JUNKIE !) 😛

This vulnerability was reported to google but since the severity was not ‘High’ and neither was affecting any google customers, it didn’t qualify for a bug bounty.

Owasp PHP Port Scanner Project (O3P)

Description:

OWASP PHP Portscanner (OPPP or O3P) is basic TCP port scanner developed in PHP which runs in a browser window. The project demonstrates a simple proof of concept (PoC) as to how sockets can be utilized to scan and determine open ports.

Purpose:

• The project is simple PoC to demonstrate how PHP sockets can be used as a security tool to perform port scanning.

• The PHP port scanner, runs in web browser (not limited to browser, but can even run in CLI mode with a few tweaks).

• No need of hardcore and advance knowledge on PHP is required to construct this scanner, only basics will do just fine!

Links:

1> https://www.owasp.org/index.php/OWASP_PHP_Portscanner_Project

2> https://www.owasp.org/index.php/%27%27%27OWASP_PHP_Portscanner_Project%27%27%27

 

Contribute:

If you wish to contribute to the project please contact me. Just drop a comment here.