Wednesday 23 November 2016

Slack Stored XSS(Cross Site Scripting)

Slack Stored XSS(Cross Site Scripting)


Hello Guys,

From a very long, I didn't`t write any blog post. :(

Well, Today we are going to see a Vulnerability in Slack Of Stored XSS(Cross Site Scripting) :)

One of the Slack URI - https://api.slack.com/apps/[appid]/general is not handling the user input properly, In a "name" parameter.

The input is getting reflected into the page without being properly sanitised or filtered, As a result it was possible for an attacker to Triager a Stored XSS Attack.

Interesting thing is that, This vulnerability can be exploited on other team and his member, As per this behaviour Slack Awarded $1000 for this vulnerability.

Wednesday 24 August 2016

Asus SQL Injection Vulnerability

Asus Website SQL Injection


Asus Website was found vulnerable to SQL Injection Vulnerability.

Vulnerability - Not Disclosed.

Status - Fixed By Asus Team.

Hostgator Open Redirection And Reflected XSS Vulnerability





Host gator was found vulnerable to Open Redirection & Reflected XSS

Vulnerable URL - https://www.hostgator.in/login.php?action=successful_login&newurl=http://google.com

Vulnerable Parameter = newurl

Impact : Allow attackers to trick the users to redirection to other(attacker) domain which can be use for phishing attacks. Etc.

Sunday 15 May 2016

Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF,Brute Force Attack

Web2py Vulnerabilities


This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform.

#Download the vulnerable Apphttps://drive.google.com/file/d/0B-LjC3oY6tUpZlNkV3BnZU85Y0E/view?usp=sharing
# Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF, Brute Force On Login
# Reported Date : 2-April-2016
# Fixed Date : 4-April-2016
# Exploit Author : Narendra Bhati
# CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016-4808, Login Brute Force - CVE-2016-10321
# Tested On : MAC OS X EI Capitan, Windows 7 64 Bit, Most Linux Platforms.
# Fix/Patching : Update To Web2py. 2.14.6
# Facebook : https://facebook.com/imnarendrabhati
# Twitter : http://twitter.com/imnarendrabhati

Wednesday 2 March 2016

Hacking Facebook Polls: Access Control Vulnerability

Hacking Facebook Polls - Poll Access Control Vulnerability: Dead Pool Version




Hello All,

Its been very long time that i am not in bug bounty things due to some reasons.Today we will see how i was able to do Hacking Facebook Polls.While surfing facebook groups, There is an module called "Polls" who got my attention. Using this module "Polls" admin/group members can create polls to get group members re-actions.

Basically the vulnerability is about "Access Control"  in facebook polls, There are two controls which facebook offers and one of them is "Allow anyone to add options". If poll creator has disabled this option then users cant add more options to the poll, Even admin cant & if it is not disabled then any group member can add more options to the poll.





Analysis Part