Tuesday, 15 December 2020

Address Bar Spoofing Vulnerability in Multiple Browsers




Address Bar Spoofing Vulnerability in Multiple Browsers




Jio Android Browser Address Bar Spoofing Vulnerability


Address Bar Spoofing/ URL Spoofing vulnerability allows an attacker to show fake/malicious content on a valid domain.

More Details on this is available over EHackingNews website


Ex. In the Left Side you can see on Address Bar showing as jio.com(Valid Content) and In the Right Side is also jio.com(Fake Contents) That's indicate an Address Bar Spoofing Vulnerability 

Saturday, 11 May 2019

Bank Vulnerability : Accessing Account Information of Other Users One in the Top 5 Private Bank Vulnerability -





"Saga Of "One of the Top 5 Private Bank Vulnerability - Accessing Account Information of Other Users

This disclosure is regarding a vulnerability which left Remain Open Till 5 Months Even after a Reporting to Bank Officials. God known wether this was actively exploited or not but that was something serious which bank should take care but they did not till 10th May I asked them again about the status.

I have found on "One of the Top 5 Bank" iPad Version application end of the last year Nov 23rd 2018 which is fixed on  10th May 2019.


Saturday, 24 November 2018

Indian Mutual Fund Customer Data Is On Risk | Mutual Funds Vulnerability


Indian Mutual Fund Customer Data Is On Risk | Mutual Funds Vulnerability


Mutual Funds in India is growing today and most of the people are investing some part of income for a better future and creating a good wealth through SIP and LumpSum. In India we have around 34 AMCs out there. While Investing users need to submit their data ex. Name, Email, Address, PAN, Aadhar Number etc. details to AMCs for KYC process. Having those kind of Critical Details of customers can be useful for Cyber Criminals to get their hands on it for fraud and other criminal activities.

Monday, 5 November 2018

Pentesting CMS : Wordpress Joomla Drupal



Hello All, Today we will see how we can pentesting CMS like wordpress, drupal, joomla etc.

Sometimes we might get CMS based website or application to do perform VAPT. Pentesting CMS is just like a head ache, Because in CMS the back-end codes are mostly pre-defined as CMS nature and behaviour, Any one can download the CMS package and create his website or blog in seconds without knowing any knowledge of coding and extra skills.

So finally while Pentesting CMS we have to fight with the pre-define codes or you can Static code which id designed by experts like wordpress, drupal, joomla etc.

First of all we have to map our target for structured view. It will better if we crawl our target using different tools like Burp will be the great option, Apart from this we can use "dirb" present in kali linux which will brute force the URI and directory name for possible existence.