Thursday 10 September 2015

Web2py 2.9.11 Open Redirection Vulnerability , CVE-2015-6961

Web2py Open Redirection Vulnerability Technical Details & POC.

# Vulnerability Title : Web2py 2.9.11  Open Redirection Vulnerability
# Reported Date      : 27-Jan-2014
# Fixed Date             : 2-July-2015
#  Author                   : Narendra Bhati
# CVE ID                  : CVE-2015-6961
# Additional Links –

Thursday 27 August 2015

Wolf CMS Arbitrary File Upload To Command Execution - CVE-2015-6567 ,CVE-2015-6568

Wolf CMS  Arbitrary File Upload To Command Execution

Full Technical Disclosure Of  Wolf CMS  Arbitrary File Upload To Command Execution

# Exploit Title          : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution
# Reported Date      : 05-May-2015
# Fixed Date             : 10-August-2015
# Exploit Author     : Narendra Bhati
# CVE ID                  : CVE-2015-6567 , CVE-2015-6568
# Additional Links -
1. Description

Friday 8 May 2015

Testing Of Broken Session Management & Authorization By Burp

Hello all folks ,Nice to meet you again guyzz !

Today we will see that how we can do Testing  Of Broken Session Management & Authorization By Burp Suite Quickly against an large application which contents thousands of pages , Like financial application also like banking application.

This can be very informative for those new guyz who dont know about it and for those also who also know about it already , i am just showing you that how we can do this more quickly with some percentage of accuracy because nothing is perfect ! :)


Tuesday 31 March 2015

Abusing Windows Opener To Bypass Certain Restriction ( CSRF Bypass )

Hello all =D , Hope you are doing well

Today we will see that how we can Abuse Windows Opener function to bypass certain restriction in web application.

So first lets see what is Windows Opener Function

According To Mozilla Developer Guide 

When a window is opened from another window, it maintains a reference to that first window aswindow.opener. If the current window has no opener, this method returns NULL.  Windows Phone browser does not support window.opener.  It is also not supported in IE if the opener is in a different security zone.


Monday 26 January 2015

NPDS CMS SQL Injection - CVE-2015-1400

Hello folks ! its a long time left i did not write any finding from 2 months , So today i will share one of my finding about NPDS CMS Time Based SQL Injection

What Is NPDS CMS - Beyond content management 'classic', NPDS implements a set of functions specifically dedicated to the management of community and collaborative working groups.
This is a C ontent & C ommunity M anagement S ystem ( CCMS) robust, secure, complete, efficient and really speaking French. Manage your community of users, your collaborative work groups, publish, manage and organize your content with powerful tools available basis.

You can find more about NPDS CMS from this link

So lets come to the finding !