Wednesday, 23 November 2016

Slack Stored XSS(Cross Site Scripting)

Slack Stored XSS(Cross Site Scripting)

Hello Guys,

From a very long, I didn't`t write any blog post. :(

Well, Today we are going to see a Vulnerability in Slack Of Stored XSS(Cross Site Scripting) :)

One of the Slack URI -[appid]/general is not handling the user input properly, In a "name" parameter.

The input is getting reflected into the page without being properly sanitised or filtered, As a result it was possible for an attacker to Triager a Stored XSS Attack.

Interesting thing is that, This vulnerability can be exploited on other team and his member, As per this behaviour Slack Awarded $1000 for this vulnerability.

Wednesday, 24 August 2016

Asus SQL Injection Vulnerability

Asus Website SQL Injection

Asus Website was found vulnerable to SQL Injection Vulnerability.

Vulnerability - Not Disclosed.

Status - Fixed By Asus Team.

Hostgator Open Redirection And Reflected XSS Vulnerability

Host gator was found vulnerable to Open Redirection & Reflected XSS

Vulnerable URL -

Vulnerable Parameter = newurl

Impact : Allow attackers to trick the users to redirection to other(attacker) domain which can be use for phishing attacks. Etc.

Tuesday, 23 August 2016

Sunday, 15 May 2016

Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF,Brute Force Attack

Web2py Vulnerabilities

This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform.

#Download the vulnerable App
# Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF, Brute Force On Login
# Reported Date : 2-April-2016
# Fixed Date : 4-April-2016
# Exploit Author : Narendra Bhati
# CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016-4808, Login Brute Force - CVE-2016-10321
# Tested On : MAC OS X EI Capitan, Windows 7 64 Bit, Most Linux Platforms.
# Fix/Patching : Update To Web2py. 2.14.6
# Facebook :
# Twitter :

Thursday, 28 April 2016

JSON Hijacking

JSON Hijacking

Today we will see that, How we can find the
JSON Hijacking vulnerability. As we know that this works on older browsers, still we should analyse it because this is a miss-understood/less known vulnerability for many security people. I hope you will like it.

What is JSON Hijacking?

JSON Hijacking is similior to CSRF(Cross Site Request Forgery) but there is just a little bit difference, In CSRF you trick the victim/user to do some malicious/unwanted activity but in JSON Hijacking you trick the user to access a crafted link which will read some data form victim account and pass it to attacker.

Who Are Affected To This?

This vulnerability is already fixed in modern browser, Like  as of now if victim is using modern browser it cannot be exploited. But still if any one is using an older browser it can be attacked.

How We Can Find JSON Hijacking Vulnerability

Wednesday, 2 March 2016

Hacking Facebook Polls: Access Control Vulnerability

Hacking Facebook Polls - Poll Access Control Vulnerability: Dead Pool Version

Hello All,

Its been very long time that i am not in bug bounty things due to some reasons.Today we will see how i was able to do Hacking Facebook Polls.While surfing facebook groups, There is an module called "Polls" who got my attention. Using this module "Polls" admin/group members can create polls to get group members re-actions.

Basically the vulnerability is about "Access Control"  in facebook polls, There are two controls which facebook offers and one of them is "Allow anyone to add options". If poll creator has disabled this option then users cant add more options to the poll, Even admin cant & if it is not disabled then any group member can add more options to the poll.

Analysis Part