Address Bar Spoofing Vulnerability in Multiple Browsers

Address Bar Spoofing Vulnerability in Multiple Browsers(Jio Browser, Apple Safari Browser, BitDefender SafePay Browser and F-Secure Browser)

Jio Android Browser Address Bar Spoofing Vulnerability (Jio Browser, Apple Safari Browser, BitDefender SafePay Browser and F-Secure Browser)

Address Bar Spoofing/ URL Spoofing vulnerability allows an attacker to show fake/malicious content on a valid domain.

More Details on this is available over EHackingNews website

Ex. In the Left Side you can see on Address Bar showing as jio.com(Valid Content) and In the Right Side is also jio.com(Fake Contents) That's indicate an Address Bar Spoofing Vulnerability 

Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass

Hello All While pentesting an application we might face some problem of  Brute Force Protection , Login Attempt Protection And Captcha Based Protection , So today we will see how can "Bypass Rate Limit Brute Force Protection Login Attempt Protection Captcha Bypass"

First of all we will not use any kind of ready made tools for this , So lets begin !

Many people will think that this is a small issue, But if we look closely an attacker point of view then we will came to know , that By Brute Forcing any login panel can allows an attacker to gain administrative privilege instead of looking for vulnerabilities like RCE , SQL Injection and other critical vulnerability which might also allow us to take the Root or Administrator Level access.

Here i am describing many different techniques which i have observed while pentesting or hunting bugs.

JSON Hijacking

JSON Hijacking

Today we will see that, How we can find the
JSON Hijacking vulnerability. As we know that this works on older browsers, still we should analyse it because this is a miss-understood/less known vulnerability for many security people. I hope you will like it.



What is JSON Hijacking?

JSON Hijacking is similior to CSRF(Cross Site Request Forgery) but there is just a little bit difference, In CSRF you trick the victim/user to do some malicious/unwanted activity but in JSON Hijacking you trick the user to access a crafted link which will read some data form victim account and pass it to attacker.

Who Are Affected To This?

This vulnerability is already fixed in modern browser, Like  as of now if victim is using modern browser it cannot be exploited. But still if any one is using an older browser it can be attacked.


How We Can Find JSON Hijacking Vulnerability

Backup Vulnerability Vulnerability Exploitation

cPanel WebDisk Android App 4.0 : Backup Vulnerability

Hello folks,

This vulnerability is regarding an Insecure Data Storage & Security Miss-Congiguration, which can be achieve using Android Backup Functionality.

We all know that many of the mobile application stored user credentials or any sensitive data into device itself as clear text format. which ideally not a good practice.

But many of us might know that to access that data we need root privileges or require some special conditions like debugging to be enable. So still if the mobile application is storing sensitive data in clear text its not an issues. Many Security Teams & Bug Bounty Programs Specially exclude this kind of vulnerability where Root/JailBroken conditions required to exploit a vulnerability.

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss,

I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deployed for login attempts on their IMAP Authentication.

Means user can perform multiple attempts on their IMAP Service, Which is responsible to access yandex mail on other accounts.Just like others.

Like gmail users can import yandex emails(Account) using IMAP Authentication.

Slack Rate Limit Bypass

Slack Rate Limit Bypass

First of all, Thanks to all readers for the appreciation got in my inbox.

Today we will see, How i was able to Bypass The Rate Limit Implemented In Slack for preventing automated/brute force attempts.

Rate limit is now days a very common things, They can be found every where.Usually rate limit are deployed to prevent automated and brute force attempts, Such as brute forcing OTP (One Time Password) & User Account Passwords. 

From recent months, I was working on Slack Bug Bounty Program and y god grace got more then 15 valid vulnerabilities till today(Some of the still in fixing stage). One of the interesting vulnerability was Slack Rate Limit Bypass. 

First of all, I was reported  No Rate Limit Implemented Vulnerability On Slack(Which was not true) :p In slack Mobile Applications End-Point "/api/auth.signin" , I was looking for positive response from slack guys, Next day slack replied that my report is not proper as they have rate limit implemented. Now what was wrong?

Hostgator Open Redirection And Reflected XSS Vulnerability

Host gator was found vulnerable to Open Redirection & Reflected XSS

Vulnerable URL - https://www.hostgator.in/login.php?action=successful_login&newurl=http://google.com

Vulnerable Parameter = newurl

Impact : Allow attackers to trick the users to redirection to other(attacker) domain which can be use for phishing attacks. Etc.

Testing Of Broken Session Management & Authorization By Burp

Hello all folks ,Nice to meet you again guyzz !

Today we will see that how we can do Testing  Of Broken Session Management & Authorization By Burp Suite Quickly against an large application which contents thousands of pages , Like financial application also like banking application.

This can be very informative for those new guyz who dont know about it and for those also who also know about it already , i am just showing you that how we can do this more quickly with some percentage of accuracy because nothing is perfect ! :)

===================================================================

Modx XSS And CSRF Bypass "CVE-2014-8773 , CVE-2014-8774 , CVE-2014-8775"

Modx XSS And CSRF Bypass

Hello all Bro`s :) ;) , Leets and learners , Hope you all are well and enjoying your bounties as well as ;)

Today we will see how i got Modx XSS And CSRF Bypass ( Modx CSRF + XSS = A Perfect Disaster  ) ;)

Attacker Scenario Is Inspired From Symantec CSRF

So What Is Modx

MODX is the web content management system (CMS) that gives you complete control over your site and content, with the flexibility and scalability