Skip to main content

Posts

Showing posts from 2016

Xssing Web Part - 1

Xssing Web Part - 1 Hello, I'm thinking about sharing everything I know about XSS :) However it's not possible to put all methods in one single post so I would be making several parts of "Xssing Web". Mostly I would be talking about how to bypass XSS filters and how to turn most of non exploitable XSS to exploitable. All of you might have encountered one such end point that takes URL as parameter and redirects to it using javascript like : location.href='URL'  or window.location.href='URL'  or window.location.replace('URL')  or window.location='URL' In this post I would be talking about how to get XSS in such situations and how to bypass their filters. First thing we can do here is try ' javascript ' protocol or ' data ' URI scheme. window.location='javascript:alert(1)' or window.location='data:html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg' It would execute 'aler...
7 comments
Read more

Bug Bounty : Account Takeover Vulnerability POC

Hello, In this post I'm going to share how I could takeover www.example.com users accounts. So, what was the vulnerability? Well , It was a very simple OAuth flaw which I could use to takeover users account with minimal user interaction. Cut the crap, Give me POC -_- Ok. www.example.com users have an option to connect their facebook account to their example.com account.  Once a user connects his facebook account to his example.com account he does not need to enter his username/password to login instead he can simply click on "Sign in using Facebook" and he will be logged in (only if he is already logged in into his facebook account which he connected to his example.com account) Ok all looks good let's see what happens in background when any user clicks on "Connect with Facebook" GET Request  :   https://m.facebook.com/v2.2/dialog/oauth?redirect_uri=https://www.example.com/user_profile.php?action=fb_connect&scope=email,...
2 comments
Read more

Hacking ISP Subscribers For Fun and Profit

This post is about how I could hack my ISP subscribers to get free Internet so if you are not interested then you can get back to your work :) *Let's start* From last few days I have been participating in bug bounty programs but I got bored and tired of testing web applications so I decided to leave bug hunting for a while and started to play with my router's configurations then I saw a option named "Remote Web Management".  It allows users to access and manage their router from Internet. I was wondered why do we even need this feature? And what is it's use since IP addresses are assigned dynamically (unless you are rich enough to get a static IP address)? So I thought there could be some router's which may have this option enabled by default and also there's a chance that one would enable this option unknowingly or knowingly (static IP address people ,remember ?). And fortunately some thug people don't even bother to change their defa...
3 comments
Read more