Date — 12/25/2018
Back story, a friend filled some random form for me, it was a college competition over cryptos. Okay no big deal, everybody loves cryptos, right?
It all started at night while I was watching Mr. Robot — Season 2 while a message arrived that I was added…
I found a race condition flaw which caused browser to preserve the address bar and to load the content from the spoofed page. Address bar spoofing allows for attacks where a malicious page can spoof the identify of another site.
During my testing, it was observed that the browser allowed…
As we all know exposing activities can lead to various attack scenarios. If you don’t know what is an Android activity, listen to Google explaining it briefly —
“The Activity class is a crucial component of any Android app, and the way activities are launched and put together is a…
Date reported — 02–07–2019
# Vulnerable Software — Apache
# CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed”
# Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing
# Domain Affected — *.unesco.org
# Tested — https://en.unesco.org (193.242.192.49)
Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow…
Date reported — 2019–08–29
Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices.
URL Address Bar spoofing is the worst…
This attack can be used to detect if victim is using incognito mode in latest version of Chrome (77.0.3865.90) by the time of discovery by me exactly a year ago in Sept 2019 by abusing web_accessible_resources. The research can be find over 0x48piraj/PwnHouse.
Sometimes developers share package resources of their…
COVID-19. College closed. Everything Quarantined. How to take tests? Voila. Online. Okay, but how? Tadaa.
We were sent an email regarding a new platform which was indigenously built just for us, the students for carrying out the quizzes. Soon enough, I was bombarded to do something about that. I was…
Original timeline: August 2018 — September 2020
I remember last year (2018) getting all frustrated by those idiotic subjects which don’t made any sense to what I was interested in and thus, I loved making final year projects, completing company recruitment challenges and solving quizzes of seniors. If interested, you…
I deleted all my repositories on walk-through over CTF challenges and now am blogging them away.
TJCTF is a Capture the Flag (CTF) competition hosted by TJHSST’s Computer Security Club. It is an online, jeopardy-style competition targeted at high schoolers interested in Computer Science and Cybersecurity.
Months ago I discovered a flaw hackers can use to access Samsung’s and LG Electronics internal bug tracking and project management instances running on Jira. The flaw only takes a couple of commands to potentially access intranets, cause XSS and anything that SSRF can cause, including something such as,
https://public.example.com/proxy?url=admin-panel.example.com
Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com
