Patience is indeed* a virtue — bug bounty — I found a race condition flaw which caused browser to preserve the address bar and to load the content from the spoofed page. Address bar spoofing allows for attacks where a malicious page can spoof the identify of another site. Summary During my testing, it was observed that the browser allowed…

Hacking Medium #1: Exported Android Activity Fiasco — As we all know exposing activities can lead to various attack scenarios. If you don’t know what is an Android activity, listen to Google explaining it briefly — “The Activity class is a crucial component of any Android app, and the way activities are launched and put together is a…

Catching a low-hanging juicy fruit through Options Bleed — Date reported — 02–07–2019 # Vulnerable Software — Apache # CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed” # Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing # Domain Affected — *.unesco.org # Tested — https://en.unesco.org (193.242.192.49) Summary Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow…

…and the idiocy that followed — Date reported — 2019–08–29 Summary Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices. Impact URL Address Bar spoofing is the worst…

This attack can be used to detect if victim is using incognito mode in latest version of Chrome (77.0.3865.90) by the time of discovery by me exactly a year ago in Sept 2019 by abusing web_accessible_resources. The research can be find over 0x48piraj/PwnHouse. Anatomy of res-block attack Sometimes developers share package resources of their…

Another Classic From “Hacking Colleges For Fun” Series — Back Story COVID-19. College closed. Everything Quarantined. How to take tests? Voila. Online. Okay, but how? Tadaa. We were sent an email regarding a new platform which was indigenously built just for us, the students for carrying out the quizzes. Soon enough, I was bombarded to do something about that. I was…

Hacking user-base of 1,214,000+ including Sony, Dell, Cisco, DHL, Yale, University of Phoenix — Original timeline: August 2018 — September 2020 I remember last year (2018) getting all frustrated by those idiotic subjects which don’t made any sense to what I was interested in and thus, I loved making final year projects, completing company recruitment challenges and solving quizzes of seniors. If interested, you…

Write-up of all the TJCTF-2018 challenges — I deleted all my repositories on walk-through over CTF challenges and now am blogging them away. TJCTF 2018 TJCTF is a Capture the Flag (CTF) competition hosted by TJHSST’s Computer Security Club. It is an online, jeopardy-style competition targeted at high schoolers interested in Computer Science and Cybersecurity. Problem List Table of Content Blank (5 points)

Using Jiraffe security tool to find low-hanging fruits — Introduction Months ago I discovered a flaw hackers can use to access Samsung’s and LG Electronics internal bug tracking and project management instances running on Jira. The flaw only takes a couple of commands to potentially access intranets, cause XSS and anything that SSRF can cause, including something such as, https://public.example.com/proxy?url=admin-panel.example.com