I found a race condition flaw which caused browser to preserve the address bar and to load the content from the spoofed page. Address bar spoofing allows for attacks where a malicious page can spoof the identify of another site.

Summary

During my testing, it was observed that the browser allowed JavaScript to update the address bar while the page was still loading. Upon requesting data from a non-existent port the address was preserved and hence a due to race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar…

As we all know exposing activities can lead to various attack scenarios. If you don’t know what is an Android activity, listen to Google explaining it briefly —

“The Activity class is a crucial component of any Android app, and the way activities are launched and put together is a fundamental part of the platform’s application model” — developer.android.com

If that was a bit complicated,

Everything that you see in an android app is kind of being done via an activity. For example, say you click on the Facebook app icon in your phone, it will show a window with…

Date reported — 02–07–2019

# Vulnerable Software — Apache
# CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed”
# Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing
# Domain Affected — *.unesco.org
# Tested — https://en.unesco.org (193.242.192.49)

Summary

Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests which helped in seeking the direct leak of sensitive data through a misconfigured server-status module, mod_status which Apache web server exposes for displaying metrics.

Reproducibility

Due to its nature the bug doesn’t appear deterministically. It only seemed to appear on busy…

Date reported — 2019–08–29

Summary

Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices.

Impact

URL Address Bar spoofing is the worst kind of phishing attack possible because it’s the only way to identify the site which the user is visiting for a non-technical user. URL address bar is the only way to trust a website and if this indicator is hijacked, the whole security of any normal user will be compromised.

Explanation

…

This attack can be used to detect if victim is using incognito mode in latest version of Chrome (77.0.3865.90) by the time of discovery by me exactly a year ago in Sept 2019 by abusing web_accessible_resources. The research can be find over 0x48piraj/PwnHouse.

Anatomy of res-block attack

Sometimes developers share package resources of their Chrome extension, for example, images, HTML, CSS, or JavaScript and make them available to web pages. They do this via utilizing web_accessible_resources.

As per Chrome’s documentation,

An array of strings specifying the paths of packaged resources that are expected to be usable in the context of a web page. These…

Back Story

COVID-19. College closed. Everything Quarantined. How to take tests? Voila. Online. Okay, but how? Tadaa.

We were sent an email regarding a new platform which was indigenously built just for us, the students for carrying out the quizzes. Soon enough, I was bombarded to do something about that. I was busy at the time so I showed no interest and shooed everyone away. But soon enough, professors started to rub it in our faces by forcing us to do programming assignments OFFLINE. Yes, writing code in a paper, taking photos, using editing skills to create a PDF out of it…

Original timeline: August 2018 — September 2020

I remember last year (2018) getting all frustrated by those idiotic subjects which don’t made any sense to what I was interested in and thus, I loved making final year projects, completing company recruitment challenges and solving quizzes of seniors. If interested, you can visit my personal blog where I publish those mushy blogs, one of them is “Relating Every Subject To Computer Science In My Freshmen Year”. I named my blog, Tinkernel — Tinkering the kernel. Dope, right?

Let’s continue, shall we?

Anyways, soon, I got to know our university uses a…

I deleted all my repositories on walk-through over CTF challenges and now am blogging them away.

TJCTF 2018

TJCTF is a Capture the Flag (CTF) competition hosted by TJHSST’s Computer Security Club. It is an online, jeopardy-style competition targeted at high schoolers interested in Computer Science and Cybersecurity.

Problem List

Table of Content

• Blank (5 points)
• Trippy (5 points)
• Weird Logo (5 points)
• Discord! (5 points)
• Cookie Monster (10 points)
• Central Savings Account (10 points)
• Vinegar (15 points)
• Interference (15 points)
• Math Whiz (20 points)
• Nothing but Everything (20 points)
• Caesar’s Complication (20 points)
• Huuuuuge (25 points)
• Learn My Flag (30 points)
• Request Me (30 points)
• Validator…