How I Hacked Samsung’s Tizen OS & LG Electronics Private Project Management Instances

Using Jiraffe security tool to find low-hanging fruits

Introduction

https://public.example.com/proxy?url=admin-panel.example.com

Usual Boring SSRF, Right?

Samsung’s Tizen OS Bug Tracking Dashboard

Proof of concept for XSS

<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/>
$ pip install jiraffe

LG CNS

Dear PIYUSH RAJ,As we said, LG CNS is a separate company from us.
Thus, we don't also have a contact point.
We'll contact the relevant department.
Thank you.
Best Regards,
LG PSRT.

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store