Posts

Email Spoofing for Beginners

Image
Hello Everyone,

Greetings to all,

In this article, I'll talk about email spoofing in a little depth.

So, First of all
What is Email Spoofing? 

If you already know about email spoofing then congratulations But don't worry if u don't know about email spoofing.

Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. It's not a new technique. It's a very old technique and still widely used in phishing and scamming.

This article is going to be interesting and I'll try to short this long article as much simple as possible.

Recently, my friend ask me
How it's possible to spoof an email?

So, there are a lot of questions related to this issue. 

When a Domain is Spoofable?

It is just as simple in an email as well because email protocols (SMTP) lack authentication. Anyone with a little basic knowledge can able to send an email with any sender’s address to anyone in …

DoS on WAF Protected Sites by Abusing Cookie

Image
Hi Folks,

Today, I'm gonna share one of my interesting finding in bug bounty.
I occasionally hunt bugs in bug bounty in my free time. So, I don't have enough time to blog. But on someone request, I share some of my bug bounty findings here.
I like to find some interesting and logical bugs.
Recently, I found an interesting bug in many sites but I can't disclose the name of every website, one website 'Upwork' already patched this bug and resolved the report that's why I disclose the name.
So, what's the bug?
Denial of Service (DoS) > Single user cookie based DoS
There are a lot of websites using WAF like Cloudflare etc.
When the Cookie sets with malicious characters(like"><script> alert(1)</script> mean  with XSS or SQLI payloads etc.) value, the site WAF like Cloudflare block us from accessing that website, we need to remove that cookie to access the site

Many websites sets 'Referrer' value in a cookie.
So,  A little dirty trick comes to …

A Tricky Open Redirect

Image
Hello Friends,
Today, I'm gonna share one of my coolest finding that how I found an Open-Redirect vulnerability on private site of Bugcrowd.

Open Redirect:
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.


How I found Open Redirect vulnerability?
In my free time, I was looking for bugs and at the same time, I received an Invitation on Bugcrowd. 
I visit the site and registered an account on that site.
I can't disclose the website name, so let’s assume https://redacted.com

So, I found this normal login endpoint ie 

https://redacted.com/login?nextUrl=url

Next, I try some open redirect payloads on next parameter ie nextUrl=http://evil.com or nextUrl=//evil.com and others but nothing worked. 
I randomly put evil.com after next paramter
ie
https://redacted.com/login?nextUrl=evil.com
and after login, the site redirects …