Posts

Showing posts from July, 2017

Magento HTML Injection, XFS & XSS Vulnerability

Image
I discovered and found HTML Injection, Clickjacking or UI redressing and Non persistent (Reflected) Cross Site Scripting (XSS) vulnerability at Magento.



HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.



Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.


Vulnerable Domain: https://marketplace.magento.com

Vulnerable URL:
https://marketplace.magento.com/catalogsearch/result/?cat=8&q=%22%3E%3Cscript%3Ealert%28%22Hi%22%29%3B%3C%2Fscript%3E 

POC Screenshots:

HTML Injection:


 CFS(Cross Frame Scripting):



Cross SiteScripting




I report this to magento through bugcrowd. Magento fix this vulnerability and 'Thanks' me and enter my name in Magento Hall Of Fame Bugcrowd.nicked(Cyber Tiger).
Report
Fixed

101 Abbreviations Every [email protected] Should Know

Image
 AP = Access Point
 API = Application Programming Interfaces
 APK = Android Package Kit
 ATA = Advanced Technology Attachment
 ATM= Automatic Teller Machine
 BASIC = Beginners All Purpose Symbolic Instruction Code

 BSOD = Blue Screen Of Death
 BIOS = Basic Input Output System

 CPU = Central Processing Unit
 CAPTCHA = Completely Automated Public Turing test to tell Computer and Humans Apart
 CCS = Courtesy Copies

 CDN = Content Delivery Network
 CSS = Cascading Style Sheets
 CDMA = Code Division Multiple Access

 CLI = Command Line Interface
 CLS =Clear Screen

 CSRF = Cross Site Request Forgery
 DBMS = Data Base Management System
 DDOS = Distributed Denial Of Service
 DEL = Delete
 DIMM= Double In-line Memory Module
 DIR= Directory
 DNS = Domain Name System
 DOS = Disk Operating System
 DOS ATTACK = Denial Of Service Attack
 DSP = Digital Signal Processor
 DTP = Desktop Publishing
 E.C = Electronics Commerce
 EDI = Electronic Data In charge
 EDP= Electronic Data Processing
 EDSAC = Electronic Delay Storage Automati…

Ebay XSS vulnerability

Image
Hello Friends, Recently I found Cross Site Scripting vulnerability inside Ebay.
The vulnerability exist in ebay sell page 'add photos' field.
Payload:<img src=x onmouseover=alert("XSS")>



I reported this to ebay. Ebay fixed this vulnerability and 'Thanks' me.
It is my great pleasure to inform you that Ebay has listed me into it's Hall of fame for security researchers who have reported high risk vulnerabilities to Ebay.
You can find my name listed in Ebay Security researchers Hall of Fame here.


What Is Bug Bounty?

Image
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.



So Bug Bounty is a program where Friendly Hackers called Bug hunters find and report vulnerabilities to companies in exchange for reward called bounty.
Many biggest companies likeGoogle,Facebook,Microsoft,Apple,Twitter,Paypal and other offer bug bounty.
To start Register and create profile on Bugcrowd and Hackerone.To Learn bug hunting visit hackerone,blogs and forums.

Instagram Content Injection Vulnerability

Image
Hello Everyone, I discovered a Content Injection in Instagram which allows  to manipulate a text on instagram.

Content Injection (content spoofing) is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain.

Here is vulnerable link https://www.instagram.com/accounts/password/reset/done/?cp=Bug Found By Anas
Now change 'cp' parameter with any content like [email protected] or http://www.phishingsite.com .






EMF [Email Me Form] XSS Vulnerability

Image
Hello Everyone, I found multiple XSS vulnerabilities at EMF Email Me Form.

EmailMeForm is The Web's #1 form and survey builder. XSS 1 I'm creating a form with emf and like previous finding I change the title with xss payload xss executed.  XSS 2 
Next I edit a success message with xss script when anyone complete the form, xss script runs.  XSS 3 
Now I add the Browse or Upload button field in my form and fill the form as a visitor and upload "xml"&"html" file In which I write xss script and complete the form and submit. I go to form manage tab where I receive my own completed form and a file "xml&html" clickable link when I click this link xss runs. Prevention: File Should download. I reported this to EMF.EMF fix these bugs and 'Thanks' me but One bug is still unfixed.

DisplayBit XSS Vulnerability

Image
Hi Friends, last time I explained what is  XSS Now in this tut I show you how I found my first xss vulnerability in displaybit.

Displaybit is a website that pay users by uploading and sharing images.

So how I found my first XSS in two min.
I just upload the picture and and change the title with xss payload <script>alert("xss")</script> and save the picture. 
XSS successfully executed whenever I refresh the page.So I report this to displaybit. Displaybit fix this bug and and 'Thanks' me.

Then I again found my second another xss in display bit.This vulnerability exist in displaybit image search.When I view my image on displaybit I see a  search bar and I enter the previous payload, xss successfully executed . I again report this to displaybit through openbugbounty

https://www.openbugbounty.org/incidents/220844/ 


I found my first XSS vulnerability in displaybit and my career starts here.





There are many ways and several techniques to find bug vulnerabilities which wi…

What Is XSS? Bypassing the XSS Filters, Advanced XSS Tutorial

Image
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users. In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the infected or a specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms. 

Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.

XSS Attack:

Step 1: Finding Vulnerable Website:

Hackers use google dork for finding the vulnerable sites for…

What Is Bug Vulnerability

Image
A bug is when a system isn't behaving as it's designed to behave. A vulnerability is a way of abusing the system (most commonly in a security-related way) - whether that's due to a design fault or an implementation fault.

What is a vulnerability?Vulnerability is a cyber-security term that refers to a flaw in a system that can leave it open to attack.In computer security, a vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. 

Most Common WEB Security Vulnerabilities




 SQL Injections
SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to create, read, update, alter, or delete data st…