In evidenza

Ebay: From CSRF to Full Takeover Account of any user

After the Ebay Data Breach i started looking for that bug that may have been exploited from hackers to steal credentials of more that 100 million Ebay user’s account.So i focused my attention on the Ebay recovery account procedures.If you are already a Ebay user you can reset the password of your account through three procedures:

1) Email Address:An email to the registered email-address will be sent with a reset link

2)SMS: An SMS with a 4-digits PIN will be sent from Ebay to the registered phone number

3)Phone call: A phone call will be made from Ebay to reset password of the Ebay user’s account Leggi tutto “Ebay: From CSRF to Full Takeover Account of any user”

In evidenza

Google:From Privilege Escalation Vulnerability to Full Takeover Account

In this Write-Up i’ll explain how i was able to reset password and have full access to any Google user’s account that haven’t security question enabled.

This is the Bug Report i sent to Google Security Team.

I’ve found a huge bug in Gmail.I’ve found a way to have full access to a Gmail account with no victim’s interaction.This bug can be exploited if the victim hasn’t setted the security question. Leggi tutto “Google:From Privilege Escalation Vulnerability to Full Takeover Account”

In evidenza

Yahoo! SSRF/XSPA Vulnerability

First of describing how i was able to find this bug, i would prefer to introduce the SSRF/XSPA Vulnerability.

An application is vulnerable to Cross Site Port Attacks if the application processes user supplied URLs and does not verify/sanitize the backend response received from remote servers before sending it back to the client. An attacker can send crafted queries to a vulnerable web application to proxy attacks to external Internet facing servers, intranet devices and the web server itself using the advertised functionality of the vulnerable web application. The responses, in certain cases, can be studied to identify service availability (port status, banners etc.) and even fetch data from remote services in unconventional ways.XSPA allows attackers to target the server Leggi tutto “Yahoo! SSRF/XSPA Vulnerability”

PayPal Merchant Launch Site: Authentication Bypass Vulnerability

While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal page that is supposed to be accessed only after authentication has been performed. Leggi tutto “PayPal Merchant Launch Site: Authentication Bypass Vulnerability”

WhatsApp: LFD Vulnerability

Before starting to describe the issue found on WhatsApp I want to introduce the LFD Vulnerability.

The Local File Disclosure vulnerability allows an attacker to read the content of files and get important information like ftp, mysql credentials, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.
This can lead to something as outputting the contents of the file, but depending on the severity, it can also lead to: Leggi tutto “WhatsApp: LFD Vulnerability”