Skip to main content

Posts

ZIP Symlink Vulnerability

What is Symlink? A symlink (also called a symbolic link) is a type of file in Linux that points to another file or a folder on your computer. Symlinks are similar to shortcuts in Windows There are two types of symlinks Soft and Hard Link A symbolic or soft link is an actual link to the original file, whereas a hard link is a mirror copy of the original file. If you delete the original file, the soft link has no value, because it points to a non-existent file. But in the case of hard links, it is entirely the opposite. Even if you delete the original file, the hard link will still have the data of the original file. Because hard link acts as a mirror copy of the original file For know more about the symlink please visit: https://ostechnix.com/explaining-soft-link-and-hard-link-in-linux-with-examples/ What is ZIP SYMLINK  Vulnerability? An  archive can contain a symbolic link. A symbolic link is a special file that links to another file. By uploading a zip containing a symbo...
Post a Comment
Read more
Recent posts

Analyzing Root Cause Of Remote Code Execution in Bludit CMS (3.9.2)

Description: Bludit is a Flat-File CMS, which (in this case) means that Bludit uses files in the JSON format to store the content. We found CMS Version 3.9.2 in CTF  Challenge that  is vulnerable to Remote code execution by File upload. We completed the challenge but we are excited to find the root cause and analyze the  source code . For Analyzing the root cause you have to familiar  with  basic  of php language  and .htaccess file What is  .Htaccess  in PHP ? .htaccess is a configuration file for use on web servers running on the web apache server software. when a .htaccess file is placed in a directory which in turn loaded via the Apache web server, then the .htaccess file is detected and executed by the Apache server software. Whenever any request is sent to the server it always passes through .htaccess file . Htaccess is Used For:       1) A UTHORIZATION, AUTHENTICATION: .htaccess files are often used to specify the...
Post a Comment
Read more

Analysis of Android App Source Code by Using Breakpoint

Static Code Analysis: Static code analysis ,  is a  method of computer program debugging that is done by examining the  code  without executing the program. The process provides an understanding of the  code  structure, and  can  help to ensure that the  code  adheres to industry standards . In Android Application static code Analysis:   Manually or by tool analyzing or examining the whole code and    finding any sensitive data hardcoded in source code or not. Or any vulnerable library used or not  not sufficient . Main Role of static  code analysis :  Understand flow of code. All automated tool like mobsf , quark  do static code analysis but for my point of view manually analysis of static code is best case. For doing all things manually we have some knowledge of java and android application code structure. In static Analysis of App code sometimes ago I simply decompile application and open the a...
Post a Comment
Read more

Account Takeover Using Javascript(Js Win Always)

When we play with JavaScript, seriously we don’t need any tool only we have to understand the flow of JavaScript.  By Using JavaScript I bypassed the login in an application. I am always excited to bypass things like login bypass, Otp Bypass etc. while I testing an application. I always check View-source of application mainly on login page and registration page 1.    Open application login page.  There are two ways of login in the application. One way by username and password and another one is mobile no and otp. I choose second one 2.       Let’s view source  of application login page : ON seeing this code I noticed that    if otp is wrong then above function throw an error  otherwise loginwithmobile(mob No) function is called .
4 comments
Read more

HOW I ENTERED OTHER USERS MEETING IN ZOHO MEETING:

Seeing the bugs of the zoom meeting, an idea came to my mind that let's play with the zoho meeting. First of all, its functionality is understood. 🤔 I myself created the meeting host and joined. I saw the meeting id is numeric (10 digits). It came to my mind that Can I know the meeting id of other users. Picture 1.0 The first way is to Brute force the meeting id . I used intruder to extract other users meeting id , oh no my ip got blocked for some minutes. Mean rate limiting is in place. I tried to bypass the rate limit. but no success . i Used every headers like X-Forwarded-For , X-Remote-IP, X-Forwarded-Host , X-Originating-IP. but no success 😒😒. So I went around the all the headers and cookies values. I Manipulated every cookie value but hey. i see there is a ZMEET_CSRF_TOKEN =x.x.x.x.x.xx IN JOIN REQUEST.I manipulate the ZMEET_CSRF_TOKEN And again hit request .  hey  I bypassed the rate limit.  😉😉😉  Now time to extract other use...
Post a Comment
Read more

Exploitation Of Improper WebView Implementation

Hey Guys  today we explore Web view in  android application and   how their misconfiguration leads to Cross site scripting , open redirection , html injection in application. WHAT IS Web View? Android Web View is used to display web page in android. The web page can be loaded from same application or URL. It is used to display online content in android activity. Android Web View uses webkit engine to display web page.The android.webkit.WebView is the subclass of Absolute Layout class.  Web Views are used in android applications to load content and HTML pages within the application.      For example: Improper Implementation of Web view   1. Loading Clear Text content  If a Web View load url that is on http(Clear text communication)  then it would be open to various forms of attack such as MiTM.                               ...
Post a Comment
Read more

A New Way Of Brute force Passcode/Pin Protection By deep link

DESCRIPTION : AS you know already that what is passcode protection and why it is applied ? And how it is bypassed normally ? If you don’t know please read my previous blog:   https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html                                                                                When any passcode protection is implemented first check any activity is exported or not ? Here we  only talking the scenario where no activity is exported in application   PROCEDURE : Open Application after implementing passcode protection. You see that passcode activity is launched first Go to AndroidMainfest.xml file and check launch mode of passcode activity . Question Arises in your mind   - ...
Post a Comment
Read more