Posts

Exploiting CORS Misconfiguration using XSS

Image
Hello All, This Post is about how i exploited a Cross Origin Resource Sharing (CORS) Misconfiguration with the help of Cross Site Scripting (XSS) After reporting some bugs to Netgear Kudos program I started getting old private program invites on Bugcrowd One of which was with 300+ researchers and running from 2015 I wasn't happy about that, As i thought  I won't be able to find any thing as the program is running from such a long time and so many others have looked at it before me.  Even if i will get something the chances of that being duplicate is high. But then Osama said this So I finally started looking at it and trying my best to find something, Got one P3  but it went duplicate :( But then I got an endpoint that was having simple CORS misconfiguration and the endpoint was giving user details like email address , age , g ender , DOB , etc in response It was triaged, paid and fix within a week I was happy and was planing to mov

ssTaker - A Bash Script to take ScreenShot of a list of urls

Image
Hello All, One of the most important part of an Assessment is Reconnaissance. During that one of the things we do is  to find subdomains to increase attack surface An average size company has around hundreds of subdomains! Manully visiting each of them and sorting them is a painful task There comes to Automation to rescue us We can use tools like 1. EyeWitness 2.  aquatone 3. Web Screenshot What the basic idea about these tools is they take a list of urls and tries to capture the screenshot of them and then create a beautiful html/pdf report So what was the need of writing this bash script ? Because i use windows 7 ♥ as my host OS and the only thing i run on it is burpSuite nothing else All the others scripts and tools are in my parrot OS VM The EyeWitness doesn't runs on Parrot OS and Aquatone screenshot module is also having some dependencies issues on my vm So while finding alternatives of these I came to know  CutyCa

Two Factor Authentication Bypass | SendGrid

Image
Hello All, Today I will be sharing how I was able to Bypass SendGrid 2FA What is SendGrid : A Cloud-based email service to  deliver emails on behalf of companies having  55,000+ customers ~ https://sendgrid.com/about/ What is Two  Factor Authentication : Two-Factor Authentication (2FA) is a type of multi-factor authentication confirming a user’s claimed identity by utilizing a combination of two different authentication methods. 2FA makes it harder for potential intruders to gain access and steal user’s personal data or identity. ~ https://en.wikipedia.org/wiki/Multi-factor_authentication My Story with them : I started looking for bugs in SendGrid  and after trying whole night i found  a  XSS Reported it and when to sleep peacefully Next morning I checked my email The bug went duplicate :(  It felt bad I didn't want to test further so I went to delete my account ( I don't want emails from them :__: ) I logged in to my account to see i

XSS Because of wrong Content-type Header

Image
Hello All, XSS because of Wrong content type in InternShala.com Internshala : Internshala is an internship platform, this website helps students find internships with organisations in India - wiki While checking this site  I got an endpoint which didn't had CSRF protection. I can change the user details (name, address,etc) Not email :( One thing that was weird with that endpoint was that  it was giving  a JSON response But the content type header was not  :  application/javascript Rather it was set as :   text/html   I was fiddling with that as I knew if we can inject html then we can get XSS here  :D But they had filters so it was just HTML Injection -_- that isn't  cool to report  But there was another parameter   current_city_administrative_area_level_2   changing its value caused and error   Lets Build Payload  Problem no (1) White space was not allowed  between text and neither    forward slash /    was allowed

Open Redirect In Flock | My First Swag pack

Image
Hello Every one, This  post is about an Open Redirect that i found in Flock.co back in 2016 So back then, in 2016  I started finding bugs in various sites and all I was getting was duplicate, wont'fix,Thanks and few Hall of Fame  :( One day one of my friend posted about goodies that he has got from Flock So i started looking for bugs on it  Got one reflected XSS that turned out to be a out of scope site :3 And one open redirect that got valid :D That got me my first swag pack :D Wait a sec ? you didn't came here to read my story :v Technical part : This was there login system 1) User enters login credentials 2)  It gets validated 3) They Redirect to dashboard This what the redirect url looked liked https://auth.flock.co/login?auth_token=xyz&platform=BROWSER&redirect_uri=https%3A%2F%2Fflock.co So i changed the redirect_uri parameter value to google.com and it worked ^_^               That's how i got my