Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF

Web2py 2.14.5 Multiple Vulnerabilities

Web2py Vulnerabilities This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform. # Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF # Reported Date : 2-April-2016 # Fixed Date : 4-April-2016 # Exploit Author : … Read more

JSON Hijacking

JSON Hijacking

JSON Hijacking Today we will see that, How we can find the JSON Hijacking vulnerability. As we know that this works on older browsers, still we should analyse it because this is a miss-understood/less known vulnerability for many security people. I hope you will like it.   What is JSON Hijacking? JSON Hijacking is similior … Read more

cPanel – Access Restrictions On Mail Routing Information

cPanel Access Privileged Data

  Source: https://forums.cpanel.net/threads/cpanel-tsr-2015-0003-full-disclosure.472921/ https://www.isspcs.org/render.html?it=23020   cPanel TSR-2015-0003 Full Disclosure SEC-22 Summary Access restrictions on mail routing information not properly enforced. Security Rating cPanel has assigned this vulnerability a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) Description The WHM, cPanel and Webmail interfaces each provide the ability to trace the route that email delivery takes. This routing information … Read more

Hacking Facebook Polls: Access Control Vulnerability

Hacking Facebook Polls

Hacking Facebook Polls – Poll Access Control Vulnerability: Dead Pool Version   Hello All, Its been very long time that i am not in bug bounty things due to some reasons.Today we will see how i was able to do Hacking Facebook Polls.While surfing facebook groups, There is an module called “Polls” who got my attention. Using … Read more

Pentesting CMS : WordPress Joomla Drupal

Pentesting CMS : Wordpress Joomla Drupal

Hello All, Today we will see how we can pentesting CMS like wordpress, drupal, joomla etc. Sometimes we might get CMS based website or application to do perform VAPT. Pentesting CMS is just like a head ache, Because in CMS the back-end codes are mostly pre-defined as CMS nature and behaviour, Any one can download … Read more

Attacking JSON Application : Pentesting JSON Application

Penstesting JSON Application

  Hello all, Its quite long time i have dosn`t updated my blog. So  here we go.   Today we will see how we can pentest  JSON Web Application. Note- Some of the methods are taken from third party resources and some are presented as my personal experience.   First What Is JSON According To JSON Website. … Read more

Web2py 2.9.11 Open Redirection Vulnerability , CVE-2015-6961

Web2py Open Redirection

    Web2py Open Redirection Vulnerability Technical Details & POC. # Vulnerability Title : Web2py 2.9.11  Open Redirection Vulnerability # Reported Date      : 27-Jan-2014 # Fixed Date             : 2-July-2015 #  Author                   : Narendra Bhati # CVE ID         … Read more

Wolf CMS Arbitrary File Upload To Command Execution – CVE-2015-6567 , CVE-2015-6568

Wolf CMS Arbitrary File Upload To Command

Wolf CMS  Arbitrary File Upload To Command Execution Full Technical Disclosure Of  Wolf CMS  Arbitrary File Upload To Command Execution   # Exploit Title          : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution # Reported Date      : 05-May-2015 # Fixed Date             : … Read more

Information Security Controls

Information Security Controls

Information Security controls is mechanism or a set of rules to to decrease the risk in terms of vulnerability , internal and external threads etc. Information security also covered the other aspects of an organisation like Computer Security , Physical Security , Network Security , Business Continue Planning , Disaster Recvery Planning, Counter Measures With Existing Or … Read more