Slack Stored XSS(Cross Site Scripting)

Slack Stored XSS(Cross Site Scripting)

Hello Guys,

From a very long, I didn't`t write any blog post. :(

Well, Today we are going to see a Vulnerability in Slack Of Stored XSS(Cross Site Scripting) :)

One of the Slack URI - https://api.slack.com/apps/[appid]/general is not handling the user input properly, In a "name" parameter.

The input is getting reflected into the page without being properly sanitised or filtered, As a result it was possible for an attacker to Triager a Stored XSS Attack.

Interesting thing is that, This vulnerability can be exploited on other team and his member, As per this behaviour Slack Awarded $1000 for this vulnerability.

Asus SQL Injection Vulnerability

Asus Website SQL Injection

Asus Website was found vulnerable to SQL Injection Vulnerability.

Vulnerability - Not Disclosed.

Status - Fixed By Asus Team.

Hostgator Open Redirection And Reflected XSS Vulnerability

Host gator was found vulnerable to Open Redirection & Reflected XSS

Vulnerable URL - https://www.hostgator.in/login.php?action=successful_login&newurl=http://google.com

Vulnerable Parameter = newurl

Impact : Allow attackers to trick the users to redirection to other(attacker) domain which can be use for phishing attacks. Etc.

0 Desk Reflected XSS

0 Desk Reflected XSS POC Video 

Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF,Brute Force Attack

Web2py Vulnerabilities

This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform.

#Download the vulnerable App - https://drive.google.com/file/d/0B-LjC3oY6tUpZlNkV3BnZU85Y0E/view?usp=sharing
# Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF, Brute Force On Login
# Reported Date : 2-April-2016
# Fixed Date : 4-April-2016
# Exploit Author : Narendra Bhati
# CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016-4808, Login Brute Force - CVE-2016-10321
# Tested On : MAC OS X EI Capitan, Windows 7 64 Bit, Most Linux Platforms.
# Fix/Patching : Update To Web2py. 2.14.6
# Facebook : https://facebook.com/imnarendrabhati
# Twitter : http://twitter.com/imnarendrabhati

cPanel - Access Restrictions On Mail Routing Information

Source:

https://forums.cpanel.net/threads/cpanel-tsr-2015-0003-full-disclosure.472921/

https://www.isspcs.org/render.html?it=23020

Hacking Facebook Polls: Access Control Vulnerability

Hacking Facebook Polls - Poll Access Control Vulnerability: Dead Pool Version

Hello All,

Its been very long time that i am not in bug bounty things due to some reasons.Today we will see how i was able to do Hacking Facebook Polls.While surfing facebook groups, There is an module called "Polls" who got my attention. Using this module "Polls" admin/group members can create polls to get group members re-actions.

Basically the vulnerability is about "Access Control"  in facebook polls, There are two controls which facebook offers and one of them is "Allow anyone to add options". If poll creator has disabled this option then users cant add more options to the poll, Even admin cant & if it is not disabled then any group member can add more options to the poll.

Analysis Part

OWASP Pune Chapter : Dive Into The Profound Web Attacks

OWASP Pune Chapter Talk 18th Feb 2016 : Dive Into The Profound Web Attacks

PPT Url – http://www.slideshare.net/bhati123/owasp-pune-chapter-dive-into-the-profound-web-attacks-58494512