PayPal Merchant Launch Site: Authentication Bypass Vulnerability

  While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the log in page and directly calling an internal … Read morePayPal Merchant Launch Site: Authentication Bypass Vulnerability

Ebay: From CSRF to Full Takeover Account of any user

    After the Ebay Data Breach i started looking for that bug that may have been exploited from hackers to steal credentials of more that 100 million Ebay user’s account.So i focused my attention on the Ebay recovery account procedures.If you are already a Ebay user you can reset the password of your account … Read moreEbay: From CSRF to Full Takeover Account of any user

WhatsApp: LFI Vulnerability

      Before starting to describe the issue found on WhatsApp i want to introduce the LFI Vulnerability. The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. … Read moreWhatsApp: LFI Vulnerability

AT&T : From CSRF to Full Takeover Account of any user

This is the PoC i sent to AT&T I’ve found a CSRF bug that may lead to full takeover account of a M2X AT&T user account These are the steps to reproduce the issue: 1)Login into https://m2x.att.com/login 2)Once logged in we have to go to https://m2x.att.com/account In this page we can see “First Name”,”Last Name”,”Email” … Read moreAT&T : From CSRF to Full Takeover Account of any user

Google:From Privilege Escalation Vulnerability to Full Takeover Account

  In this Write-Up i’ll explain how i was able to reset password and have full access to any Google user’s account that haven’t security question enabled. This is the Bug Report i sent to Google Security Team. I’ve found a huge bug in Gmail.I’ve found a way to have full access to a Gmail … Read moreGoogle:From Privilege Escalation Vulnerability to Full Takeover Account

YouTube IconTwitter IconVisit Our Linkedin profile