Mese: Giugno 2014

Before starting to describe the issue found on WhatsApp I want to introduce the LFD Vulnerability.

The Local File Disclosure vulnerability allows an attacker to read the content of files and get important information like ftp, mysql credentials, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.
This can lead to something as outputting the contents of the file, but depending on the severity, it can also lead to: Leggi tutto “WhatsApp: LFD Vulnerability”

This is the PoC i sent to AT&T

I’ve found a CSRF bug that may lead to full takeover account of a M2X AT&T user account
These are the steps to reproduce the issue:
1)Login into https://m2x.att.com/login Leggi tutto “AT&T : From CSRF to Full Takeover Account of any user”

In this Write-Up i’ll explain how i was able to reset password and have full access to any Google user’s account that haven’t security question enabled.

This is the Bug Report i sent to Google Security Team.

I’ve found a huge bug in Gmail.I’ve found a way to have full access to a Gmail account with no victim’s interaction.This bug can be exploited if the victim hasn’t setted the security question. Leggi tutto “Google:From Privilege Escalation Vulnerability to Full Takeover Account”

First of describing how i was able to find this bug, i would prefer to introduce the SSRF/XSPA Vulnerability.

An application is vulnerable to Cross Site Port Attacks if the application processes user supplied URLs and does not verify/sanitize the backend response received from remote servers before sending it back to the client. An attacker can send crafted queries to a vulnerable web application to proxy attacks to external Internet facing servers, intranet devices and the web server itself using the advertised functionality of the vulnerable web application. The responses, in certain cases, can be studied to identify service availability (port status, banners etc.) and even fetch data from remote services in unconventional ways.XSPA allows attackers to target the server Leggi tutto “Yahoo! SSRF/XSPA Vulnerability”