In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …
Tag: Hack
XSS in WordPress via open embed auto discovery
Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …
Security bug in Google Hangouts Chat desktop application – how to make Open Redirect great again
A few months ago Google released a new product – Hangouts Chat application, which was surely the answer of the American giant to the ubiquitous Slack. In short, it is a communication platform for teams, where you can simply chat, as well as exchange files, presentations, etc. You can use the Chat both in your …
IT infrastructure reconnaissance – part 1 (Google hacking)
The basis of web application or infrastructure security tests is a reconnaissance, i.e. the collection of all subdomains, IP addresses, and other publicly available information. It is a good practice to use several tools simultaneously during the reconnaissance, which of course, will greatly increase the effectiveness of this testing phase – information omitted by one …
Single Code Line CCTV Camera Takeover – One Can Record Audio/Video/Have Access to Recordings
I have already presented this subject twice, but there was no information on the topic until now. The Ganzsecurity ZN-DNT352XE-MIR camera is worth about 5000 PLN. Securitum provides solutions to organisations such as NY Police, FBI, Spawar Command (NAVY), or prisons. The camera can also be found also as CCTV. All information presented in this …
Description of CVE-2018-0296 vulnerability – bypassing authorization in Cisco ASA web interface.
In this text we describe CVE-2018-0296 error concerning Cisco ASA devices, publicized 6th of June by Cisco. Officially, vulnerability was classified as Denial Of Service, although our report concerned a different type of error. More details below. A word of introduction:Cisco ASA device (Adaptive Security Appliance) is very popular and is often a part of …
How to take over the CCTV camera
This time, we take a look at the camera Ganz Security – model ZN-M2F (price is about $650). We were able to get root privileges without authentication. Ganz Security? This is a company known in the West: The Ganz brand is currently used by more than 100,000 businesses and research and development institutions in the …
What is Path Traversal vulnerability?
Path Traversal attacks are performed when the vulnerable application allows uncontrolled access to files and directories, to which the user should not usually have access. The attack vector is the parameters passed on the application, representing paths to resources, on which specific operations are to be performed – reading, writing, listing the contents of the …
Security problems of Apache Cordova – steal the entire contents of the phone’s memory card with one XSS
There are many different technologies available on the mobile market that allow you to create applications. One of them – Apache Cordova – allows you to write applications in JavaScript and HTML. Applications created in this way are easy to distribute, and their operation does not differ from native applications written in Java or C. …
Stealing tokens, hacking jQuery and bypassing Same-Origin Policy – how I won XSSMas Challenge 2016
In this article: You will learn an interesting way to read tokens from another domain. You will learn how to make XSS using jQuery. You will see how to break Same-Origin Policy using Flash. XSSMas Challenge is a challenge (in the style of CTF) organized for several years by Cure53. As you can guess from …
Race Condition Attack – exemplary use in web application
Race Condition is a method of attack consisting of executing a query in a shorter time than the verification of the conditions of a given application action, e.g., when uploading files to the server, the time between saving the file on the disk and verifying its type or extension allows you to execute a query …
What is the SSRF vulnerability (Server Side Request Forgery)?
A large part of web applications allows you to upload your own file to the server by providing the URL address, where it will be automatically downloaded to the server. In this article, we will discuss what problems may arise from such a solution. The article will be based on a simple functionality in the …
The new hack allows wireless opening of over 100 million cars: Audi, Skoda, various VW, Ford, Citroen.
TL; DR: As reported by Wired, nearly 100 million cars manufactured and owned by the Volkswagen group for the last 20 years can be opened wirelessly as a result of a hack. Just listen to the radio transmission when you open the car, process it… and voila. This was presented in detail at Usenix Conference …