Advisories – David Sopas – Web Security Researcher

Popular wireless Logitech mouse vulnerable to keystroke injection

One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks. I went throught the affected devices list… Continue reading Popular wireless Logitech mouse vulnerable to keystroke injection

Checkmarx Security Research Team latest work

CSRT latest work and news: Evenbrite Security Wall of Fame Go programming SCP Remotely Exploitable Flaws Found in Popular IP Cameras Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site More to come really soon… 🙂 Having fun hacking!

OLX and Adobe full-disclosures on HackerOne

OLX Stored XSS https://hackerone.com/reports/152069 Adobe Reflected XSS https://hackerone.com/reports/50389 I asked for full-disclosure of this reports so other users can learn something from it. The OLX security report was also mentioned on a portuguese media site- Future Behind. If you know portuguese language feel free to read it.

Latest work done

Just to give a small update on my work… I’ve been more active on my Twitter account so follow me to get the latest updates on my security work 🙂 Also here are some work I’ve done: (Cobalt.io) – The Top 10 Vulnerabilities used by David Sopas to reach #1 at Cobalt (Char49) – Flash… Continue reading Latest work done

Hey vendors, researchers are here to help

Yesterday I was exchanging some messages on Twitter – specially with Kymberlee Price (from BugCrowd) – about the relationship between vendors and security researchers when disclosing a security issue. In my experience I know what’s the feeling of trying to help a vendor and they ignore you or in some extreme cases even “inviting” you… Continue reading Hey vendors, researchers are here to help

Google Finance Reflected File Download

Found this vulnerability when auditing other client. With this RFD you don’t need to create a page to force the download. The request for this Google JSON file already do this for us. When I noticed this request: [code lang=”html”]http://www.google.com/finance/info?q=ELI:ALTR&callback=?[/code] Which returned the following information: [code lang=”html”] // [ { "id": "703655" ,"t" : "ALTR" ,"e"… Continue reading Google Finance Reflected File Download

Bing Reflected File Download

When using Bing online translator I noticed a XHR request on my browser that caught my attention: [code lang=”html”]http://www.bing.com/translator/LandingPage/GetDefinition?oncomplete=jQuery111207287312552798539_1444907172498&market=en&word=test&_=1444907172499[/code] On which reflected on the screen: [code lang=”html”]jQuery111207287312552798539_1444907172498();[/code] As a security researcher I always try to find different ways to bypass security specially related to Reflected File Download. So I tried to inject a RFD vector… Continue reading Bing Reflected File Download

Wikiloc XXE vulnerability

For those who still don’t know Wikiloc: Wikiloc is a place to discover and share the best outdoor trails for hiking, cycling and many other activities. We are 1,725,606 members exploring and sharing 3,936,841 outdoor trails and 6,503,289 photos. I was searching for a cool track to ride my bike [yes I love #cycling] and… Continue reading Wikiloc XXE vulnerability

Multiple vulns on mTouch Quiz WordPress plugin

Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed with learning, touch friendliness and versatility in mind. I found multiple vulnerabilities on WordPress plugin – mTouch Quiz <= 3.1.2. #1 Reflected XSS on Quiz Manage “quiz” parameter wasn’t properly… Continue reading Multiple vulns on mTouch Quiz WordPress plugin