One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks. I went throught the affected devices list… Continue reading Popular wireless Logitech mouse vulnerable to keystroke injection
Category: Advisories
Checkmarx Security Research Team latest work
CSRT latest work and news: Evenbrite Security Wall of Fame Go programming SCP Remotely Exploitable Flaws Found in Popular IP Cameras Trump Website Hacked: Subdomain Takeover Defaces Fundraising Site More to come really soon… 🙂 Having fun hacking!
OLX and Adobe full-disclosures on HackerOne
OLX Stored XSS https://hackerone.com/reports/152069 Adobe Reflected XSS https://hackerone.com/reports/50389 I asked for full-disclosure of this reports so other users can learn something from it. The OLX security report was also mentioned on a portuguese media site- Future Behind. If you know portuguese language feel free to read it.
Latest work done
Just to give a small update on my work… I’ve been more active on my Twitter account so follow me to get the latest updates on my security work 🙂 Also here are some work I’ve done: (Cobalt.io) – The Top 10 Vulnerabilities used by David Sopas to reach #1 at Cobalt (Char49) – Flash… Continue reading Latest work done
Hey vendors, researchers are here to help
Yesterday I was exchanging some messages on Twitter – specially with Kymberlee Price (from BugCrowd) – about the relationship between vendors and security researchers when disclosing a security issue. In my experience I know what’s the feeling of trying to help a vendor and they ignore you or in some extreme cases even “inviting” you… Continue reading Hey vendors, researchers are here to help
Google Finance Reflected File Download
Found this vulnerability when auditing other client. With this RFDÂ you don’t need to create a page to force the download. The request for this Google JSON file already do this for us. When I noticed this request: [code lang=”html”]http://www.google.com/finance/info?q=ELI:ALTR&callback=?[/code] Which returned the following information: [code lang=”html”] // [ { "id": "703655" ,"t" : "ALTR" ,"e"… Continue reading Google Finance Reflected File Download
Bing Reflected File Download
When using Bing online translator I noticed a XHR request on my browser that caught my attention: [code lang=”html”]http://www.bing.com/translator/LandingPage/GetDefinition?oncomplete=jQuery111207287312552798539_1444907172498&market=en&word=test&_=1444907172499[/code] On which reflected on the screen: [code lang=”html”]jQuery111207287312552798539_1444907172498();[/code] As a security researcher I always try to find different ways to bypass security specially related to Reflected File Download. So I tried to inject a RFD vector… Continue reading Bing Reflected File Download
Wikiloc XXE vulnerability
For those who still don’t know Wikiloc: Wikiloc is a place to discover and share the best outdoor trails for hiking, cycling and many other activities. We are 1,725,606 members exploring and sharing 3,936,841 outdoor trails and 6,503,289 photos. I was searching for a cool track to ride my bike [yes I love #cycling] and… Continue reading Wikiloc XXE vulnerability
MailChimp Reflected File Download
When auditing a MailChimp client for Cobalt.io I noticed that this company suffers from a Reflected File Download vulnerability that could be exploited only by using HTML5 download attribute. Let’s take a look into the original GET request: [code language=”html”]http://[mailchimp_client].us5.list-manage.com/subscribe/post-json?u=41352a29fd45def27e8aea4cd&id=91d16923d8&c=?[/code] This request is part of the subscription to a email campaign at MailChimp. Checking the… Continue reading MailChimp Reflected File Download
Multiple vulns on mTouch Quiz WordPress plugin
Plugin link: https://wordpress.org/plugins/mtouch-quiz/ Active Installs: 5,000+ Version tested: 3.1.2 CVE Reference: Waiting mTouch Quiz lets you add quizzes to your site. This plugin was designed with learning, touch friendliness and versatility in mind. I found multiple vulnerabilities on WordPress plugin – mTouch Quiz <= 3.1.2. #1 Reflected XSS on Quiz Manage “quiz” parameter wasn’t properly… Continue reading Multiple vulns on mTouch Quiz WordPress plugin