Qmobile Noir A20 Browser And Messaging App Denial Of Service

While being impressed by Collin Mulliner's research on smart phones, I found myself very curious trying to find vulnerabilities inside it and i found several ones out. In this short blog post I would be discussing about DOS vulnerabilities inside the default browser and the messaging app of Qmobile Noir A20. Qmobile Noir A20 runs on Android 4.1.2. The flaw itself is present it inside Android 4.1.2 browser as well as the default messaging system, however since most of the Qmobile smartphones within the released with or slightly after Noir A20 are most likely using the same browser version and messaging app.

Tags: 0 Comments

Puffin Web Browser Pop Up Recursion Vulnerability - DOS

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post "Puffin Web Browser Address Bar Spoofing" already talked about a high risk vulnerability inside Puffin Web browser. 

However, today I would like to discuss about a low/medium risk issue known as "Pop Up Recursion" vulnerability resulting in a Denial Of Service. This is a known issue and in past has been already addressed in browsers such as Google Chrome, however Puffin Web Browser is still affected by the issue.  


Puffin Web Browser Address Bar Spoofing Vulnerability

During my recent research on Mobile browsers i have managed to find couple of interesting vulnerabilities such as SOP bypass, Denial of service and Address bar spoofing vulnerability which are worth doing a writeup. However, In the following writeup I would discuss about an "Address Bar Spoofing Vulnerability" present inside of a well known mobile browser for both Android and iOS known as "Puffin Web Browser". 

Tags: 1 Comments

Nokia Asha Series Lock Screen Bypass

There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you observe carefully most of them rely upon abusing the "Emergency Calling" option some how. Hammad Shamsi a Security researcher from RHAinfoSec has found a lockscreen bypass which resides in all the latest versions of Nokia Asha series. The bypass occurred due to mishandling of SOS button (Emergency Panic Button) which is present in all Nokia Asha Series and is used to perform the emergency calls.


HTML5 Modern Day Attack And Defence Vectors

Lately, A lot of people have been asking me the reason of my absence and not being active on RHA. The answer is that there are countless factors to which I have lost count myself. Had it been one, I might have remembered it. First of all i was very busy with my studies and also I had been working on my final year project because its right around the corner. All this work had been consuming a lot if my time and then came the task of promoting my upcoming book "Ethical Hacking and Penetration Testing Guide" which took about 10 months of time period to write. Along with it, i have been exploring new horizons with Web Application Firewalls and working on a tool to automatically bypass blacklist based WAF.


Rhainfosec XSS Challenge 2 - Writeup

Last week, we announced our second XSS challenge after the tremendous success of our first XSS challenge. The challenge was based upon a blacklist based protection and the goal was to execute javascript alert(1). We had a huge number of participants for the challenge and in total we had more than 15k attempts for breaking the XSS filter. Out of which only 15 were worthy enough to break it.


Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.