Puffin Web Browser Address Bar Spoofing Vulnerability

During my recent research on Mobile browsers i have managed to find couple of interesting vulnerabilities such as SOP bypass, Denial of service and Address bar spoofing vulnerability which are worth doing a writeup. However, In the following writeup I would discuss about an "Address Bar Spoofing Vulnerability" present inside of a well known mobile browser for both Android and iOS known as "Puffin Web Browser". 

Tags: 1 Comments

Nokia Asha Series Lock Screen Bypass

There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you observe carefully most of them rely upon abusing the "Emergency Calling" option some how. Hammad Shamsi a Security researcher from RHAinfoSec has found a lockscreen bypass which resides in all the latest versions of Nokia Asha series. The bypass occurred due to mishandling of SOS button (Emergency Panic Button) which is present in all Nokia Asha Series and is used to perform the emergency calls.


HTML5 Modern Day Attack And Defence Vectors

Lately, A lot of people have been asking me the reason of my absence and not being active on RHA. The answer is that there are countless factors to which I have lost count myself. Had it been one, I might have remembered it. First of all i was very busy with my studies and also I had been working on my final year project because its right around the corner. All this work had been consuming a lot if my time and then came the task of promoting my upcoming book "Ethical Hacking and Penetration Testing Guide" which took about 10 months of time period to write. Along with it, i have been exploring new horizons with Web Application Firewalls and working on a tool to automatically bypass blacklist based WAF.


Rhainfosec XSS Challenge 2 - Writeup

Last week, we announced our second XSS challenge after the tremendous success of our first XSS challenge. The challenge was based upon a blacklist based protection and the goal was to execute javascript alert(1). We had a huge number of participants for the challenge and in total we had more than 15k attempts for breaking the XSS filter. Out of which only 15 were worthy enough to break it.


A Simple Design Flaw In Qmobile's Messaging System


This post describes a simple design flaw inside of Qmobile handsets and describes why you shouldn't rely upon built in password protection mechanisms and why encryption is the best solution rather than using password protection mechanism.


RHAinfoSec XSS Challenge - 2

Update: The results are announced here.

Welcome readers,

After a tremendous response with our first XSS challenge, we decided to make your lives a bit harder this summer by launching another XSS challenge. Like always, our challenges always challenging and based upon real world scenarios and the key to solving it mostly rely upon the ability to think outside the box.  

Tags: 0 Comments

Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.