ifixit.com Stored XSS Vulnerability

Well, it has been a long time, since i haven't posted any thing, i was a bit busy with my university exams, However, finally i managed to get some time to write something, Today i am sharing some of the vulnerabilites i found inside a popular website named "ifixit".

I found two XSS one was a Stored XSS and a second one was a Self XSS, However the Self-XSS could have been easily exploited by Clickjacking techniques as the page did not contain X-Frame options, Therefore the Self-XSS was also considered.

Hackers Get Your Team Ready - CTF 365

When it comes to infosec industry we all know that practice is the best way to learn how to defend and protect your system and more important how to find vulnerabilities and flaws within the systems you are after. This is a never ending training and the way you can do it most intensely and extensively is on CTF competitions. 

Today's CTF are becoming more and more complex and engaged. You can find from level based CTF's where you have to pass a level in order to get access to the next, up to more sophisticated systems that mimic different scenarios like internet bank phishing, to complex money laundering scenarios up to attack and defend games where each team get a server full of vulnerabilities or flaws and teams have to patch it while other members exploits the other teams servers.

The Story Behind, How The Data Was Stolen

No one likes to hear the bad news that their computer, email, or phone has been hacked and the data stored in it has been plundered by cyber criminals. And hearing this news during the end of the year with Christmas approaching can only be the Grinch’s cherry on top to a year of disastrous security failures. But the sad fact is many more people are being faced with this problem as Grinch-like hackers continue to steal data on an increasingly significant basis. We may think that we are safe from the problem but in reality we are right in the midst of it, with internet giants coming under the radar as well!

Armed with keyloggers, Trojans, backdoor exploit methods and whatnot; these Grinches are pulling for the grand finale as 2012 comes to a close. Of course, this means that the data Industry has been lacking some major incentives and preventive measures that allowed these criminals to slip in between the cracks and make off with our data. The data breach investigations report is a pictorial representation of the actual scenario; read it to figure out the happenings.

Source: MobiStealth.com

PayPal Pays Me A Total Bounty Of 10,000 For The Command Execution Bug

Recently, I wrote about the command execution vulnerability i found in Paypal for which they sent me an initial payment of 5000$, This story was featured in lots of popular technology blogs like Softpedia, ProPakistani, MyBloggertricks etc. Recently i received an email from Paypal, where they informed me that they have deposited the remaining bounty "4750$" to my business partners Paypal account.

I would also like to let you know that, still more than 20 bugs i sent are being validated by Paypal. 

Mohammad Chose Blogging, I Choose Hacking

blog or hack
Well, this post is not an ordinary one that talks about "Making Six Figure Income Online" or making millions from blogging, it rather contains some interesting piece of advices for Novice Bloggers and also the Ninjas out there who are struggling hard to survive online. It all started, when Mohammad and I met back in 2009 in a Snooker Club. We both were interested in blogging and Internet Marketing, so we therefore had arranged a meeting in order to share our existing blogging strategies.
Read More about the whole story on Mybloggertricks "Mohammad Choose Blogger, I Choose Hacking".

WOW! Paypal Sends Me 5000$ For A Command Execution Vulnerability

Update: 5000$ was the initial payment, Paypal payed another 5000$ which makes the total bug bounty of 10,000$ for the command execution vulnerability - 

PayPal Pays Me A Total Bounty Of 10,000 For The Command Execution Bug

Today when i logged into my Gmail account, I saw Paypal sent me 5000$  for my command execution bug i reported on one of it's subdomains, That's constituted a huge risk to the organization, since an attacker could have easily managed to execute any command on the server. Therefore the bug was extremely critical, however Paypal took more than 2 months to sort it out.
I cannot write more about the vulnerability per the terms of the bug bounty program.

Cracking Cpanel Passwords [Tutorial 2]

One of our guest authors already wrote a post on "Cracking Cpanel passwords", however that method worked for some sites and did not work on others, However, recently avinash mailed me a guest post, which contained two working methods that can be used to crack a Cpanel passwords, I have tested both methods myself and they are working. However, for this method to work, The website on which your shell is uploaded should be already vulnerable to Symlink Bypass (Server Bypass).

Secure Joomla From Hackers

Recently we wrote an article on "Wordpress Mass Defacement Tool "and On "Securing Your Wordpress from being Hacked', However I was requested by one of our readers to write an article on securing joomla blog from hackers and preventing it from being hacked, Joomla just like wordpress is a very widely used CMS platform, Joomla itself is quite secure by default, However the extensions are developed by common developers and most of them have no proper knowledge about security.

Now a days, it has been observed by me that most the hackers do not target vulnerable joomla extensions or joomla itself, however they target websites on the same server and use them to extract the configuration file of joomla that contains the database information. This vulnerability is commonly known as Symlink bypass in the black hat community and Server bypass in our white hat community. So in this article i will talk about the common methods to secure a joomla from hackers and preventing it from being hacked.

Wordpress Mass Defacement Tool

Wordpress as being one the widely used CMS platform is one the favorite target of hackers now a days along with WHMCS, Instead of directly targeting wordpress fucntionalities and vulnerable plugins, it has been observed that the hackers are targeting a vulnerable website on the same server and using it they are able to bypass server restrictions in order to get the configuration file and hence hacking in to the wordpress. This method is commonly known as Symlink Bypassing in Black Hat World and server bypassing in White hat community.

How To Hack HTTP Passwords With Wireshark

Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are using HTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST method used in forms. Now most of the websites on the internet use Http protocol for the authentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.