Posts

[Duplicated] Self-XSS & CSRF attack lead to Stored XSS

Image
Hi guys it's me Flex, in this post I will share a new vulnerability on a private program let's call it `example.com` the vulnerability was a Self-XSS with CSRF attack which leads to Stored XSS. The story of the discovery the target is a shop website when I test the function to add a product I start adding my lovely XSS payload  <svg/onload=alert(0)> everywhere and one of them these fields work and give me a pop-up because the input was wrong to the field and the website tells me that this value is wrong so it is a self-XSS I tried to find Clickjacking to make it exploitable but there is no way with clickjacking, after some minutes I tried to find a CSRF attack so I opened my Burp and catch the change request and I notice that there is no CSRF-Token or any CSRF protection so I tried to exploit this two bugs together to get the Stored XSS, the body of the edited request was like that {"basePage":{"draftIds":["victim_id"],"...

Write-Up || Quals: Saudi and Oman CTF 2019 Web Challenges

Image
Welcome Guys, I will solve the web challenges on the Quals of Saudi and Oman CTF 2019 I will solve it on the video but I will talk about the challenges first. The First Challenge is  Maria it's a Hard one with 200 points, this challenge is a SQL injection challenge the first thing you should found the field which you will inject your payload on it if we try to delete the cookie we will see the SQL query which adds your IP to the database so we will inject the IP to get the information from the DB we need the Maria's IP address so we will dump it and we will see that on the video after that when we add the IP we should add the cookies and we will use the cookies from set-cookie header on the response The Second Challenge is  Back to basics  it's an Easy one with 50 points if we try to open the challenge link we will be redirected to Google so we should open it with another way so I used Burp to catch the request but I didn't find anything interes...

[SubFl0w] New Tool

Image
Hi guys, What is the tool do? We write a new Tool this tool you gives it a subdomains list and the tool check all of the lists and if it notices that the subdomain may be vulnerable with subdomain takeover it will tell you about it. Requirements Python2.7 / 3.7 requests lib [pip install requests] colorama lib [pip install colorama] Now to Download you can download it from here:  Tool

Stored XSS on Edmodo main domain

Image
Hey Guys, Today I would like to show you how I found a Stored XSS on Edmodo main domain. when I test the website I create two accounts when I signup I added the XSS payload on the name, I opened the victim account on FireFox and attacker account on Google Chrome and I opened the victim profile and send a request to connect together like add friend now when the victim open my profile to accept the request the XSS payload which was in the name will be executed The POC Video I hope this topic helped you, thank you for reading.

HITB2018DXB Pre-Conf CTF | Write up

Image
In this topic, I will share with your the write-up about the HITB2018DXB Pre-Conf CTF from Cyber Talents I will solve the web security challenges. First challenge [ who am i for 50 points] : at the first when we open the challenge we will found a login form so the first thing I tried to do it's open the source and look on it and I found that so I used this account to enter the panel but I found that I should be an admin to see the flag I think for a few minutes and I try to see the cookies and I found this the value is encoded with base64 so when I decode it I found this value  login=Guest now I changed the Guest to admin and encode it again and I tried to open the page again and I found the flag the flag is:  FLag{B@D_4uTh1Nt1C4Ti0n} ----------- The second challenge [Dark project for 100 points]: when you open the challenge you will find that there is a page when you open one from it there is a new parameter and the page nam...

Steal some JSON response by JSONP injection!!

Image
Some websites depend on JSON to send requests and receive responses and this response can include an information about the logged in user and shouldn't be public to anyone now in this topic we will see how we can steal this data. What is JSON? JSON is a language but isn’t programing language but it’s a lightweight data-interchange format and we can use it to communication between different apps such as ( Android, IOS, Web,….). Exploitation Now some of JSON response is like that In this case, if the response like that you are lucky we can dump this data by writing a small code using JS we will include this file in my page as a JS file in a script tag and we will create a function to dump data and the function name should be  userInfo  this is the exploitation you can see the code in the next image and the response in my page here Attacker page This a useful way and the Basic there are more ways but I don’t want t...

How to start on web applications security

Image
Summary: hey guys I hope you are fine, now I am going to talk about how to start with Web applications security. now if you want to learn something from someone but this guy doesn’t speak the same language of you what will you do?…….yes…you will learn his language to learn from him, it’s the same with web applications now if you want to start “security web application” you should learn how it works, learn it’s language. Now I will talk about the programming language: There are a lot of programming languages you can use Java, ASP, Perl, Ruby, Python, and PHP but the best one is PHP because most of the web applications use it but the other languages have a good future now you learned PHP to understand what website say :D, now you should learn a programming language for the Database to use it with PHP now the Database is something that the website can’t work without it. so you can learn MySQL it’s good but there are others you can search about them “Google Is Yo...