Posts

Showing posts from October, 2018

Steal some JSON response by JSONP injection!!

Image
Some websites depend on JSON to send requests and receive responses and this response can include an information about the logged in user and shouldn't be public to anyone now in this topic we will see how we can steal this data. What is JSON? JSON is a language but isn’t programing language but it’s a lightweight data-interchange format and we can use it to communication between different apps such as ( Android, IOS, Web,….). Exploitation Now some of JSON response is like that In this case, if the response like that you are lucky we can dump this data by writing a small code using JS we will include this file in my page as a JS file in a script tag and we will create a function to dump data and the function name should be  userInfo  this is the exploitation you can see the code in the next image and the response in my page here Attacker page This a useful way and the Basic there are more ways but I don’t want t...

How to start on web applications security

Image
Summary: hey guys I hope you are fine, now I am going to talk about how to start with Web applications security. now if you want to learn something from someone but this guy doesn’t speak the same language of you what will you do?…….yes…you will learn his language to learn from him, it’s the same with web applications now if you want to start “security web application” you should learn how it works, learn it’s language. Now I will talk about the programming language: There are a lot of programming languages you can use Java, ASP, Perl, Ruby, Python, and PHP but the best one is PHP because most of the web applications use it but the other languages have a good future now you learned PHP to understand what website say :D, now you should learn a programming language for the Database to use it with PHP now the Database is something that the website can’t work without it. so you can learn MySQL it’s good but there are others you can search about them “Google Is Yo...

Cryptography Tutorial | Part 2

Image
Hey guys the last tutorial we talk about the  Ceaser Cipher Algorithm in this tutorial we will talk about  Polyalphabetic Cipher we will talk about the Encryption & Decryption process like part one. Encryption : now let's imagen that we want to encrypt this word security we will use the same  sequence 0 1  2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z now we will split security word to groups three letters in the group to be like that sec uri ty there is two letters we will skip it and continue, the encryption way it's 1. the first letter will be moved 3 letters to the right 2. the second letter will be moved 5 letters to the right 3. the third letter will be moved 7 letters to the right (if the numbers is finished we will start from the first from zero) so the encryption to this letters sec is: S => V E => J C => J the sam...

Cryptography Tutorial | Part 1

Image
Hi guys how are you? I hope you are fine in this topic we will talk about the Cryptography this field is a huge field we will split this field into parts of topics let's start. In this part of the topic, we will talk about a simple algorithm in the Cryptography field it's Ceaser Cipher this algorithm is one of the old algorithms and the Ceaser king was use it in encrypt the messages, let's see how we can use this encryption. Encryption : we will imagen that we want to encrypt this word Hello to encrypt this word we should have the encryption key (k) let's imagine gen that it's equal 3 so k=3 see this 0 1  2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z we will found that every letter equal number we will use this equation CipherText = E(k,p) = (p+k) mod 26 p is the letter place and k is the encryption & decryption key and 26 it's the number of English letters so this let...

[Critical] Bypass CSRF protection on IBM

Image
What is CSRF? CSRF is an attack when tricks the victim to send a malicious request to the website which affected with CSRF vulnerability this request can be used to send a request to change the Username, Password, Emails and etc... What did I found on IBM? when I test IBM main domain I send a request to change my email and I notice that the website send a GET request to change the email but the cool thing that no CSRF tokens on the request so I said this is CSRF :P, but when I try to exploit the CSRF attack it gives me an error so I was like: but I told to my self I should know the issue and solve it so I digging more and notice that the error was because the Referer Header the website just accept this value when changing the Email: (  https://www.ibm.com/ibmweb/myibm/profile/profile-edit.jsp  ) the website protect the request using this method to know if the request from his website or from the external website now we know the iss...

How I bypassed eBay process on redirect twice

Image
hey, guys, this is my first blog so be free to comment any suggestion to improve my blog in the next time. eBay  is a web application like  Amazon  to buy or sell something on it should have more security to save the users information because the website has a sensitive information. I started testing the site and when i enter my account to log in i notice that in the GET request (in the link) then the website redirect me after the login so i tried to change the host to another one but it does not work so i started looking for a bypass for this filter so i enter the link like that  http://ebay.com@google.com   but unfortunately it’s not work. I don’t give up and tried to bypass it again so i add the link like that  http://test.ebay.com/   so it’s work and i redirected to ( test.ebay.com ) but it’s not open redirect but it’s helped me a lot now I can redirect the user to a subdomain so in this time thinking about how i can make this useful...