Posts

Showing posts from November, 2018

[SubFl0w] New Tool

Image
Hi guys, What is the tool do? We write a new Tool this tool you gives it a subdomains list and the tool check all of the lists and if it notices that the subdomain may be vulnerable with subdomain takeover it will tell you about it. Requirements Python2.7 / 3.7 requests lib [pip install requests] colorama lib [pip install colorama] Now to Download you can download it from here:  Tool

Stored XSS on Edmodo main domain

Image
Hey Guys, Today I would like to show you how I found a Stored XSS on Edmodo main domain. when I test the website I create two accounts when I signup I added the XSS payload on the name, I opened the victim account on FireFox and attacker account on Google Chrome and I opened the victim profile and send a request to connect together like add friend now when the victim open my profile to accept the request the XSS payload which was in the name will be executed The POC Video I hope this topic helped you, thank you for reading.

HITB2018DXB Pre-Conf CTF | Write up

Image
In this topic, I will share with your the write-up about the HITB2018DXB Pre-Conf CTF from Cyber Talents I will solve the web security challenges. First challenge [ who am i for 50 points] : at the first when we open the challenge we will found a login form so the first thing I tried to do it's open the source and look on it and I found that so I used this account to enter the panel but I found that I should be an admin to see the flag I think for a few minutes and I try to see the cookies and I found this the value is encoded with base64 so when I decode it I found this value  login=Guest now I changed the Guest to admin and encode it again and I tried to open the page again and I found the flag the flag is:  FLag{B@D_4uTh1Nt1C4Ti0n} ----------- The second challenge [Dark project for 100 points]: when you open the challenge you will find that there is a page when you open one from it there is a new parameter and the page nam...