Collaborate Disseminate
I recently found a prototype pollution vulnerability in an open-source project.
The code was something like this:
var a = {}
var b = JSON.parse(‘some_user_input_where_payload_can_be_sent’)
// consider b = JSON.parse(‘{"__proto__"… Continue reading Prototype Pollution – Is this effective only for the Global objects?
I am doing a research on an app which has some secret ID. I see that the source code of the app has the secret ID hardcoded inside and the API to request for the access token has just this Secret ID as its query parameter. So ideally it is… Continue reading What is the significance of an app leaking its access token – knowingly/unknowingly with just read access
I recently found a prototype pollution vulnerability in an application using nodejs and am trying to write an exploit for the same.
I did a simple exploit by using the usual isAdmin flag which is mentioned in a lot of blogs/writeups, etc a… Continue reading Escalating prototype pollution vulnerability in an application
I am trying to perform prototype pollution exploit for a project to demonstrate the vulnerability to the owner.
So I am trying to pollute the toString() function from the user inputs.
The user input has two fields mode of contact and conta… Continue reading Prototype pollution in server instances exploit – what is the correct approach?
I have the APK of an application and analyzed it using MobSF static analysis. It says the application talks with Firebase Database and provides a URL.
Obviously, the URL is not accessible.
I am new to this so trying to find tools from GitH… Continue reading How to Scan Firebase Database?
Analyzing an android app’s traffic POST request, it sends some important pieces of data in the form of URL encoding. This is pretty easy to decode and get the data. The data is sent over HTTPS. But is it safe to perform URL encoding of the… Continue reading Burp suite: URL encoding of request body – Is this safe?
I am passing the Cookie header of a valid authenticated, high privileged user to the unauthenticated or low privileged user using Autorize (Burp Extension).
So ideally, the Autorize says the requests are bypassed because the Cookie header … Continue reading Passing the session ID of an unauthenticated user to a valid session using Burp
I am testing website security when I came across this:
When I enter the site URL, the user is given a session ID without any user input like:
7F746326038B30F51609423B2086BEBB
Scenario 1: Once I logged into the website by providing the cor… Continue reading Session ID not changed after logging in/ logging out
I am analyzing the HTTPS traffic from a particular Android app using the Burp proxy. So every 5 minutes, the app hits an endpoint and sends an encrypted/encoded text in its HTTPS request. I tried decoding it using CyberChef Base-64 and rep… Continue reading Encrypted/Encoded text in the Burp HTTPS request – Android [duplicate]
I am intercepting the android app’s traffic and there is this weird content seen on the HTTP request and response body. The request is actually sending an image file(.jpg) and this weird content is seen below in the request body. The respo… Continue reading Non readable text values in the Burp http requests and responses