Collaborate Disseminate
Edgy XSS bypass, hacking fitness tracking in China, Russian hackers love power, leaky backups, Google hates Phishing for Google employees, Apache Tomcat, Solaris vulnerabilities that weren’t really fixed, OpenWhisk fails to beat a vulnerability. … Continue reading Russian Hackers, OpenWhisk, and Tomcat – Hack Naked News #182
Have you ever experienced that sinking feeling when you discover that you’ve run out of one crucial ingredient for a special meal? It might be a single ingredient, but it ruins the whole dish, doesn’t it? In the world of web application security, one a… Continue reading Type Juggling Authentication Bypass Vulnerability in CMS Made Simple
An exploit for the bypass vulnerability required an HTTP parameter pollution in a web application. Continue reading Google Patches reCAPTCHA Bypass
It appears some ads have already found simple workarounds. Continue reading Facebook Is Investigating Bitcoin Ads Bypassing Its New Ban
I was probing for a reflected xss and I haven’t been able to beat the url encoding being performed on the backslash character. the <script>alert(1)<script> is reflected as it is but backslash is encoded into %2F. … Continue reading bypassing url encoding to cause xss
Setting: bettercap hsts bypassing
Victim: some Facebook-User
Issue: once a victim connected to a https:// …Facebook.com, hsts seems to apply to all Facebook domains, even to Facebook.de
I discovered that if you were once connected to a secured fb.com page you cannot do a hsts bypass with bettercap anymore.
With a fresh browser connecting to Facebook.de I can get http and thus beeing able to redirect the victim. But once he victim has been on https:// de-de.facebook.com before the former approach doesn’t work anymore.
I cannot figure out what the special thing about their hsts header could be. Other pages like golem.de have hsts too but the attack still works, even if I connected to the site before via https.
My guess:
Once the browser was able to resolve Facebook.de into Facebook.com the hsts is set for Facebook.com. Then the next time I try to get http://Facebook.de the browser remembers the former resolve and thus instantly switches to https://de-de.facebook.com.
Can someone confirm this?
Next issue: as far as I could view it, Facebook.com does not have the “subdomains” property set in the hsts header. So why does it still work with subdomains like de-de.facebook.com or does this domain have its own hsts header?
Best regards fabian
WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote,unauthenticated attacker to change the administrator password on the device. Continue reading VU#350135: Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin
The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page,and do not sufficiently protect administrator credentials. Continue reading VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Hundreds of thousands–potentially more than one million–Netgear routers are susceptible to a pair of vulnerabilities that can lead to password disclosure. Continue reading Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass
This bypass affects iOS versions 8 through 10.2 beta, and ignores both the passcode and TouchID Continue reading iPhones vulnerable to yet another lockscreen bypass