Advisories

El fraude detrás de las ofertas de trabajo vía WhatsApp

  Últimamente muchas personas hemos recibido mensajes vía WhatsApp de números desconocidos, los cuales ofrecen trabajo en una plataforma en línea con proyectos para grandes empresas como Amazon, AliExpress, Mercado Libre, entre otros, ofreciendo un sueldo entre $500 y $2,000 pesos mexicanos diarios. Para iniciar con el proceso es necesario dar clic al enlace que […]

CVE-2020-23014: APfell/Mythic macOS Post Exploitation and Red-Teaming Framework Authenticated Cross-Site Scripting Vulnerability [Advisory]

[-] Vulnerable Software:APfell/Mythic [-] Software Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user-friendly interface for operators, managers, and reporting throughout mac and Linux-based red teaming. [-] Product Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, […]

Advisory: MyBB Two Factor Authentication extension Vulnerabilities

[-] Product Description:MyBB-2FA is an unmaintained MyBB plugin that allows MyBB admins to enable Two Factor Authentication in for their forums users. [-] Vulnerability Type:Cross Site Request Forgery [-] Impact and more info:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) [-] Vulnerable Request Type:GET based [-] Vulnerable Module/Parameter/Path:MyBB_Installation/usercp.php?action=mybb2fa&do=[ACTION] [-] Proof of Concept URL:MyBB_Installation/usercp.php?action=mybb2fa&do=deactivateMyBB_Installation/usercp.php?action=mybb2fa&do=activate [-] Fix Suggestion:Implement an Anti-CSRF token to protect forging […]

Trick or threat: De la confianza al sexting, la extorsión y el ciberacoso.

El pasado 31 de Noviembre fuimos invitados por la comunidad de Women Who Code Mexico City para dar una charla relacionada a la Seguridad Informática en las oficinas de Linio México. Nuestra charla se enfocó en 3 temas “Sexting, extorsión sexual y el Ciberacoso“, ya que en los últimos años, los casos de extorsión sexual y el ciberacoso por […]

PAYFORT - Multiple Security Issues and Concerns in a PCI/DSS compliant payment processor SDK!

TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our […]

Hak5 C2 (Cloud Command and Control) Self-hosted Server ClickJacking Vulnerability

Today’s discovery is not a big deal, just another Clickjacking in the world, this time in Hak5’s C2 (Cloud Command and Control) Server First, let us know what is Hak5’s C2 (Cloud Command and Control) Server? Hak5 C2 is a cloud self-hosted penetration testing platform lets you perform “Pentest from Anywhere” by connecting and using […]

Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named […]

Hack the Hackers and Track the Trackers: CVE-2017-17713 and CVE-2017-17714 - Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool "Trape" from "Boxug"

  [-] About the Tool: Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. [-] Tool Benefits: One of its most enticing functions is the […]

Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]

  [-] Product Description: phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more. [-] Vulnerability Type: Reflected Cross Site Scripting [-] Impact and more info: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) [-] Version affected: phpSocial / phpDolphin < […]

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info. First what is OpenProject? OpenProject is […]

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk - Open Source Risk Management System

Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]

Previous page Next page

Translate this blog