Últimamente muchas personas hemos recibido mensajes vía WhatsApp de números desconocidos, los cuales ofrecen trabajo en una plataforma en línea con proyectos para grandes empresas como Amazon, AliExpress, Mercado Libre, entre otros, ofreciendo un sueldo entre $500 y $2,000 pesos mexicanos diarios. Para iniciar con el proceso es necesario dar clic al enlace que […]
[-] Vulnerable Software:APfell/Mythic [-] Software Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It’s designed to provide a collaborative and user-friendly interface for operators, managers, and reporting throughout mac and Linux-based red teaming. [-] Product Description:APfell/Mythic is a cross-platform, post-exploit, red teaming framework built with python3, docker, […]
[-] Product Description:MyBB-2FA is an unmaintained MyBB plugin that allows MyBB admins to enable Two Factor Authentication in for their forums users. [-] Vulnerability Type:Cross Site Request Forgery [-] Impact and more info:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) [-] Vulnerable Request Type:GET based [-] Vulnerable Module/Parameter/Path:MyBB_Installation/usercp.php?action=mybb2fa&do=[ACTION] [-] Proof of Concept URL:MyBB_Installation/usercp.php?action=mybb2fa&do=deactivateMyBB_Installation/usercp.php?action=mybb2fa&do=activate [-] Fix Suggestion:Implement an Anti-CSRF token to protect forging […]
El pasado 31 de Noviembre fuimos invitados por la comunidad de Women Who Code Mexico City para dar una charla relacionada a la Seguridad Informática en las oficinas de Linio México. Nuestra charla se enfocó en 3 temas “Sexting, extorsión sexual y el Ciberacoso“, ya que en los últimos años, los casos de extorsión sexual y el ciberacoso por […]
TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our […]
Today’s discovery is not a big deal, just another Clickjacking in the world, this time in Hak5’s C2 (Cloud Command and Control) Server First, let us know what is Hak5’s C2 (Cloud Command and Control) Server? Hak5 C2 is a cloud self-hosted penetration testing platform lets you perform “Pentest from Anywhere” by connecting and using […]
During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named […]
[-] About the Tool: Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. [-] Tool Benefits: One of its most enticing functions is the […]
[-] Product Description: phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more. [-] Vulnerability Type: Reflected Cross Site Scripting [-] Impact and more info: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) [-] Version affected: phpSocial / phpDolphin < […]
Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info. First what is OpenProject? OpenProject is […]
Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]
Previous page Next page