General

Security Vulnerabilities affects Online Services of Egyptian Telecommunications Company "Etisalat Misr"

IntroductionTelecommunications companies nowadays became huge enough to have millions of subscribers under its hood, those companies are doing their best to digitalize and revolutionize their online services to serve the needs of the mass subscribers, In a result of this digitalization process, many security weakness may appear which could affect the safety of customers data […]

‫إزاى تحمي نفسك إفتراضياً ومادياً‬

‫إزاى تحمي نفسك إفتراضياً ومادياً‬   ‫دى عبارة عن نصائح موجودة فى صورة تصنيفات احنا بننصح بيها فى Seekurity، هتقدر بالنصائح دى تحمى نفسك وخصوصيتك سواء لو كنت بتستخدم كمبيوتر او موبايل وانت اونلاين، النصائح دى لا تنطبق على الناس المخترقة بالفعل لان دا بالنسبالهم هتبقى سيناريوهات ملهاش لازمه، والسؤال الفلسفى اللى هوا اعرف انا […]

Video and Audio Eavesdropping in the era of Web Applications!

Web Applications nowadays are capable of making online video and audio chatting and sometimes without even the need of external *plugins* or *extensions* Hooray! From usability perspective this is something so cool and very helpful but we are not here for usability, Usability is always cool but when it comes to security concerns, the whole […]

Los sitios olvidados y hackeados del Gobierno Mexicano

Los gobiernos en México, tanto municipales, estatales o federales, tienen poco o nulo interés por la seguridad informática. Tras un trabajo de investigación, encontramos más de dieciséis sitios gubernamentales, vulnerados y que permanecen en el abandono o que sus administradores no se han dado cuenta que alguien los ha hackeado. Anteriormente Seekurity notificó a instancias […]

Twitter Denial of Service bug or How i could prevent all followers from reading or accessing literally ANY tweets!

 Hi Everyone, It’s Seif Elsallamy here, I have been away for a while, I really miss doing the stuff i’m good at, Yes breaking things, here take a look at my old posts. I’m back again to all of you with a cool denial of service bug I’ve discovered in Twitter but before diving in […]

Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!

Hi Folks, This is the third part of A brief on Abusing Invitation Systems blog post, In case you have missed the previous parts of this story of write-ups, it is advised to have a sneak peak at the First Second part before you go on with this post. So before we kick off to […]

Physical Security: Apple macOS Mojave screen lock glitch leaking the secrets behind it!

Let’s start with a simple question, what is Physical Security? and why it’s important? Based on techtarget.com’s article: Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural […]

Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!

 In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger. First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it […]

Google Drive: Bad implemented Logic leads to trivial bypass of any "Large File Download Quota Limits"!

TL;DR Today’s bug is a trivial bypass one which if exploited will give the attacker the ability to download a large file regardless of the quota limits that Google put in place as a mitigation/control for any kind of abuse.

تطبيقات الفدية الخبيثة "رانسوموير" إحصائيات ونقاش ومعلومات وحلول

  “الحقونى، ملفاتى كلها اتشفرت” تقريباً مفيش اى حد مسمعش عن تطبيقات الفدية الخبيثة، واحد من اصل ١٠ اشخاص بيصابوا بيها، ومفيش مره ننزل فيها بوست على فيسبوك غير لما يكون فى على الاقل كومنت من نوع “الحقنى ملفاتى اتشفرت” او “الحقنى ملفاتى كلها اتغير امتدادها ومبقتش تفتح” او “سكرين شوت من سطح المكتب وكل […]

Trick or threat: De la confianza al sexting, la extorsión y el ciberacoso.

El pasado 31 de Noviembre fuimos invitados por la comunidad de Women Who Code Mexico City para dar una charla relacionada a la Seguridad Informática en las oficinas de Linio México. Nuestra charla se enfocó en 3 temas “Sexting, extorsión sexual y el Ciberacoso“, ya que en los últimos años, los casos de extorsión sexual y el ciberacoso por […]

PAYFORT - Multiple Security Issues and Concerns in a PCI/DSS compliant payment processor SDK!

TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our […]

تحقيق وتحليل تقنى: جريدة الاهرام النسخة الانجليزية تقوم بإستخدام اجهزة الزوار لتعدين عملات رقمية بتكنيك مختلف وجديد!

موضة جديدة اتبعتها المواقع حديثا وهيا الكسب من خلال تعدين العملات الرقمية بدلا من استخدام اعلانات Google Ads او اى خدمة اعلانات اخرى على امل تحقيق مكسب اسرع، فى التحقيق دا هنتكلم عن جريدة “الاهرام اونلاين” وتعدين العملات الرقمية، واحد من متابعينا بتاريخ ٩ نوفمبر ٢٠١٨ بعتلنا على الصفحة الرسمية ل Seekurity ان موقع “جريدة […]

CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!

Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin. What is Coinhive? Coinhive is a cryptocurrency mining service that relies on a small chunk of javascript code designed […]

Hak5 C2 (Cloud Command and Control) Self-hosted Server ClickJacking Vulnerability

Today’s discovery is not a big deal, just another Clickjacking in the world, this time in Hak5’s C2 (Cloud Command and Control) Server First, let us know what is Hak5’s C2 (Cloud Command and Control) Server? Hak5 C2 is a cloud self-hosted penetration testing platform lets you perform “Pentest from Anywhere” by connecting and using […]

Campaña de extorsión sexual: Su cuenta (john@doe.com) fue pirateada

Una campaña de extorsión está tomando por sorpresa a muchas personas y al día de hoy (25-Sept) ha recaudado 0.66982408 Bitcoins (Aproximadamente $4,288.51 dólares) y la cifra seguirá aumentando. URL al Wallet: https://seekurity.com/services/goto/3i El mensaje pretende haber sido enviado por un extorsionador que ha “hackeado” su computadora y ha activado la cámara web de la computadora para […]

United Nations (UN) - A tail of leaking thousands of Job Applicants CVs and documents online, Path Disclosure and Information Disclosure Vulnerabilities!

In this blogpost we will clarify how we found A tail of vulnerabilities from leaking thousands of Job Applicants CVs and documents online to Path Disclosure and Information Disclosure Vulnerabilities in one of United Nations WordPress websites but first what is United Nations? The United Nations (UN) is an intergovernmental organization tasked to promote international […]

Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook […]

La CNBV expone públicamente información sensible de 1,700 usuarios, documentos e información interna.

Exponer información sensible a internet es un tema delicado, principalmente cuando los motores de búsqueda como Google pueden estar en contra tuya gracias a las malas prácticas o malas configuraciones implementadas en los sistemas. Así como durante Abril del 2016 la lista de 93 millones de votantes mexicanos estaba expuesta públicamente en servidores de Amazon, […]

Asus Control Center - An Information Disclosure and a database connection Clear-Text password leakage Vulnerability

What is Asus Control Center? ASUS Control Center is a whole new centralized IT management software. The software is capable of monitoring and controlling ASUS servers, workstations, and commercial products including notebooks, desktops, All-in-One (AiO) PCs, thin client, and digital signage.

١٠١ - دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب

“101 دليلك فى البرمجة ومجال امن وحماية واختبار اختراق تطبيقات الويب” “ازاى ابدأ فى مجال اختبار اختراق تطبيقات الويب؟” – “ازاى ادخل مجال ال Web Application Security Pentesting” دا مثال للأسئلة اللى بنستقبلها مراراً وتكراراً، كنت كتبت بوست قبل كدا بيشرح كل دا من A to Z هنزله النهارده تانى بس فى صورة مقال علشان […]

Fuga de datos en Aliada, la limpieza empieza por la casa…

Hace algún tiempo mientras realizabamos una búsqueda en Google de archivos con extensión “TXT”, nos encontramos con que Google había indexado un archivo de una URL que contenía un nombre muy familiar… Aliada. Para los que no conocen que es Aliada, aquí la descripción que se encuentra en su sitio web: “Aliada es la plataforma […]

Hijacking User's Private Information access_token from Microsoft Office360 facebook App

Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in […]

Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named […]

Re-dressing Instagram - Leaking Application Tokens via Instagram ClickJacking Vulnerability!

(Photo Illustration by Thomas Trutschel/Photothek via Getty Images) Hi Guys, I hope all of you are doing great and in a well state. Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your […]

The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability!

Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and […]

The Fuzz...The Bug..The Action - A Race Condition bug in Facebook Chat Groups leads to spy on conversations!

Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru)  ,  Rolling around and Bypassing Facebook’s Linkshim protection on iOS Today I’m gonna show you a race condition bug which i recently fall […]

Hack the Hackers and Track the Trackers: CVE-2017-17713 and CVE-2017-17714 - Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool "Trape" from "Boxug"

  [-] About the Tool: Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. [-] Tool Benefits: One of its most enticing functions is the […]

D-Link Middle East “DLink-MEA” website is secretly mining cryptocurrencies

Introduction Bitcoin mining websites became the new fashion of 2017 and there is no dust on that but when it comes to compromise websites to host such fashion it becomes a headache (well to the consumers at least). Have you heard about KRACK the WPA2 vulnerability? If you did you probably was searching for your […]

Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

  Hey Folks, Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems. In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet […]

Rolling around and Bypassing Facebook's Linkshim protection on iOS

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru) Before we go in depth, lets know What is Linkshim ?

Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug […]

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info. First what is OpenProject? OpenProject is […]

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk - Open Source Risk Management System

Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]

Stored XSS in the heart of the Russian email provider giant (Mail.ru)

  Hi, I’m Seif Elsallamy a bug hunter from Seekurity Team, Today i will show you a critical reflected Cross Site Scripting bug affecting mail.ru and could be used as an XSS worm but first let’s dive into some general information.

Vulnerability in Metasploit Project aka CVE-2017-5244

    Hi Guys, I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂 Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, […]

Let's steal some tokens!

Hey There, How you doing? Good? Cool! In this blog post I will be talking about my experience with minor bugs chained together to steal sensitive tokens. #1. Stealing CSRF tokens through Google Analytics. While randomly testing things on apps.shopify.com, I landed at some random app page and hit the Write a review button, I […]

CyberTalents CTF web security challenges write-up

Hey Folks, My name is Mahmoud, a web application penetration tester, I have recently joined Seekurity and today I will share with you the details of the National Cyber Security CTF we recently had in Egypt. This year, CyberTalents organised a cyber security CTF in Egypt sponsored by Trend Micro which is probably the largest and […]

Facebook Messenger and HSTS

Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png This article was originally covered by Tom Spring of ThreatPost. On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back. Facebook is dismissing […]

Uber Vulnerability

There is no excerpt because this is a protected post.

#OperationTakeDown: Netflix Phishing Attack & Analysis

Hi Folks, Days ago, one of our clients received an email with the next subject in Spanish: “Problemas con tu membresia de Netflix” (Problems with your Netflix membership). The email was in his SPAM folder with the follow caption: “Be careful with this message. It contains a suspicious link that has been used to steal […]

BMW Vulnerabilities - Hijack Cars ConnectedDrive™ Service!

Hi Folks, Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service! . First what is BMW ConnectedDrive service? BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to […]

RunKeeper Stored XSS Vulnerability - Where worms are able to run too!

    RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

Cookie stuffing: How we are part of a fraud of millions of dollars

  What is Cookie stuffing fraud? Is an activity which allows actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users (for this case users who made an online purchase in Amazon, Walmart, eBay or any other Online Store), even if the affiliate marketer didn’t actively […]

TopCoder.com Vulnerabilities - A tail of site-wide bugs leads to accounts compromise & payments hijacking

Hi Folks, TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Microsoft Yammer Clickjacking - Exploiting HTML5 Security Features

    Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best! Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is […]

When your privacy disclosure is a "feature" not a "bug" - Badoo & HotorNot failure!

Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more! Let me tell you a story of two websites that don’t respect yours and putting it on danger…

Fiverr.com Full Accounts Takeover - A Vulnerability Puts $50 Million Company At Risk

Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk. Fiverr raised $30 million in a third round of institutional funding to continue supporting the new version of its […]

Facebook Vulnerability - a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings

 Hi Folks, My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook. Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link

FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

Introduction: Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues! For example android devices can be managed through “Google Device Manager”,  iOS devices […]

Facebook movies recommendation vulnerability - A bug capable of erasing all your important notifications!

Hi Folks, Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work! When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…

WhatsApp Clickjacking Vulnerability - Yet another web client failure!

Hi Folks, I know it’s a little bit lame to mention 2 clickjacking vulnerabilities in row but that what bug hunters always do exposing the largest companies security failures, (Previously was Telegram) this time is the gigantic well-known 19 billion dollar messenger WhatsApp.

Official Telegram Web Client ClickJacking Vulnerability - When crypto is strong and client is weak

    [*] Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Web Application Security on Fire - PHP Developers Cheat Sheet version (Slides from UNAM Mexico talk)

  Hey! Building a website? Or already built a one? Think twice before going public and let us protect your business!

VoIP Security Analysis with Asterisk

Adopting new technologies such as VoIP by small, medium and large companies, isn’t only  about the benefit representing a decrease in costs, is about an risk increase exposure too, which can be reflected in the payment of  large sums of money , because (national or international) calls made by people outside the company.

Facebook API 2.x Bypassed!

This is the write up of my last Facebook Report, How I was able to bypass the permissions approvals system in the 2.x Facebook API Versions in 2 different ways. FIRST Flow : +++Flow discussion:

Previous page Next page

Translate this blog
Scroll Up