PoC Gallery

Video and Audio Eavesdropping in the era of Web Applications!

Web Applications nowadays are capable of making online video and audio chatting and sometimes without even the need of external *plugins* or *extensions* Hooray! From usability perspective this is something so cool and very helpful but we are not here for usability, Usability is always cool but when it comes to security concerns, the whole […]

Twitter Denial of Service bug or How i could prevent all followers from reading or accessing literally ANY tweets!

 Hi Everyone, It’s Seif Elsallamy here, I have been away for a while, I really miss doing the stuff i’m good at, Yes breaking things, here take a look at my old posts. I’m back again to all of you with a cool denial of service bug I’ve discovered in Twitter but before diving in […]

Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!

Hi Folks, This is the third part of A brief on Abusing Invitation Systems blog post, In case you have missed the previous parts of this story of write-ups, it is advised to have a sneak peak at the First Second part before you go on with this post. So before we kick off to […]

Physical Security: Apple macOS Mojave screen lock glitch leaking the secrets behind it!

Let’s start with a simple question, what is Physical Security? and why it’s important? Based on techtarget.com’s article: Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural […]

Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!

 In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger. First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it […]

Google Drive: Bad implemented Logic leads to trivial bypass of any "Large File Download Quota Limits"!

TL;DR Today’s bug is a trivial bypass one which if exploited will give the attacker the ability to download a large file regardless of the quota limits that Google put in place as a mitigation/control for any kind of abuse.

تحقيق وتحليل تقنى: جريدة الاهرام النسخة الانجليزية تقوم بإستخدام اجهزة الزوار لتعدين عملات رقمية بتكنيك مختلف وجديد!

موضة جديدة اتبعتها المواقع حديثا وهيا الكسب من خلال تعدين العملات الرقمية بدلا من استخدام اعلانات Google Ads او اى خدمة اعلانات اخرى على امل تحقيق مكسب اسرع، فى التحقيق دا هنتكلم عن جريدة “الاهرام اونلاين” وتعدين العملات الرقمية، واحد من متابعينا بتاريخ ٩ نوفمبر ٢٠١٨ بعتلنا على الصفحة الرسمية ل Seekurity ان موقع “جريدة […]

CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!

Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin. What is Coinhive? Coinhive is a cryptocurrency mining service that relies on a small chunk of javascript code designed […]

Hak5 C2 (Cloud Command and Control) Self-hosted Server ClickJacking Vulnerability

Today’s discovery is not a big deal, just another Clickjacking in the world, this time in Hak5’s C2 (Cloud Command and Control) Server First, let us know what is Hak5’s C2 (Cloud Command and Control) Server? Hak5 C2 is a cloud self-hosted penetration testing platform lets you perform “Pentest from Anywhere” by connecting and using […]

United Nations (UN) - A tail of leaking thousands of Job Applicants CVs and documents online, Path Disclosure and Information Disclosure Vulnerabilities!

In this blogpost we will clarify how we found A tail of vulnerabilities from leaking thousands of Job Applicants CVs and documents online to Path Disclosure and Information Disclosure Vulnerabilities in one of United Nations WordPress websites but first what is United Nations? The United Nations (UN) is an intergovernmental organization tasked to promote international […]

Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook […]

Asus Control Center - An Information Disclosure and a database connection Clear-Text password leakage Vulnerability

What is Asus Control Center? ASUS Control Center is a whole new centralized IT management software. The software is capable of monitoring and controlling ASUS servers, workstations, and commercial products including notebooks, desktops, All-in-One (AiO) PCs, thin client, and digital signage.

Hijacking User's Private Information access_token from Microsoft Office360 facebook App

Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in […]

Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script

During a quick trial security assessment (not fully tested) of Crea8Social Social Network Script our team at Seekurity.com SAS de C.V. identified several severe Cross-Site Scripting Vulnerabilities in the platform that been widely used on the internet to create your own social network website (BTW this script used in the alleged new Egyptian Facebook named […]

Re-dressing Instagram - Leaking Application Tokens via Instagram ClickJacking Vulnerability!

(Photo Illustration by Thomas Trutschel/Photothek via Getty Images) Hi Guys, I hope all of you are doing great and in a well state. Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your […]

The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability!

Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and […]

The Fuzz...The Bug..The Action - A Race Condition bug in Facebook Chat Groups leads to spy on conversations!

Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru)  ,  Rolling around and Bypassing Facebook’s Linkshim protection on iOS Today I’m gonna show you a race condition bug which i recently fall […]

Hack the Hackers and Track the Trackers: CVE-2017-17713 and CVE-2017-17714 - Multiple SQL Injections and XSS Vulnerabilities found in the Hackers tracking tool "Trape" from "Boxug"

  [-] About the Tool: Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. [-] Tool Benefits: One of its most enticing functions is the […]

Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

  Hey Folks, Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems. In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet […]

Rolling around and Bypassing Facebook's Linkshim protection on iOS

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru) Before we go in depth, lets know What is Linkshim ?

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info. First what is OpenProject? OpenProject is […]

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk - Open Source Risk Management System

Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]

Stored XSS in the heart of the Russian email provider giant (Mail.ru)

  Hi, I’m Seif Elsallamy a bug hunter from Seekurity Team, Today i will show you a critical reflected Cross Site Scripting bug affecting mail.ru and could be used as an XSS worm but first let’s dive into some general information.

Vulnerability in Metasploit Project aka CVE-2017-5244

    Hi Guys, I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂 Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, […]

Godaddy XSS affects parked domains redirector/processor!

Hi Folks, I’m not going to talk a lot about this issue because it’s a little bit trivial but it affects Godaddy’s parked domains redirector/processor.

Previous page Next page

Translate this blog