Write Ups
Security Vulnerabilities write-ups

Security Vulnerabilities affects Online Services of Egyptian Telecommunications Company "Etisalat Misr"

IntroductionTelecommunications companies nowadays became huge enough to have millions of subscribers under its hood, those companies are doing their best to digitalize and revolutionize their online services to serve the needs of the mass subscribers, In a result of this digitalization process, many security weakness may appear which could affect the safety of customers data […]

Twitter Denial of Service bug or How i could prevent all followers from reading or accessing literally ANY tweets!

 Hi Everyone, It’s Seif Elsallamy here, I have been away for a while, I really miss doing the stuff i’m good at, Yes breaking things, here take a look at my old posts. I’m back again to all of you with a cool denial of service bug I’ve discovered in Twitter but before diving in […]

Business Logic Vulnerabilities Series: Hot Fixes Getting Cold, A journey of 7 Versions/Years of a sole Facebook vulnerability!

Hi Folks, This is the third part of A brief on Abusing Invitation Systems blog post, In case you have missed the previous parts of this story of write-ups, it is advised to have a sneak peak at the First Second part before you go on with this post. So before we kick off to […]

Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!

 In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger. First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it […]

CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!

Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin. What is Coinhive? Coinhive is a cryptocurrency mining service that relies on a small chunk of javascript code designed […]

United Nations (UN) - A tail of leaking thousands of Job Applicants CVs and documents online, Path Disclosure and Information Disclosure Vulnerabilities!

In this blogpost we will clarify how we found A tail of vulnerabilities from leaking thousands of Job Applicants CVs and documents online to Path Disclosure and Information Disclosure Vulnerabilities in one of United Nations WordPress websites but first what is United Nations? The United Nations (UN) is an intergovernmental organization tasked to promote international […]

Business Logic Vulnerabilities Series: A Story of a 4-Years-old (and counting) Facebook Security Bug!

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is Second part of A brief on Abusing Invitation Systems blog post . In this blog post I will be mainly focusing on how I was able “by following the tips and tricks in the previous blog post” to bypass Facebook […]

Asus Control Center - An Information Disclosure and a database connection Clear-Text password leakage Vulnerability

What is Asus Control Center? ASUS Control Center is a whole new centralized IT management software. The software is capable of monitoring and controlling ASUS servers, workstations, and commercial products including notebooks, desktops, All-in-One (AiO) PCs, thin client, and digital signage.

Fuga de datos en Aliada, la limpieza empieza por la casa…

Hace algún tiempo mientras realizabamos una búsqueda en Google de archivos con extensión “TXT”, nos encontramos con que Google había indexado un archivo de una URL que contenía un nombre muy familiar… Aliada. Para los que no conocen que es Aliada, aquí la descripción que se encuentra en su sitio web: “Aliada es la plataforma […]

Hijacking User's Private Information access_token from Microsoft Office360 facebook App

Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in […]

Re-dressing Instagram - Leaking Application Tokens via Instagram ClickJacking Vulnerability!

(Photo Illustration by Thomas Trutschel/Photothek via Getty Images) Hi Guys, I hope all of you are doing great and in a well state. Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your […]

The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability!

Hi Guys, How are you doing? Well i’ll consider and hope the answer is “Fine”… Today i will show you a bug i found in Facebook without even using any kind of testing tools BUT those kind of bugs requires what’s more than tools, it requires a hawk-eye, A platform-aware bug hunter mentality, a poet and […]

The Fuzz...The Bug..The Action - A Race Condition bug in Facebook Chat Groups leads to spy on conversations!

Hi Folks, Long time no see, it’s Seif Elsallamy, Remember me ? if not 🙁 you may go through my previous blogs Stored XSS in the heart of the Russian email provider giant (Mail.ru)  ,  Rolling around and Bypassing Facebook’s Linkshim protection on iOS Today I’m gonna show you a race condition bug which i recently fall […]

Business Logic Vulnerabilities Series: How I became invisible and immune to blocking on Instagram!

  Hey Folks, Welcome back again, This is Ali Kabeel in case you don’t remember me read my first blog about Abusing invitations systems. In this blog we will be continuing our talk about Business logic bugs and how dangerous and simple they can become, I will be showing you one of the simplest yet […]

Rolling around and Bypassing Facebook's Linkshim protection on iOS

Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru) Before we go in depth, lets know What is Linkshim ?

Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems

Hi Guys, I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug […]

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info. First what is OpenProject? OpenProject is […]

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk - Open Source Risk Management System

Hi Guys, Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself What is SimpleRisk? SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers […]

Stored XSS in the heart of the Russian email provider giant (Mail.ru)

  Hi, I’m Seif Elsallamy a bug hunter from Seekurity Team, Today i will show you a critical reflected Cross Site Scripting bug affecting mail.ru and could be used as an XSS worm but first let’s dive into some general information.

Vulnerability in Metasploit Project aka CVE-2017-5244

    Hi Guys, I hope you all are fine and doing well. Yes you read it right, We managed to find a vulnerability in a framework used to exploit vulnerabilities! “Today is me tomorrow will be you” 🙂 Today we will talk about a CSRF vulnerability affects the web application of both versions (Express, […]

Godaddy XSS affects parked domains redirector/processor!

Hi Folks, I’m not going to talk a lot about this issue because it’s a little bit trivial but it affects Godaddy’s parked domains redirector/processor.

Let's steal some tokens!

Hey There, How you doing? Good? Cool! In this blog post I will be talking about my experience with minor bugs chained together to steal sensitive tokens. #1. Stealing CSRF tokens through Google Analytics. While randomly testing things on apps.shopify.com, I landed at some random app page and hit the Write a review button, I […]

Uber Vulnerability

There is no excerpt because this is a protected post.

BMW Vulnerabilities - Hijack Cars ConnectedDrive™ Service!

Hi Folks, Let me tell you the story about some typical vulnerabilities that was discovered by @Seekurity Team in BMW ConnectedDrive service which will allow any beginner attacker to hijack the whole service! . First what is BMW ConnectedDrive service? BMW ConnectedDrive – a technology packet full of services and apps that connects you closely to […]

RunKeeper Stored XSS Vulnerability - Where worms are able to run too!

    RunKeeper is a GPS fitness-tracking app for iOS and Android with over 40 million users. First launched in 2008 by CEO Jason Jacobs with the help of “moonlighting engineers”. In late 2011 RunKeeper secured $10 million in a Series B financing, led by Spark Capital. In February, 2016, RunKeeper was acquired by ASICS.

TopCoder.com Vulnerabilities - A tail of site-wide bugs leads to accounts compromise & payments hijacking

Hi Folks, TopCode.com is a website where the most skilled top coders around the world are solving challenges, Competing and writing codes to achieve a specific tasks. Top high profile companies like (Facebook, Google, Twitter, etc..) are getting help from such websites in their recruitment process!

Microsoft Yammer Clickjacking - Exploiting HTML5 Security Features

    Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best! Yammer is a freemium enterprise social networking service used for private communication within organizations. Access to a Yammer network is […]

When your privacy disclosure is a "feature" not a "bug" - Badoo & HotorNot failure!

Your privacy on the internet is the biggest concern ever and when it comes to “Dating websites” and “Social Networks” it means more and more! Let me tell you a story of two websites that don’t respect yours and putting it on danger…

Fiverr.com Full Accounts Takeover - A Vulnerability Puts $50 Million Company At Risk

Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk. Fiverr raised $30 million in a third round of institutional funding to continue supporting the new version of its […]

Facebook Vulnerability - a “Cute Bug” that reveals the “likes” of deleted posts regardless of their privacy settings

 Hi Folks, My name is Mohamed Abdel Aty, an Egyptian Web Developer & Bug Hunter, Today I would like to share with you a “cute” bug I found while doing some bug hunting in Facebook. Testing different sub-domains is a common procedure in bug hunting , while searching the domain “mbasic.facebook.com” I noticed this link

FirefoxOS Find My Device Service Clickjacking Bug results in Changing PINs, Wiping and Locking Phones!

Introduction: Physical devices connected with web applications made everything easy to be managed. Screen size, availability, usage etc… is what pushing everyone to manage their devices through their desktops/laptops! On the other hand such advantages poses a threat if these web applications contains security issues! For example android devices can be managed through “Google Device Manager”,  iOS devices […]

Facebook movies recommendation vulnerability - A bug capable of erasing all your important notifications!

Hi Folks, Facebook is the largest social network ever known on the internet, People are using Facebook for contacting friends, Family and sometimes for Work! When it comes to Work that means an important notifications from your company’s page, work account, work admins, business accounts, etc…

WhatsApp Clickjacking Vulnerability - Yet another web client failure!

Hi Folks, I know it’s a little bit lame to mention 2 clickjacking vulnerabilities in row but that what bug hunters always do exposing the largest companies security failures, (Previously was Telegram) this time is the gigantic well-known 19 billion dollar messenger WhatsApp.

Official Telegram Web Client ClickJacking Vulnerability - When crypto is strong and client is weak

    [*] Introduction: Modern Web Applications nowadays are relaying on a lot of technologies where typical web applications vulnerabilities are hard to find (eg. Clickjacking is an ABC security bug) but bug hunters are always the best!

Facebook ClickJacking - How we put a new dress on Facebook UI

Hi Bug Hunters, Today we will explain how we redressed facebook ui and made it so easy to fool a victim to for example, Add the attacker as a member in one of his own secret groups on facebook. Here’s some details about the issue:

Facebook API 2.x Bypassed!

This is the write up of my last Facebook Report, How I was able to bypass the permissions approvals system in the 2.x Facebook API Versions in 2 different ways. FIRST Flow : +++Flow discussion:

A Hilarious ESET Broken Authentication Vulnerability (one click free purchase)

Hello Geeks and Security Evangelists, My name is Mohamed Abdelbaset Elnoby, Just another Senior Information Security Researcher and Web Application Pentester in the world 😀 , Today I would like to show you a “hilarious” Broken Authentication bug I found in ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate […]

Previous page Next page

Translate this blog
Scroll Up