Wednesday, 25 December 2013

waze arbitrary file upload

Waze is one of the world's largest community-based traffic and navigation app which was acquired by Google on June 11, 2013. And Google opens up responsible disclosure for their acquired websites. So I thought of trying my hands over it.

While I was scrolling around the pages, I found the Waze wiki which allowed users to upload files :]

When I tried uploading a PHP file, the response was 

Files of the MIME type "application/x-php" are not allowed to be uploaded


Well, so the website is filtering files type by checking the MIME type. So no use of uploading arbitrary files by extension spoofing ... HMMMMMM


Then again, something struck my mind. What  more MIME types are filtered?? 
So I tried uploading an SWF file. BINGOOOOO!!!!!

SWF files are not filtered >:)

So what bad I can do ??

Aaahhaahhh, execute an XSS with a vulnerable SWF file ;-)


Aweee yeahhh!!

Now they have fixed the bug :)



And they sent a 100$ reward for this :D, and my name will be listed in their reward hall of fame :)

http://www.google.co.in/about/appsecurity/hall-of-fame/reward/



CHEERS
Shashank (@cyberboyIndia)




Thursday, 19 December 2013

Imgur xss

Imgur is an online image hosting service founded by Alan Schaaf in 2009 in Athens, Ohio. Imgur describes itself as "the home to the web's most popular image content, curated in real-time by a dedicated community through commenting, voting and sharing.
I spotted a cross-site scripting vulnerability in http://imgur.com/ on 6 FEB 2013.




I reported the issue to them on the very day I found it and the same day they replied. After 2-3 days the bug was fixed.



Cheers :)
Shashank

Wednesday, 4 December 2013

Capture the Xss

Everyone is aware of the CTF, and many of you might have been or still are active warriors of CTF. I spotted one XSS in their blog, and they fixed it the very day.

It was just a random hit as I was reading their blog and then observed the old version of the plupload file which had a know XSS bug.


This what actually happens when you get the bad habit of xssing everywhere.

Anyways they were happy, and even  I am :)







Cheers :)


Tuesday, 3 December 2013

Heroku Directory Transversal

Long back I spotted a Directory Traversal bug in Heroku.

"Heroku is a cloud platform is a cloud application platform – a new way of building and deploying web apps. Heroku was acquired by Salesforce.com in 2010."



They were quite quick and fixed it without delays


Later they even started their hall of fame page and included my name there :)
https://www.heroku.com/policy/security-hall-of-fame





Sunday, 17 November 2013

Oracle xss

Every one knows about ORACLE. Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States.

I spotted some security issues on their website, and finally, they have fixed it. One of them was cross-site scripting issue in oracle's sub-domain http://education.oracle.com 


they took a long time in fixing but after the fix, they acknowledged me on their website.

Oracle Critical Patch Update Advisory - January 2013 - Beta Oracle CVRF



And 
Oracle Critical Patch Update Advisory - July 2013 - Beta Oracle CVRF




cheers :)

Tuesday, 22 October 2013

Nokia email app pwnage

This was an interesting bug which I found in the Nokia email app for Symbian mobiles in MARCH 2013.
The email app was not filtering the JavaScripts in the body part of the mail and thereby leading to JavaScript execution via mail.


THE VERSION OF NOKIA MAIL: 10.2.0.29(main)
NOKIA 5233 FIRMWARE COMPLETE DETAILS
software version: v51.1.002
software version date: 19-10-2011
custom version : 51.1.002.C01.01
custom version date: 19-10-2011
language set: 21
Model: 5233
type: Rm-625









This bug took a long time in fixing but finally when they did ;-) I got a mail from Nokia



TRIBUTE TO MY OLD PAL "NOKIA 5233" who passed away recently breaking its screen, sound system, and everything after slipping off from my hand.

LFI in Nokia maps

Well, this is my first blog-post, and I am going to share a Local File inclusion bug which I spotted in Nokia maps.

http://maps.nokia.com/services/file:///etc/passwd

















reported on 2nd  JAN 2013
Nokia fixes it on 20th JAN 2013









And I received an awesome RED NOKIA LUMIA 920 :)