Make IDOR great again!

Hello folks, today I’ll be sharing some important IDOR tips and tricks with you. This articled prepared in the lights of my past experiences, I hope it will be useful for the community! What the hell is IDOR? Our friends at OWASP explained it for us long time ago. Here is the full statement “Insecure Direct…


Senate.gov open redirect vulnerability

Hello folks! Today I want to share with you official senate.gov open redirect vulnerability. This is actually a very basic example of open redirect vulnerability. Open redirect issue makes the official US Senate website open to the phishing campaigns. Details of senate.gov open redirect vulnerability Actually there is no technical thing to talk about. This…


How I hacked ASUS?

Hello folks! Today I want to talk about ASUS RCE vulnerability on rma.asus-europe.eu domain. I was trying to fill out service apply form for my personal laptop. I had a screen issue. I realised that there is an upload part to upload some warranty documents. I was trying to bypass upload restrictions by editing request….


CyberArk EPM Privilege Escalation Vulnerability – CVE-2018-13052

Hi everybody, today I just want to talk about CyberArk EPM Privilege Escalation vulnerability (CVE-2018-13052). Actually CyberArk made awesome product – at least in theoretically -. Companies can arrange privileges from one single console. It has a lot of options to arrange privileges. For example, you can set a specific application to elevate but at the same…


CyberArk EPM file block bypass – CVE-2018-14894

Hi folks! I found an interesting vulnerability on CyberArk Endpoint Privilege Manager. CyberArk EPM file block bypass (CVE-2018-14894) is very easy -even you have slave privileges-.CyberArk EPM aims to manage privileges from one hand and prevent any harm with admin privileges. How does CyberArk EPM work? If user needs admin privileges, CyberArk gives the admin…


Fronter XSS – 3 XSS in 1 Blogpost

Today I want to write about Fronter and Fronter XSS Vulnerabilies. Fronter is a learning platform from leading ICT provider, itslearning. Based on Nordic educational models, Fronter is a comprehensive teaching and learning solution used in schools and universities worldwide. As part of the itslearning portfolio, the Fronter solution has a full range of available…


First Touch Games database information leak

Hi everyone in this post I’ll show you how I find out First Touch Games database information. It is actually happens because of a common mistake. Let’s see. FTS is a populer football game which is available on Android and iOS platforms. I dont know why but they are still using very old version of…


ITSLEARNING VULNERABILITY STORIES – One more stored XSS

Itslearning vulnerability stories episode 3 is here. I want to add another stored xss to itslearning vulnerabilities list. Let’s do it! This is an interesting vulnerability that triggers stored XSS. Itslearning has a kind of document sharing feature that helps people to share files to each other. Normally, when you click the file, system automatically…


ITSLEARNING XSS PART 2

Today I want to explain you how I can still be able to execute javascript payloads on Itslearning education syste. Itslearning XSS part 2 begins! You should check the part 1 of this article. ITSLEARNING STORED XSS VULNERABILITY OR NOT? Mr. Håkon Høydal, wrote an article about Itslearning. After that Itslearning, did some things to filter…


SMARTSHEET XSS VIA FILE UPLOAD

Hi, today I want to explain XSS vulnerability that I found on Smartsheet.com. Smartsheet XSS vulnerability is an interesting vulnerability because it occurs via file upload! By the way I want to clarify that, this XSS works with or without authorization, so it is dangerous vulnerability as well as interesting. What is Smartsheet and more…


Secured By miniOrange