Story of a JSON XSS
Popular posts from this blog
How I bypassed 2-Factor Authentication in a bug bounty program
Hello readers,
This post is about one of my recent finding in a private bug bounty program on hackerone.
For the sake of privacy, let’s call the site as bountyplease.com
According to Bountyplease.com scope, they are more interested in Authentication related issues.
So I decided to test their 2-Factor Authentication mechanism.
As normal 2-Factor Authentication flow the process works in the following steps.
1. User login to account by providing valid email and password 2. A valid OTP send to users register number 3. User fill OTP 4. Login successful
But in case if any user lose their phone or SIM card the process works in the following steps.
1. User login to account by providing valid email and password 2. User select other options 3. User provide backup codes 4. Login successful
In both above described cases there is also a code flow as following.
1. User login to account by providing valid email and password 2. At this stage bountyplease.com display a page to submit 2FA code send to p…
As normal 2-Factor Authentication flow the process works in the following steps.
1. User login to account by providing valid email and password 2. A valid OTP send to users register number 3. User fill OTP 4. Login successful
But in case if any user lose their phone or SIM card the process works in the following steps.
1. User login to account by providing valid email and password 2. User select other options 3. User provide backup codes 4. Login successful
In both above described cases there is also a code flow as following.
1. User login to account by providing valid email and password 2. At this stage bountyplease.com display a page to submit 2FA code send to p…
Exploiting Misconfigured CORS
Hi folks,
This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications.
Let’s assume all the test cases have been performed on the domain example.com
Following are the most common CORS configurations
• Access-Control-Allow-Origin: *
• Remark: In this case we can fetch unauthenticated resources only.
• Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
•Remark: In this case we can fetch unauthenticated resources only.
• Access-Control-Allow-Origin: null
Access-Control-Allow-Credentials: true
•Remark: In this case we can fetch authenticated resources as well.
• Access-Control-Allow-Origin: https://attacker.com
Access-Control-Allow-Credentials: true
• Remark: In this case we can fetch authenticated resources as well.
• Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Credentials: true
• Remark: Properly implemented
So we usually see these type of CO…
This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications.
Let’s assume all the test cases have been performed on the domain example.com
Following are the most common CORS configurations
• Access-Control-Allow-Origin: *
• Remark: In this case we can fetch unauthenticated resources only.
• Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
•Remark: In this case we can fetch unauthenticated resources only.
• Access-Control-Allow-Origin: null
Access-Control-Allow-Credentials: true
•Remark: In this case we can fetch authenticated resources as well.
• Access-Control-Allow-Origin: https://attacker.com
Access-Control-Allow-Credentials: true
• Remark: In this case we can fetch authenticated resources as well.
• Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Credentials: true
• Remark: Properly implemented
So we usually see these type of CO…
Comments
Post a Comment