Tag: InfoSec Write-ups – Medium

Evading Filters to perform the Arbitrary URL Redirection Attack

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Arbitrary URL Redirection Attack often is popularly known as an Open Redirection attack, which is a common web vulnerability that allows an attacker to redirect the victim user to an attacker-controlled domain. This attack can leveraged to steal sensitive information such as tokens, perform social engineering, and other attacks.The Arbitrary URL Redirection … Continue reading Evading Filters to perform the Arbitrary URL Redirection Attack

Creating A fake wireless Acess Point in 2 minutes

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Creating A fake wireless Access Point in 2 minutesPart 1Microcontrollers are great, One of the most popular and cheapest is the ESP8266, an Arduino- chip on which the Wi-fi deauther project is based.I have used this one https://amzn.to/36kKSWa with an OLED display to play around creating fake wireless access point, and deauthenticate ( … Continue reading Creating A fake wireless Acess Point in 2 minutes

V8 Array Overflow Exploitation: 2019 KCTF Problem 5 小虎还乡

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- 1. IntroductionHave you ever thought about exploiting dynamically generated code? Do you know that an exploit can also be source code instead of data? The root cause of this bug is an inconsistency in the JIT compiler of v8. The inconsistency tricked the JIT compiler to dynamically generate code that contains … Continue reading V8 Array Overflow Exploitation: 2019 KCTF Problem 5 小虎还乡

Unlimited Balance in an Online Transportation Application Account

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- I was surfing in one of the famous online transportation applications and its PWA service. After a while I noticed a Critical vulnerability in Payment Gateway Module. So Let me explain the scenario.At the first step, You should enter your mobile number and then it sends an OTP to verify your … Continue reading Unlimited Balance in an Online Transportation Application Account

Chaining password reset link poisoning, IDOR+account information leakage to achieve account…

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Chaining password reset link poisoning, IDOR+account information leakage to achieve account takeover at https://api.redacted.comWhile assessing a target web application for impactful vulnerabilities, a useful check to conduct might be looking through the waybackmachine https://archive.org/web/ to discover URL endpoints that have existed on the target over time. Some of these endpoints might … Continue reading Chaining password reset link poisoning, IDOR+account information leakage to achieve account…