XSS: Cross Site Scripting is also known as XSS, is one of the most common web application vulnerabilities that allow an attacker to run his\her own client-side scripts (especially JavaScript) into Web Pages viewed by other users. In a typical XSS attack, a hacker injects their malicious JavaScript code in the legitimate website...
SQL: SQL injection is the exploitation of a web app vulnerability. An SQL Injection allows a hacker to access the full content of a back-end database. They can view, steal or manipulate any data. The attacker uses specially crafted input data to trick an SQL interpreter so it can no longer...
SQL: SQL injection is the exploitation of a web app vulnerability. An SQL Injection allows a hacker to access the full content of ones back-end database, which in turn can be viewed, manipulated or deleted! The attacker uses specially crafted input data to trick SQL interpreter...
Parameter Pollution: HTTP Parameter Pollution, as the name implies, pollutes the HTTP parameters of a web application in order to perform or achieve a specific malicious task/attack different from the intended behavior of the web application. This hacking technique is considered to be simple, but quite effective. Furthermore, the main reason this attack can be realized that the the input is not...
XSS: Cross Site Scripting also known as XSS, is one of the most common web application vulnerabilities that allows an attacker to run their own client-side scripts (especially JavaScript) into webpages viewed by other users. In a typical XSS attack, a hacker injects their malicious JavaScript code in the legitimate website. When a user visits the specially-crafted link, it will execute the malicious JavaScript. A successfully...
Fake e-mail online Sender for Research Purpose E-mail spoofing is email fraud and deception. Spoofing is the most common form of the modern con game called 'phishing'! 1. Attacker can spoof an e-mail and send to a potential Victim Example: From: hackers@hackers.com To : cyberinfosecchn@gmail.com Subject : Reset Your Password Content : Change your e-mail password Reset Link below http://localhost/gmail/My%20Account.html..
What is a Cookie? It's a piece of information which stays in a computer after accessing the internet. There are many types of cookies; some are given below: Session cookie A session cookie lasts only for the duration of which a person uses internet. A web browser normally deletes session cookies when it quits. A session cookie is created when no Expires...
We come across lot of phishing methods in our daily life. One fine day, our Security Team found a new technique of phishing! It forces the user to click the "Update browser" link which automatically downloads the .xpi-extension file which Mozilla Firefox's addon's extension in turn changes that .xpi format to .zip and extracts...
Like everyone else, Facebook users too are daily facing variety of scams, attacks and security issues. One of the recent spams/scams which was found by cyberinfosec research team [Finally, Malaysian flight MH 370 went missing near the Bermuda Islands! ] URL: http://paygama.com/mission/# Once the victim opens or clicks that link, it will redirect to the above URL...
Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone, iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researchers at FireEye. They found a way to bypass the Apple's app review process effectively and created a proof-of-conceptMonitoring app for...
Do you know, A Computer virus could go Airborne over Wi-Fi networks? Security researchers at the University of Liverpool in Britain have demonstrated a Wi-Fi virus that can spread between computer networks just like the 'common cold' spreads between Humans. They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time, that replaces the firmware of...
Security Firm FireEye has uncovered yet another critical zero-day vulnerability in widely used Adobe Flash software and Adobe has been forced to issue a second emergency patch update in less than a month. All versions of Adobe Flash Player released before today's patch are vulnerable to the zero-day exploit and the patch addresses a critical vulnerability CVE-2014-0502, being used in a watering-hole attack, dubbed "Operation Greedywonk", that allows...
Popular Smartphone Messaging app WhatsApp's $19 billion acquisition by Social Network giantFacebook made Headlines this week. While Some are applauding the move, and many other users are worried about WhatsApp’s future and their privacy after this acquisition. Why So Serious? WhatsApp currently having 450 million active users and processes 50 billion messages a day...
Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, by sending unique one-time-use codes to their customers' registered phone numbers via SMS, cyber criminals in order to defraud them, have started to create various mobile malware like iBanking to serve their purpose!...
TUNNEL HACKING THROUGH PICTURE-GIF A dirty little technique - Java script embedded GIF images, in which, pictures are still valid and will be processed by any browser. The following HTML page you want to scan a valid GIF file and a file Java script rigorously valid simultaneously.? the answer should be NO but forging correctly answer could obtain SI html, head, title tags Test...
Facebook is the most popular social-networking service worldwide with around 1.23 billion users (Source: Wiki) We came across a fake Facebook app named AGE VERIFICATION. As per the Application, the user hasto click the button named Click Here and Get Your Activation Code. Once the user sent the access token...
Do your ever use YouTube Instant Search engine (a really fast way to search YouTube) that was developed by a 21-year-old developer, named - Feross Aboukhadijeh in 2012? Chad Hurley, CEO and co-founder of YouTube, was so impressed that he immediately offered him a job at YouTube. He, himself is a web developer, designer, computer security researcher. Recently, he has developed an attack...
What is Click Jacking? Discovered in 2008 by Robert Hansen and Jeremiah Grossman - Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer. Methods of Clickjacking BASIC CLICKJACKING: Positioning via CSS (JS not required!) Follow mouse cursor...
Software Reverse Engineering What is reverse engineering (RE)? Disassemble or analyze in detail in order to discover concepts involved in manufacture is called reverse engineer. Things we need : Download Ollydbg --- http://www.ollydbg.de/download.htm Free limited days usage Software Steps to Perform : 1. Install ollydbg 2.Install trail software 3.Open ollydbg...
Google Plus "Man-in-the-middle" Attack Vulnerability As a security researcher from cyber infosec, I spend my time on both application and web application security. During one of my researches, while I was focusing on auditing Session hijacking attacks on internal networks, I started working on Twitter, Facebook, Yahoo and Google & Google Plus. I just surprised I found few issues on all...
Twitter Cookie Reuse Vulnerability Introduction Twitter is an online social networking and microblogging service that enables users to send and read "tweets", which are text messages limited to 140 characters. It has 200 million active users (February 2013) - Wikipedia Cookie is the information that a website stores into our computer...
Gmail Password Reset Vulnerability Rejected by Google Security Team 2013 Introduction As a security researcher in my free time I spend my time on both application and web application security. During one of my researches while I was focusing on auditing Session hijacking attacks on internal networks. So I started working on twitter, Facebook, Yahoo and Google, Google Mail I just...