Blogs

IDOR – send a message on behalf of other user

I just found an IDOR in https://hello.dev.myhubs.net/. It allow attacker send a message on behalf of other user Step to reproduce: Admin: Create Room Attacker: Join room Attacker get "session_id" of other user in response "presence_diff" Attacker send add "session_id" parameter to request send message ["8",null,"hub:84fbckn","message",{"session_id":"<victim_session_id>","body":"eeeee","type":"chat"}] Now the message will be send on behalf of victim  

by Adnan Sami 0 Leave a Comment on IDOR – send a message on behalf of other user
Blogs

New XSS vector vulnerability in ReaderMode with %READER-TITLE-NONCE% in Brave Browser(patched)

Target: Brave Software Title: New XSS vector in ReaderMode with %READER-TITLE-NONCE% Summary: Previously, script execution in ReaderMode pages was prohibited by CSP. However, three months ago, this commit partially relaxed the CSP and scripts with nonce-%READER-TITLE-NONCE% are now allowed to be executed. This relaxation of the CSP rule can be exploited for XSS attacks on ReaderMode pages. Here, the attack vector is %READER-CREDITS% which is also included in the ReaderMode HTML template. The %READER-CREDITS% is replaced with the value of the <meta name="auth

by Adnan Sami 0 Leave a Comment on New XSS vector vulnerability in ReaderMode with %READER-TITLE-NONCE% in Brave Browser(patched)
Blogs

Discovered an open redirect vulnerability at Epic Games; awarded a $500 bounty for the bug.

About Me I'm a Security Researcher at HackerOne, and in 2022, I ranked 60th globally on the HackerOne leaderboard. You can check my ranking here. For insights and tips on Bug Bounty, follow me on Twitter: @adnansamibhuiyan. A Brief Summary I first encountered Bug Bounty programs in January 2020, which sparked my interest. Initially, I practiced on vulnerable machines, but it didn’t quite meet my needs. I decided to test my skills on real websites and, during my practice, discovered a bypass vulnerability at Epic Games. This discovery led me to formally start Bug Bounty h

by Adnan Sami 0 6 Comments on Discovered an open redirect vulnerability at Epic Games; awarded a $500 bounty for the bug.
Blogs

External Service Interaction vulnerability discovered in the U.S. Department of Defense (now patched)

Target: U.S. Department of Defense Summary An External Service Interaction vulnerability (DNS and HTTP) was identified on the domain www.█████████. Burp Collaborator Results: DNS request received from: ████████ HTTP request received from: ███ Impact The External Service Interaction vulnerability occurs when an attacker can induce an application to interact with arbitrary external services such as DNS or HTTP. This can also extend to other services like FTP, SMTP, etc. Potential impacts include: DDoS Attacks: Exploiting the interaction to flood external

by Adnan Sami 0 Leave a Comment on External Service Interaction vulnerability discovered in the U.S. Department of Defense (now patched)