Quantcast
Channel: Web Apps – Just Another Simple Write-Up
Browsing all 27 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Bypassing the Limitation of Brute Force Attack (“Smart Password Lockout”) on...

Illustration from Microsoft (edited by us) note: maybe readers will found many grammar mistakes in this article. However, we wish we could deliver the main point of this article. I. ABSTRACT Doing...

View Article



Image may be NSFW.
Clik here to view.

Tokopedia – Content Injection that could Result Reflected Cross Site Scripting

I. ABSTRACT Provision of information for activating a new-registered account is one of the features that could be seen by the user (in context of buying) after finishing a short sign-up process....

View Article

Image may be NSFW.
Clik here to view.

Tokopedia – Unrestricted Deletion to All of People’s Bank Account

Unrestricted Deletion to All of People’s Bank Account I. ABSTRACT The simplicity in receiving payment from the online sales is certainly a dream for every seller. For actualizing this simplicity,...

View Article

Image may be NSFW.
Clik here to view.

BigTree CMS – Multiple Security Issue of CSRF at Few Parameters...

Multiple Security Issue of CSRF at Few Parameters – v4.1.18 and v4.2.16 I. ABSTRACT As quoted from the official site of BigTree CMS, BigTree CMS is an open source content management system built on PHP...

View Article

Image may be NSFW.
Clik here to view.

FortiNet – Unrestricted Deletion to All Other Sub Account via IDOR at Support...

Unrestricted Deletion to other Sub-Account I. ABSTRACT As a part for completing the support to all the customer, FortiNet providing the support portal (located at:...

View Article


Image may be NSFW.
Clik here to view.

Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal...

Stored XSS via Malicious SVG Upload and File Name Please kindly visit this simple paper directly to looking this release (for a simple look): [English Version] PayPal – Turning Self-XSS into non-Self...

View Article

Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Search Engine

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release: [English Version] PayPal – Information Disclosure at PayPal and Xoom...

View Article

Image may be NSFW.
Clik here to view.

Bypassing the Current Password Protection at PayPal Tech-Support

Bypassing the Current Password Protection at PayPal Tech-Support In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release:...

View Article


Image may be NSFW.
Clik here to view.

Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to...

Team Ribose’s Connections (Friend List) In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple: [English Version]...

View Article


Image may be NSFW.
Clik here to view.

IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks

IDOR Response   In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple: [English Version] IDOR (at Private Bug...

View Article

Image may be NSFW.
Clik here to view.

Race Condition that could Result to RCE – (A story with an App that temporary...

RCE Result from Race Condition In the name of Allah, the Most Gracious, the Most Merciful. I. INTRODUCTION 1.1. Few Words about this Write-Up As an information, this simple write-up talks about a...

View Article

Image may be NSFW.
Clik here to view.

Tokopedia – Converting Content Injection to Reflected Cross Site Scripting...

In the name of Allah, the Most Gracious, the Most Merciful. I. ABSTRACT Provision of information for activating a new-registered account is one of the features that could be seen by the user (in...

View Article

Image may be NSFW.
Clik here to view.

FortiNet – Unrestricted Deletion to All Other Sub Account via IDOR at Support...

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] FortiNet – Unrestricted Deletion to other...

View Article


Image may be NSFW.
Clik here to view.

Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal...

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release:[English Version] PayPal — Turning Self-XSS into non-Self Stored-XSS...

View Article

Image may be NSFW.
Clik here to view.

Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple...

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release:[English Version] PayPal – Information Disclosure at PayPal and Xoom...

View Article


Image may be NSFW.
Clik here to view.

Bypassing the Current Password Protection at PayPal Tech-Support

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release (December, 2017 Article):[English Version] PayPal — Bypassing the...

View Article

Image may be NSFW.
Clik here to view.

Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to...

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] Ribose — IDOR with Simple CSRF Bypass —...

View Article


Image may be NSFW.
Clik here to view.

IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] IDOR (at Private Bug Bounty Program) that...

View Article

Image may be NSFW.
Clik here to view.

Race Condition that could Result to RCE – (A story with an App that temporary...

In the name of Allah, the Most Gracious, the Most Merciful. – Part I from (hopefully) IV Parts – Update I: Added a “Reference” Section.Update II: “We” at this series of article will refer to Faisal...

View Article

Oppo – Open URL Redirection at Activation Link via Base64

In the name of Allah, the Most Gracious, the Most Merciful. Description: an Open URL Redirection issue at Activation Link that could be triggered via Base64 Encoding. PoC Video:

View Article
Browsing all 27 articles
Browse latest View live


Latest Images