API Security Misconfiguration

What is API Misconfiguration?

API7:2019 Security Misconfiguration

Security misconfiguration is commonly a result of insecure default configurations, incomplete or ad-hoc configurations, open cloud storage, misconfigured HTTP headers, unnecessary HTTP methods, permissive Cross-Origin resource sharing (CORS), and verbose error messages containing sensitive information.

Target Information

The target application is similar to uber, ola, and any other transport tracking application. The passengers can track their respective vehicles' GPS locations to get the route information like ola, uber, and other taxi services.

Recon

I downloaded and installed the application in the emulator and performed static analysis and reverse engineering using MOBSF, APKtool, jadx -> No luck. …


A pentester’s guide to insecure deserialization

Introduction

Insecure Deserialization is a vulnerability that occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top 10 2017 list.

To understand what insecure deserialization is, we first must understand what serialization and deserialization are. We’ll then cover some examples of insecure deserialization and how it can be used to execute code as well as discuss some possible mitigations for this class of vulnerability.

Serialization vs deserialization

Serialization is the process of turning some object…


Hello all!. I hope Everyone is fine and I am here sharing my new recent vulnerability I found on an Android Application. The Android Application is an asset tracking application and I am not allowed to disclose the Application name, so I am sorry about that. Let’s get started…

What is SQL Injection?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data…


Hello all, It’s been a long time I hope everyone on planet earth is okay during this pandemic situation. Today I came up with a new writeup which is I found recently.

I mostly work on responsible disclosure because I thought I can help the companies who can’t afford the pen-testing services. So let’s get started, the program is a responsible disclosure program as I always do. let’s consider the target as abc.com and I started my recon as I always do. …


Photo by Markus Spiske on Unsplash

Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located. RCE allows an attacker to take over a computer or a server by running arbitrary malicious software (malware).

Found a target using google dorks which having a responsible disclosure program. Let’s consider the target as abc.com the target website. During recon, I found that the target company owns 7 subdomains and each of them is integrated with the parent domain abc.com with some functionalities.

So I…


Hello all, I am back with some good content I hope. This is a Blog post about jailbreaking the iPhone and install tools required to conduct iOS Penetration Testing.

So I am hereby sharing what are the difficulties that I faced while doing iOS Jailbreaking, setting up the environment, and their solutions.

Hardware Information

Device Model: iPhone 6Software version: 12.5.1


Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located. RCE allows an attacker to take over a computer or a server by running arbitrary malicious software (malware).

Found a target using google dorks which having a responsible disclosure program. Let’s consider the target as abc.com the target website has profile picture upload functionality. The developer configured the application not to accept other than whitelisted extensions as *.gif, *.jpeg, *.png.


Hi all I hope everyone is doing well. This writeup is all about account take Over vulnerability by manipulating the login response.

Technical information

I have been testing for bugs in responsible disclosure programs and as usual I found a program and read all of their rule of engagements and finally decided to check.

Let’s consider the target as target.com which is a online platform to make payments, order foods and etc.

I quickly signed up with necessary informations Account 1 (abc@gmail.com) as below,


Remote Code Execution

Remote code execution (RCE) refers to the ability of a cyber attacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located. RCE allows an attacker to take over a computer or a server by running arbitrary malicious software (malware).

Found a target using google dorks which having a responsible disclosure program. Let’s consider the target as abc.com the target website have no functions other than uploading CV to the company.

Find more Google Dorks here.


The Story of Taking over tons of users Accounts

Account Takeover

Ever since I started hacking I always wanted to make sure internet is secure. So long back I did some google Dorks and found an responsible disclosure program and I set that as my target of the week and started hacking on it.

For Google Dorks

Let’s consider the target as target.com which is a online ecommerce store like amazon and flipkart. So I get started from subdomain discovery using Subfinder one of my favorite tool and I found a subdomain to make the shopping stuffs online.

Let’s consider the subdomain as shop.target.com I quickly directed to the URL and I had register…

Naveen J

Security Researcher | Security Engineer | Security Nerd…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store