Read more stories on Hashnode
Articles with this tag
Escalating a bug in a vulnerable markdown parser to exploit LFI and get RCE
Most of the web and mobile applications these days use OAuth to secure their authorization endpoints. It allows them to easily grant access to their users to particular resources as per the application's requirements. This is a write-up of a chain of...
Introduction Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.This allows attackers/malware to takeover legitimate apps ...
Introduction Google chrome extensions are a bundle of multiple JavaScript, HTML, and CSS files, much like a web app but inside your browser and interacting with the pages or providing functionalities to enhance your browsing experience. In this post,...
Android app Pentests can become torturous when you don't have the right environment setup.This of course refers to the SSL-pinning that is implemented in the apps which prevent Security Researchers from intercepting the traffic. There are a lot of gr...
Everybody is familiar with what an XSS is so fast-forwarding it a bit, this is a write-up on how I managed to get an XSS in a PDF generator on an Android application that allowed me to read local files on the system. Background A little background on...