[IRCCloud] History and Another XSS Bug Bounty

Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to download a new client…

[IRCCloud] Inadequate input validation on API endpoint leading to self denial of service and increased system load

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “to”: “#treehouse”, “msg”:”test”, “method”:”say”} I thought,…

PIN brute-force

Hello there! I was recently involved on a testing related to telephones, automated attendant systems and those kind of things that irritates people with a machine talking to them and I have to admit I enjoyed it! I has been a long time since last time I played with phones and DTMF to send messages and commands to a machine over the phone and it made me remember good old…

New version of Wfuzz!

I don’t like automatic tools. Full stop. Well… not full… I like some semi-automatic tools. One of these tools is wfuzz. I love this python script to perform a quick look over all the directories in a website and sometimes to test against some basic authorization bypass fuzzing a numeric parameter. The use of this tool is very easy and I’m not going to explain here, you can read the…

Process command line enumeration using LFI

This week during a pentest I discovered a website vulnerable to Local File Inclusion vulnerability. As I wanted to discover the most information possible about the system I decided to retrieve the running process and the command line used to execute these programs. With this I pretended to discover more services and paths in the system. I wrote a very simple Perl program that can be modified very easily to…

WeFeTe

I’m proud to announce the release of WeFeTe. WeFeTe is a very simple tool to test against common configurations in web frameworks. It can be use as a first approach to detect the programming framework without missing any of the default behaviours that frameworks include in their websites. This first release try to detect the following frameworks: CakePHP CodeIgniter FUSE Kohana TYPO3 Zend Zope It’s very buggy and all the…