Skip to main content

Click-jacking or UI Redressing






Hi! Just want to share my finding, I have found Click-jacking or UI Redressing Vulnerability in  on Google Map, enjoy ;-)



This bug was reported to Google Security Team, fixed immediately.


About


Title: ClickJacking or UI Redressing on Google Map

Business Risk: Normal

Discovery Date: October 8, 2013

Author: Jitendra Jaiswal (me)



Poc Details 

Impact On victim : 
1. attacker change victim profile pic by useing his webcam and upload
2. update status acording to attacker




Best,

Jeet Jaiswal


Comments

Post a Comment

Popular posts from this blog

Evil App Steal Facebook Access Token

Evil App Steal Facebook Access Token 


Facebook say about this users Responsible for this its not an issue for facebook so After 3 month i am disclose this may be now they make some change but its still work .......  so users not allow any app to access your data on facebook or dont login anywhere using Facebook may be this an Attacker and After steal your Facebook Access Token he Can Hack your facebook Account  Easily.... 

[#] Title           :  Evil App Steal Facebook Access Token 
[#] Status        :  Unfixed
[#] Severity     :  very High
[#] Works on  :  Any browser with any version
[#] Homepage  : www.facebook.com
[#] Author       :  Jitendra Jaiswal
[#] Email          :  jeetjaiswal0@gmail.com

This Vulnerability is exploitable to all users who are use facebook apps and allow access of apps
an attacker can modify all app setting in url

Impact of Vulnerability:

An attackers can store  user access token with 2 month no Expires

also token not expire if user log out from facebook

1. an attacker ca…

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

Little Insight:



http://parse.com  was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That


Well this is my 4th reward form facebook  Directory Traversal or RCE Vulnerability 


That  give me 5th position in Facebook white-hat Page


Report Date :23  July 2014


Reward For Directory Traversal or RCE Vulnerability :  20000$




How This work......?

As we discussed earlier on my old post Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection   it only rejects '/../' segments in the request path.  


patch apply for Rack::Protection acording CVE-2014-0130  and  also Reject now '%5C' turns into '\' after decoding


now my work ....






My Finding....





In the above summary ( CVE-2014-0130 )  it  rejects '/../' segments in the request path an…

HIJACKING A FACEBOOK ACCOUNT WITH SMS

This post will demonstrate a simple bug which will lead to a full takeover of any Facebook account, with no user interaction. Enjoy. Facebook gives you the option of linking your mobile number with your account. This allows you to receive updates via SMS, and also means you can login using the number rather than your email address. The flaw lies in the /ajax/settings/mobile/confirm_phone.php end-point. This takes various parameters, but the two main are code, which is the verification code received via your mobile, andprofile_id, which is the account to link the number to. The thing is, profile_id is set to your account (obviously), but changing it to your target’s doesn’t trigger an error. To exploit this bug, we first send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. We receive an 8 character verification code back. To exploit this bug, we first send the letter F to 51555, which is Facebook’s SMS shortcode in the India. We receive an 8 character verification …