Target _Blank - The Infamous Issue

This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What is "target="_blank"? If you have done the HTML coding you must be aware of the target=_blank when you write your links via href....

Lessons from LinkedIn DB Breach

We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can we learn from it. First and foremost, there were vulnerabilities (or at-least one) in the web-application and the way it queries the DB was not...

paytm & spear phishing

Before you deep dive in the technical information, I wish to confirm that this vulnerability has been FIXED. Thanks to PAYTM for taking a quick action. Looking forward for such quick response on security concerns. Kudos! Don’t get this wrong. I wish to share a vulnerability that can be leveraged by attackers to perform/ initiate a spear phishing attack. The website in discussion is paytm.com. There is an information disclosure vulnerability in the...

Guess Cookie, Hijack Session!

In addition to my previous article – Old Cookies Die Hard, and detailed disclosure of LinkedIn Vulnerability, I studied the cookie patterns from different websites. Many of these websites have complex patterns in the cookies which are long enough (> 100 characters) and complex (A-Z, a-z, 0-9 and symbols). In ideal case (Web Session Management 101), the cookies should mapped with session IDs, and should NOT be re-usable. In simple terms, you login to a website, get...

Old Cookies Die Hard

HTTP Cookies have always been an important part of authentication, and session management. But, ever since the session management grew complex, its correlation with security has gone for a toss. Developers pay a lot of attention on keeping the session(s) valid, and more so valid even after a successful logout. Now, this accounts to a session management vulnerability. I understand that the delivery of the cookies, or the session variables have been locked with...

Dear bank, don’t phish me!

With so many vulnerabilities floating all around us, this is one of its type. This vulnerability has no impact on the user information, bank servers, data but still can be leveraged to perform tricks on the end-users. What if I ‘use’ this vulnerability (design-flaw) to phish end-users? Will they trust it? I think yes they will, as it is arriving from legit website so you have full rights to trust the relationship and messages it...

LinkedIn Vulnerability

LinkedIn is a business-oriented social networking site. Founded in December 2002 and launched in May 2003, it is mainly used for professional networking. As of 22 March 2011, LinkedIn reports more than 100 million registered users, spanning more than 200 countries and territories worldwide. There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying...