Stay up to date with Payatu blog


Stay up to date with Payatu blog

Close the overlay

I am looking for
Please click one!


Intercepting request which requires VPN + socks proxy

Nowadays we often see that, to pentest an application first we have to connect into the client’s network and for which we have to set up the VPN connection. And only after that we can access the app...


Analysis of CVE-2020-11930: Reflected XSS in GTranslate WordPress module

Story: Few months back I was reading a security news on one of the famous news site, and by mistake I typed some characters in the URL and then the site responded with an obvious 404 page. At that tim...


Zoom Security Issues: An analysis of Zoom’s take on Security & Privacy issues

Zoom Security Issues: An analysis of Zoom’s take on Security & Privacy issues: Because of lockdown due to COVID-19 in most parts of the world, organizations are moving towards work from home cul...


That Evil Bookmark in your Browser

Sometime back, I decided to look at bookmarks API available for browser extensions. This API sounds interesting to me because it allows you to play with user bookmarks using browser extensions. If...


Safari Address Bar Spoof (CVE-2020-3833)

In browsers, an address bar represents the current web address. Safari address bar spoof vulnerability It is an ability to keep legit URL in the address bar while loading the content from othe...


Get pwned by scanning QR Code

One of the most common ways to navigate to a website or URLs is by typing website address in the browser address bar But this might be frustrating if you have to type a complex web address that in...


“Find – Bluetooth Tracker” Responsible Vulnerability Disclosure – Blog

With the advent of IoT, everything is getting connected to the internet. Bluetooth is one such protocol which is used to connect devices to the internet as the most mobile device has Bluetooth Capability, you can check this blog on how to reverse a Bluetooth communication.  There are devices called Bluetooth beacons which are used to track devices which are in close proximity, companies have started connecting these beacons to the internet with geolocation and this is one such example. This is a case of my findings on a Smart Bluetooth Beacon from Sensegiz The testing was done on their Android Mobile Application. For User's privacy, the IP/End-Point is not disclosed. It will be replaced by xxx. Findings 1: Directory indexing...


Another case of a Vulnerable Smart Lock

  Disclaimer: The smart lock which i got is pretty common and it is even available in amazon. Several thousands devices are already in the market, I have changed the name of the brand to something imaginary – “*unhackable*” Smart Lock.     Smart Lock: The lock which i got is from a company called as *unhackable*, which is a chinese company . You also get the same lock locally from amazon. So people do use these devices. The specifications are good too.  ...


Tiredful API Solution

The idea behind usage of the app is to consume the API-end points using RESTClient app such as Postman, Curl,ARC, RESTClient firefox add-on.For demonstration I am using RESTClient firefox add-on. Now, lets get started with main motto of this post – Solution to Tiredful API challenges. Solutions Information Disclosure First challenge in the list is “Information Disclosure”. From the following image you can see that API end point is <host>/api/v1/books/<ISBN>/ and use valid ids mentioned . ...


CSV injection

In this write up we will be focusing on CSV injection. CSV also knows as Comma Separated Value stores tabular data (numbers and text) in plain text. Each record consists of one or more fields, separated by comma. Nowadays, there are many web application and frameworks being developed which allow users to export the data saved in database into a csv file. The csv file created might lead to CSV injection. So it becomes very important to be sure that the file exported through the web application is safe and will not leave the users system prone to any attack. CSV Injection aka Formula Injection. It occurs when websites embed untrusted user input inside CSV files without validating. When the user tries to open the CSV file using any spreadsheet program such as Microsoft Excel or LibreOffice Calc, any cells starting with ‘=’ will be interpreted by the software as a formula. Spreadsheet programs like Microsoft Excel, Open Office, Libre Office Calc are not a new programs. We have been using it to perform different task like calculation, analysis, and visualization of data and information. These software’s provide many formulas and functions which can be used by us in our day to day life. For example: Below image shows the Microsoft Excel allowing to add value of two field and display it in the third field....


Authentication schemes in REST API

In simple terms, authentication means process of verifying the identity of a user. The process consist of simple steps, 1) User tries to connect to web services. 2) Web services asked user for credentials(Identity Information). 3) User provides credentials. 4)Web services verify the identity of the user by verifying provided credentials and responds accordingly....


OAuth Security Overview

In OAuth, “Auth” stands for Authorization as well as Authentication. Before OAuth, there were other authentication methods used to protect the user’s ID and password from other applications. When user accesses a secured web application it first verifies your identity by login us in and then it ensures that users have access only to data or functionality in the application which are authorized. So basic requirements are identity and permission for authentication and authorization. OAuth allowed an application to gain access to users data within another application without knowing the user login ID and password for the second application. When authentication by OAuth is performed, the service provider asks whether a user wants to authorize the request of the third-party application or it has their own authentication.   OAuth History...


Beginner’s Guide to RESTful API VAPT – Part 2

You have got the basic concepts of REST API and how it is implemented. Now let’s get started with the main motto of this post i.e.How to perform VAPT of a REST API web service and what are different issues we should be looking. Finally, the Guide! REST API VAPT is somewhat similar to web application VAPT since we need to look for some standard vulnerabilities that we look for the web application such as SQL Injection, Access Control, XSS, CSRF, etc. Apart from these standard vulnerabilities, we need to look for API specific vulnerabilities also. Enumeration Before attacking any web service it is necessary to know from where you can start attacking. This can be tricky, finding attack surface for a web application is easy as we get GUI to examine different form fields, URLS, etc. But for API we only get API end point. In this stage we need to gather as much information as we can about the API’s endpoints, messages, parameters and behavior and technologies implemented. Following are some helpful points to gather information about the API end points. a) If client provides API programming documentation or configuration files, analyse it thoroughly check how user authentication process is implemented, check URL style used, check what are different standard HTTP headers and non-standard HTTP headers are required to interact with the API service and analyse the error codes and description to get clear idea about the valid range of values an API end point is accepting, how user authentication and authorisation is handled by web service....


Beginner’s Guide to RESTful API VAPT – Part 1

With more and more web applications are developed on top of the web services (RESTful API) many web application penetration tester are wondering exactly how to test these web services and what to actually look for. To help explain how to perform VAPT of REST API, let’s take a quick look at the basics of RESTful API. What is a RESTful API? Before understanding RESTful API let’s take a look at what the term REST actually mean. REST REST stands for REpresentational State Transfer which is a style of web architecture which describes six constraints. Uniform Interface...


Is your Captcha really secure?

Captcha is the challenge solving test used in the computing to distinguish between the human and machine. It is implemented as one of the security feature to stop automation of any process. But what if the any small piece of code is able to solve that challenge and is successful in impersonating the application that the form is been submitted by the human. While performing Web Application Security Assessment for different web application we came across many wrong implementation of Captcha being done by the developer. So here are some of the common mistakes made by the developer while implementing Captcha in your application: Using only numbers with the small length of string. The permutation and combination required to brute force the captcha will be less. Here the length of string is 4. To brute force above string total number of tries will be 10*10*10*10=10000, which is very less....