Vulnerabilities

Hacking the Dutch Government – Responsible Disclosure

Hacking the Dutch Government – Responsible Disclosure

Security, Vulnerabilities
... and all I got was a lousy t-shirt The Dutch Government "Rijksoverheid" has this responsible disclosure program where if you manage to find a vulnerability in one of their systems, they reward you with a shirt having a small logo of their National Cyber Security Centre (NCSC) together with "I hacked the Dutch Government and all I got was this lousy t-shirt". Quite humorous eh? So visiting one of their websites I've managed to find a CHANGELOG.txt which is a file commonly left when an administrator installs and doesn't clean up. This CHANGLOG.txt basically shows critical information. Seeing that the current Drupal version installed is 7.43 (which is already outdated), one might think that this should be vulnerable to CVE-2018-7600 or "Drupalgeddon", a vulnerability that ...
Trovisio Responsible Disclosure – Password Hash Leakage

Trovisio Responsible Disclosure – Password Hash Leakage

Security, Vulnerabilities
Getting another opportunity to become part of a hall of fame for security related contributions is pretty cool and this was because of a very simple bug which was not noticed during the development of the system. Last time I saw this kind of issue was a few months ago when I was working on a back-end system for a client and finding this again on another website basically means that it's probably common out there. During my initial non-intrusive information gathering, I found a lot of API links which made me test them for some basic responses and they seemed pretty secure until I opened the console of Chrome. After noticing that the APIs were throwing console logs, I visited a few pages and guess what popped up? It was the password hash! This happened when the page "Account Se...
HP Responsible Disclosure – Information Leakage

HP Responsible Disclosure – Information Leakage

Security, Vulnerabilities
After finding a security issue from the website of Asus, I started wandering through a list of tech giants and I ended up seeing information that wasn't meant to be seen by the public eyes. Hewlett-Packard or popularly known as "HP" had some information leakage on their website "recycle.ext.hp.com" which I discovered by reading a Javascript file. This client-side script had pretty interesting information that led me to read each block until I found a function that was possibly deprecated due to its function name having the word "old". When I extracted the URL and visited it manually, it was actually responsive leading me to some kind of a job order https://recycle.ext.hp.com/index.php?process=print&type=order&target=20 (This obviously won't work now because it has been fixed...
ASUS Responsible Disclosure – SQL Injection

ASUS Responsible Disclosure – SQL Injection

Security, Vulnerabilities
My CCNA CyberOps scholarship has finally ended which means more time to fool around in the internet! Yey! So recently, I decided to pursue some bug hunting because it has been a while since my last "capture the flag" practice and am already forgetting how to use tools in Kali. This made me look for some popular sites and led me to visit asus.com. After some information gathering, I came across the domain etrip.asus.com which then forwarded me to a Javascript file etrip.asus.com/eTrip/HO-js.js. Reading the script showed another file with a .jsp extension which had some parameters. I first visited the link without any parameters as I didn't really know what values are marked 'correct' in the system. After visiting, it just spitted out the source code which made me say "Wow! Tha...
Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Vulnerabilities
  During college days, my group mates and I bought this IP camera for a final project before finishing our program. It was a pretty cheap deal from a Chinese site so we didn't hesitate on buying it. After learning how to install and use it, we successfully integrated it in our system, passed the project, got our diplomas, and had this IP camera thrown back to its box. Over the past few days, I decided to take it out again and did some installing at home but here came the problem, I forgot what the password was! Although even if I remembered the password for the web interface, I didn't even know what port the service was running. Now the first thing that a person would probably do is press that 'factory reset' button so the default settings would go back but believe me, it wa