Vulnerabilities

HP Responsible Disclosure – Information Leakage

HP Responsible Disclosure – Information Leakage

Security, Vulnerabilities
After finding a security issue from the website of Asus, I started wandering through a list of tech giants and I ended up seeing information that wasn't meant to be seen by the public eyes. Hewlett-Packard or popularly known as "HP" had some information leakage on their website "recycle.ext.hp.com" which I discovered by reading a Javascript file. This client-side script had pretty interesting information that led me to read each block until I found a function that was possibly deprecated due to its function name having the word "old". When I extracted the URL and visited it manually, it was actually responsive leading me to some kind of a job order https://recycle.ext.hp.com/index.php?process=print&type=order&target=20 (This obviously won't work now because it has been fixed...
ASUS Responsible Disclosure – SQL Injection

ASUS Responsible Disclosure – SQL Injection

Security, Vulnerabilities
My CCNA CyberOps scholarship has finally ended which means more time to fool around in the internet! Yey! So recently, I decided to pursue some bug hunting because it has been a while since my last "capture the flag" practice and am already forgetting how to use tools in Kali. This made me look for some popular sites and led me to visit asus.com. After some information gathering, I came across the domain etrip.asus.com which then forwarded me to a Javascript file etrip.asus.com/eTrip/HO-js.js. Reading the script showed another file with a .jsp extension which had some parameters. I first visited the link without any parameters as I didn't really know what values are marked 'correct' in the system. After visiting, it just spitted out the source code which made me say "Wow! Tha...
Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Vulnerabilities
  During college days, my group mates and I bought this IP camera for a final project before finishing our program. It was a pretty cheap deal from a Chinese site so we didn't hesitate on buying it. After learning how to install and use it, we successfully integrated it in our system, passed the project, got our diplomas, and had this IP camera thrown back to its box. Over the past few days, I decided to take it out again and did some installing at home but here came the problem, I forgot what the password was! Although even if I remembered the password for the web interface, I didn't even know what port the service was running. Now the first thing that a person would probably do is press that 'factory reset' button so the default settings would go back but believe me, it wa
SM Advantage Card Security Issue

SM Advantage Card Security Issue

Vulnerabilities
  February 15, 2017, I was fooling around with my phone and doing my routine check on current points of the accounts that I hold through applications like SM's 'My SMAC'. This routine of mine actually gives me some kind of assurance that the 'expensively' earned points and even my bank balances are still there, untouched, because it pains me to become a victim of 'system problems' which tells you that the points or even the money that you're keeping are gone digitally. Being an SM Advantage member for nearly 11 years, the question came to me, 'How secure is SM's system for keeping my digital information?'. This led me to check out SMAC's website to test a few things and the results were as follow: After visiting a link, I got surprised when presented with information with