Vulnerabilities

ASUS Responsible Disclosure – SQL Injection

ASUS Responsible Disclosure – SQL Injection

Security, Vulnerabilities
My CCNA CyberOps scholarship has finally ended which means more time to fool around in the internet! Yey! So recently, I decided to pursue some bug hunting because it has been a while since my last "capture the flag" practice and am already forgetting how to use tools in Kali. This made me look for some popular sites and led me to visit asus.com. After some information gathering, I came across the domain etrip.asus.com which then forwarded me to a Javascript file etrip.asus.com/eTrip/HO-js.js. Reading the script showed another file with a .jsp extension which had some parameters. I first visited the link without any parameters as I didn't really know what values are marked 'correct' in the system. After visiting, it just spitted out the source code which made me say "Wow! Tha...
Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Hacking a Modern CCTV: ESCAM Pearl QF100 IP Camera

Vulnerabilities
  During college days, my group mates and I bought this IP camera for a final project before finishing our program. It was a pretty cheap deal from a Chinese site so we didn't hesitate on buying it. After learning how to install and use it, we successfully integrated it in our system, passed the project, got our diplomas, and had this IP camera thrown back to its box. Over the past few days, I decided to take it out again and did some installing at home but here came the problem, I forgot what the password was! Although even if I remembered the password for the web interface, I didn't even know what port the service was running. Now the first thing that a person would probably do is press that 'factory reset' button so the default settings would go back but believe me, it wa
SM Advantage Card Security Issue

SM Advantage Card Security Issue

Vulnerabilities
  February 15, 2017, I was fooling around with my phone and doing my routine check on current points of the accounts that I hold through applications like SM's 'My SMAC'. This routine of mine actually gives me some kind of assurance that the 'expensively' earned points and even my bank balances are still there, untouched, because it pains me to become a victim of 'system problems' which tells you that the points or even the money that you're keeping are gone digitally. Being an SM Advantage member for nearly 11 years, the question came to me, 'How secure is SM's system for keeping my digital information?'. This led me to check out SMAC's website to test a few things and the results were as follow: After visiting a link, I got surprised when presented with information with