632 matches found
Brave Software: Status Bar Obfuscation
Summary: In this issue, Brave's Status Bar will show the link where the user will be redirected but after he clicks the link, he redirected to other website. Products affected: Latest Version of Brave Steps To Reproduce: 1. Open the HTML file 2. You will see a hyperlink of google.com, So hover yo...
Brave Software: URI Obfuscation
Summary: Typically, when obfuscating a URL, you must trick someone into viewing a website they did not want to view by tempting them with something they are familiar with. Products affected: Latest Version of Brave in Windows Steps To Reproduce: We can trick someone into viewing it like this:...
Brave Software: [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html
go to https://brave.com/braveyouthprogramsignup.html click become an ambasador insert malicious payloads in the fields YOU JUST WON 1m$ you will receive a mail like in the image attached. You can send phising emails and do other bad stuff. If you need more details i'm here...
Brave Software: Brave: Admin Panel Access
Steps to reproduce While browsing through the https://blog.brave.com/admin, it is getting redirected to a admin login panel https://brave.ghost.io/ghost/signin/. Consequence An attacker can easily enumerate this admin panel with the url such as https://blog.brave.com/admin and with brute force...
Brave Software: 2 Directory Listing on ledger.brave.com & vault-staging.brave.com
Hi Brave team, Have found 2 Directory listing on: - https://ledger.brave.com/swaggerui/ - https://vault-staging.brave.com/swaggerui/ Refer to screenshosts for clarification: F127337 F127336...
Brave Software: Homograph attack
Summary: when we add a site to our Homepage, it's not validate a url properly, make sure it's display the punycode. Products affected: Brave 0.12.4 Tested on mac os Steps To Reproduce: In browser add homepage with IDN http://ebаy.com/ now close and open browser again you can see it's redirect to...
Securing a travel iPhone
These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus...
FINAL FANTASY BRAVE EXVIUS - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application FINAL FANTASY BRAVE EXVIUS published at the 'play' market has multiple vulnerabilities...
BLEACH Brave Souls - Dynamic Code Loading, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application BLEACH Brave Souls published at the 'play' market has multiple vulnerabilities...
Brave Trials - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Brave Trials published at the 'play' market has multiple vulnerabilities...
Brave Frontier RPG - Customized SSL, Redefined SSL Common Names verifier, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Brave Frontier RPG published at the 'play' market has multiple vulnerabilities...
Brave Cross - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Brave Cross published at the 'play' market has multiple vulnerabilities...