1129 matches found
A week in security (December 17 – 23)
Last week on Labs we looked at Fuchsia OS as a possible alternative for Android, explained all the reasons why cybercriminals want to hack your phone, discussed a flaw in Twitter form that may have been abused by nation states, gave you a Christmas tech scams roundup, revealed why many online...
Cloudflare Launches Android and iOS version of 1.1.1.1 DNS Service
By Waqas Download the app and toggle on it to generate a VPN profile that will automatically reroute the DNS traffic using the 1.1.1.1 DNS servers. On April 1, 2018, Cloudflare and APNIC launched the 1.1.1.1 public DNS service to speed up the searching process for web addresses faster and more...
Infog - Information Gathering Tool
InfoG is a Shellscript to perform Information Gathering. Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan Multi-threaded Check CMS Check DNS leaking Usag...
Cloudflare: DOM XSS on 1.1.1.1(one.one.one.one)
After discussion with Cloudflare on twitter I'm reporting this here. There is a DOM XSS on 1.1.1.1 or one.one.one.one site, it seems like the sink is XMLHR.open,Taint,,, and the source is location.search The PoC url's are: https://1.1.1.1/?ApiLocation=//localdomain.pw...
Chaturbate: [chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter
Hi Team, Found that chatws25.stream.highwebmedia.com is vulnerable to reflected XSS in c parameter, we can verify it with following URL, it is also a Cloudflare filter bypass: https://chatws25.stream.highwebmedia.com/ws/007/tgpraolp/htmlfile?c=███...
Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost
Syncing clocks online is vital to web security...
BillCipher - Information Gathering Tool For A Website Or IP Address
Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...
GHSA-5MC5-5J6C-QMF9 cfscrape Improper Input Validation vulnerability
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...
cfscrape Improper Input Validation vulnerability
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...
Cloudflare: Private API key leakage due to lack of access control
The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...
Mozilla Announces Firefox Monitor Tool Testing, Firefox 61
Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61...
Cloudflare Gets Transparent on DNS Resolver Outage
In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System DNS resolver that matches up URLs say, “cloudflare.com” with their...
Liberapay: Origin IP found, Cloudflare bypassed
Hello team, during the initial assessment of your assets I've come across what seems to be the unprotected origin server for www.liberapay.com. Description The frontend currently resolves to ████ and ███, both owned by Cloudflare, which act as your reverse proxy and WAF. By correlating your SSL...
Cloudflare: Remote file inclusion using "/cdn-cgi/pe/bag2?r[]="
Grampae was able to load arbitrary resources into an HTML response form. The following header parameters provided an HTTP request back although sometimes 30 minutes later: X-Forwarded-For Client-IP Referer Contact X-Wap-Profile Forwarded X-Originated-IP X-Client-IP From User Agent The resource...
A week in security (April 16 – April 22)
Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...
Cloudflare’s new DNS service
Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare the Web Performance & Security Company is offering a free new DNS service. And it helped me improve the speed of my DNS lookups. What is DNS? DNS is short for Doma...
Algolia: Directory traversal at https://msg.algolia.com
Hi, I was able to view the internal server files at https://msg.algolia.com. Please see the attached screenshots for proof. I have tried to reproduce from within firefox and internet explorer without much luck however if you need it I will try to come up with a work around. For reference the...
Cloudflare Launches Publicly DNS-Over-HTTPS Service
Cloudflare is hoping to boost consumer privacy, reduce the threat of man-in-the-middle attacks, and speed up the internet with a new free solution for securing domain name server traffic that uses the encrypted HTTPS channel. On Sunday, the security focused content delivery network provider,...
How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service
Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System DNS resolver,...
Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback
The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...