72 matches found
Free and Open Source Interactive HTTPS Proxy: mitmproxy
mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...
Vend VDP: Improper access control on adding a Register to an Outlet
Summary: User without permissions to add a Register to an Outlet can bypass this restriction and add a Register to an Outlet. Description: I do not know which permission exactly controls this action, I tested this against default Cashier role. User with default Cashier role has no permission to a...
International Islamic University Chittagong: Application fees changeable
When i submit the form of the Url http://119.18.148.140/iiuc/home/apply-online then I intercept the form request and change the 500 into 100. Application did not give the option to change the money but by intercepting the request we can change the money. Application should removed the application...
U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website
Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...
RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)
Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...
LocalTapiola: Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi
Hello, Some strange account information modification is ongoing when intercepting and making small modifications to requests in 'investment section'. Login to portal and go to buy shares https://verkkopalvelu.tapiola.fi/jb2/ltvr/purchases or similar and pic 2025 A shares, intercept requests and...
HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...
Gratipay: Authentication errors in server side validaton of E-MAIL
To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed at some point since it'll be pretty easy. I'm going to describe the issue with reproducible steps: 1. Navigate to Gratipay Settings Page...
Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL
Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...
Andiparos - Security tool that can be used for web application security assessments
Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The advantage of Andiparos is mainly the support of Client Certificates ...
SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)
This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read read2 returns 0 and errno is set to -EAGAIN. bnc815621 - Close the connection just before an attempted re-negotiation if data...
WordPress 3.3.2 Cross Site Scripting
Exploit for php platform in category web applications There is a persistent XSS vulnerability in the wordpress version 3.3.2. However, the severity of this finding is very LOW. The detail is as follow, a Login into an admin account b Navigate to Links - Links Categories c Fill up the required...