-
Stealing secrets tokens and all private info of hackerearth users
Hi all, I found two bugs in hackerearth. Got T-shirt as swag. 1. cores misconfiguration When i change the origin header in request to https://www.hackerearth.com.evil.com the responce i got was: Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.hackerearth.com.evil.com The backend regex only checks for www.hackerearth.com after https://. So i made a subdomain of www.hackerearth.com.dr3dd.live....
-
Razer Cortex Unquoted Search path Vulnerability - $750 USD
I found this bug in Razer Cortex Service vesion 7.3.23.124 .By default RzKLService.exe runs with system privileges, and it executes RazerCortex.exe with administrator privileges but the way its load this binary i.e RazerCortex.exe is vulnerable to Unquoted Search path Vulnerability. So any attacker to can executes its binary which is...
-
GSoC'19 Final Report | OWASP Foundation
---- GSoC'19 Final Report | OWASP Foundation ( Project- DefectDojo) ---- DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third-party security findings, merging and deduping, integration with Jira, templating, report generation and security metrics....