The program does not release or incorrectly releases a resource before it is made available for re-use.the function fails to release a lock it acquires, which might lead to deadlock.
The Android activity fails to release the Android database handler in its
onDestroy() event handlers.An Android activity fails to release the Android database handler in its
onDestroy() event handlers.
The Android activity maintains an Android SQLite database handler that is not closed in
onDestroy() callback. The Android OS invokes these callbacks whenever it needs to send the current activity to the background, or when it needs to temporarily destroy the activity when system resources are low. By failing to close the database properly, the activity can potentially exhaust the device of available cursors if the activity is constantly restarted. …
A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle.
Buffer overflow is probably the best known form of software security vulnerability. Most software developers know what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly-developed applications are still quite common. Part of the problem is due to the wide variety of ways buffer overflows can occur, and part is due to the error-prone techniques often used to prevent them.
In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an undersized stack buffer. The result is that information on the call stack is overwritten, including the function’s return pointer. The data sets the value of the return pointer so that when the function returns, it transfers control to malicious code contained in the attacker’s data. …
When security and privacy demand clash, privacy should usually be given a higher priority. To accomplish this and still maintain required security information, cleanse any private information before it exits the program.
To enforce good privacy management, develop and strictly adhere to internal privacy guidelines. The guidelines should specifically describe how an application should handle private data. If your organization is regulated by federal or state law, ensure that your privacy guidelines are sufficiently strenuous to meet the legal requirements. Even if your organization is not regulated, you must protect private information or risk losing customer confidence
There are several problems with this example. First of all, with the aid of default, WebView credentials are stored in undeniable text and are not hashed. So if a person has a rooted device (or makes use of an emulator), she is capable of reading saved passwords for given sites. Second, undeniable textual content credentials are broadcast to all of the registered receivers, this means that any receiver registered to listen to intents with the SEND_CREDENTIALS motion will acquire the message. The broadcast isn’t always even blanketed with permission to restrict the wide variety of recipients, despite the fact that in this case, we do not recommend the use of permissions as a fix. …
Redirects allow web applications to direct users to different pages within the same application or to external sites. Applications utilize redirects to aid in site navigation and, in some cases, to track how users exit the site. Open redirect vulnerabilities occur when a web application redirects clients to any arbitrary URL that can be controlled by an attacker.
An Open Redirection is when a web application or server uses an unvalidated user-submitted link to redirect the user to a given website or page. Even though it seems like a harmless action to let a user decide to which page he wants to be redirected, such technique if exploited can have a serious impact on the application security, especially when combined with other vulnerabilities and tricks. …
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).
Most of us are addicted to social networks, and image sharing is one of the most utilized
features of these platforms. But sometimes when we share these pictures it’s not just the
image that we are sharing but might also the exact location where that picture was taken.
Creepy is a Python application which can extract out this information and display
the geolocation on a map. Currently Creepy supports search for Twitter, Flickr, and
Instagram. It extracts the geolocation based on EXIF information stored in images,
geolocation information available through application programming interface (API),
and some other techniques. …
Pro Tips For Bug Bounty
1) clear your mindset about bugbounty ( learning > money)
2) Always focus the target as it’s a fresh one
3) Always look at the path less visited. Hunt on subdomain rather than main domain
4) Don’t rely only an online courses and videos. Reading books and blogs gives much better insight
5) Don’t ask people to share their Poc videos. If they wanted to flaunt would’ve share it before
6) Follow everyone from infosec (Twitter). Hands on people’s latest blog as soon they are available
7) Don’t feel your starting late.its …
An iFrame injection is a very common cross-site scripting (or XSS) attack. It consists of one or more iFrame tags that have been inserted into a page or post’s content and typically downloads an executable program or conducts other actions that compromise the site visitors’ computers. In the best case, Google may label the site “malicious.” The worst case is that the site owner and visitors end up with malware-infected computers.
frame injection, which occurs when a frame on a vulnerable web page displays another web page via a user-controllable input.
GET /search.jsp?query=%3Ciframe%20src=%22https://google.com/?%22%3E%3C/iframe%3E HTTP/1.1
</iframe><iframe src="vbscript:msgbox(1)"></iframe> (IE)<iframe src="data:text/html,<script>alert(0)</script>"></iframe> (Firefox, Chrome…
During the assessment, I have found the debug URL on xyz.com which is disclosing the error logs..
sorry i can’t disclose website name …
when i start to recon and try to find bugs on this program .
i tried many things like xss,idor,nd etc….(nothing spot)
when i try to find xss .. then most of the time i got error (xyz.com/errors)
after one day i tried some diff payloads and many thing but nothing works.
anything i tried (random xss payload) it was always redirect one page(xyz.com/errors)
then after few hours i try this
GET /errors/errors.log HTTP/1.1
Modern web browsers support a
secure flag for each cookie. If the flag is set, the browser will only send the cookie over HTTPS. Sending cookies over an unencrypted channel can expose them to network sniffing attacks, so the secure flag helps keep a cookie's value confidential. This is especially important if the cookie contains private data or carries a session identifier.
In this case a cookie is created but
setSecure() is not called or is called with the value
Example: In the example below, a cookie added to the response without setting the
HttpCookie cookie = new HttpCookie("emailCookie", email);