Videos

Tue
12
May
Editorial_Staff_Team's picture

Facebook 2015 (Video) - Filter Bypass & Unauthorized Exception Redirect Vulnerability

Facebook 2015 (Video) - Filter Bypass & Unauthorized Exception Redirect Vulnerability

A filter validation issue is existant in the exception-handling that normally redirects to the original facebook source. Ever if an error comes up the website will show the context in the secure exception and redirects on okey click to the original valid source. In case of terminating the string (%00%00_%3F) with extended <_ it is possible to bypass the exception-handling filter exception to redirect invalid source to an external target.

The video demonstrates how to bypass the filter validation by confusing the context copying with the non encoded url that invalid. By generating a payload that is ahead in the display value and atleast in the url ref the target exception redirect can be manipulated.

Mon
04
May
Editorial_Staff_Team's picture

Grindr Account System - Session Auth Bypass Vulnerability (Video)

Grindr Account System - Session Auth Bypass Vulnerability (Video)

Due to the successful participation in the bc flex security program the core team discovers today a security video that demonstrates a session auth bypass vulnerability in the grindr account system. The vulnerability has been patched in april next to the end of the bug bounty competition. The issue is that due to the password change the app is allowed to request through the browser the service.

Pages

Subscribe to RSS - Videos