The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on March 26, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 15 to 22 of March.
This is an awesome trick for any bug hunter who uses Chrome. You can create shortcuts to query sites like Shodan, VirusTotal, RiskIQ, etc.
For instance, you can type
s google (for
To do this, go to Settings in Chrome, then Manage search engines. Add a new one with
s as the Keyword and
https://www.shodan.io/search?query=org%3Agoogle as the URL.
[Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure ($7,500)
This is a very interesting bug found on GrabTaxi’s Android and iOS apps. It’s the equivalent of an open redirect on mobile apps: some deeplinks missing validation “direct users to load any attacker-controlled URL within a webview”.
In case you’re wondering, a deep linking is a URI that links to a specific location within a mobile app rather than simply launching the app (Wikipedia definition).
One of the vulnerable deeplinks looks like this:
https://s3.amazonaws.com/edited/page2.html, created by the bug hunter, contains code that calls getGrabUser, a method defined within the app which returns sensitive information on the user.
So using the vulnerable deeplink, it is possible to execute attacker-controlled code that steals the victim’s sensitive information.
New XS-Leak techniques reveal fresh ways to expose user information
I’ve encountered many articles on XS-Search this last couple of weeks. If, like me, you’re just hearing about this type of attack, this article is an excellent introduction.
It explains what it is briefly and references different publications about it. It’s worth to dive into each one, since XS-Search is said to be the next XSS.
This is a simple vueJS app which generates commands based on what you choose: For example, you enter a target, select a wordlist and a list of extensions, and the app generates a complete dirsearch command for you.
This is great for anyone who uses several tools with different options each time (like nmap, sqlmap, dirsearch, wfuzz, massdns…).
A visual command generator allows for more flexibility than creating multiple aliases for the same command with different options.
But the app is meant to be customized to add tools based on your own testing workflow.
This is a site by the author of the #365DaysOfPWN Medium articles I’ve been sharing in the previous newsletters.
The site is more organized and is updated at least once a day. It’s an amazing resource for pentesters and red teamers (and for OSCP)!
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 03/15/2019 to 03/22/2019
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…