Andmp | A blog about infosec, bug hunting and more!

Home
about
contact

Andmp | A blog about infosec, bug hunting and more!

"Good artists copy; great artists steal."

Just another web hacking and vulnerability research blog that details how I use existing knowledge and old ways to discover new vulns ;)

My Vulnerability Disclosure Policy
About Me
InfoSec

Breaking

Featured

ad

Follow the Blog via RSS

Subscribe in a reader

Food

Technology

News

Sports

Post Top Ad

Recent Posts

Wednesday, 8 May 2019

[Advisory] Unpatched URL Address Bar Spoofing Vulnerability in UC Browser 12.11.2.1184 and UC Browser Mini 12.10.1.1192: With the same old one-liner payload...

URL Address Bar Spoofing

nullptr May 08, 2019 0

By nullptr at May 08, 2019 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: android security, mobile security, security vulnerability, UC Browser, UC Browser Security Advisory, UC Browser security vulnerability, unpatched vulnerability, URL Address Bar Spoofing

Tuesday, 23 April 2019

This is how (easily) Indiamart gave away access to their Internal corporate secrets and Dev Instances

nullptr April 23, 2019 0

By nullptr at April 23, 2019 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: corporate secrets, data leak, Indiamart, internal panel, security breach, security vulnerability, vulnerability

Wednesday, 10 April 2019

[Unpatched Vulnerability] CVE-2019-11015: Lock Screen Auth Bypass leading to Sensitive Information Disclosure and an Improper Access Control issue in Xiaomi MIUI OS (latest stable releases affected)

nullptr April 10, 2019 1

By nullptr at April 10, 2019 1 comment:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: advisory, CVE, Mi, MIUI, mobile security, security, sensitive information disclosure, unpatched vulnerability, Xiaomi

Monday, 8 April 2019

0day Alert: URL Spoofing Bypassed for latest Mint Browser 1.6.4 by Renwa

xiaomi security issue

nullptr April 08, 2019 0

By nullptr at April 08, 2019 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: mobile security, Xiaomi, xiaomi browser 0day, xiaomi browser vulnerability, xiaomi security issue

Sunday, 7 April 2019

0day Alert: Bypassing CVE-2019-10875 or, Xiaomi's Mint Browser's URL Spoofing patch: Discovered by Renwa

xiaomi security issue

nullptr April 07, 2019 0

By nullptr at April 07, 2019 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: 0day, mobile security, Xiaomi, xiaomi browser 0day, xiaomi browser vulnerability, xiaomi security issue

Friday, 5 April 2019

Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

xiaomi security issue

nullptr April 05, 2019 2

By nullptr at April 05, 2019 2 comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: Mi, PoC, vulnerability, Xiaomi, xiaomi browser vulnerability, xiaomi security issue

Sunday, 31 March 2019

The case of an unusual $10k worth content-based Blind SQLi in a Private Program

nullptr March 31, 2019 2

By nullptr at March 31, 2019 2 comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: Blind SQLi, bug bounty writeup, content based, SQL injection

Saturday, 1 December 2018

How I managed to get an @Google.com email address, bypassing their previous patch!

Gopal Singh December 01, 2018 0

By Gopal Singh at December 01, 2018 No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: bug bounty, Business logic bugs, google, google issue tracker bug, hacking, hacking google, InfoSec, security, security testing, security writeup, ticket trick

Older Posts Home

Post Bottom Ad

About Author

A Security Researcher and Bug Hunter based in India.

Author

Food

Videos

Socialize

facebook count=3.5k;
Followers
twitter count=3.3k;
Followers
gplus count=735;
Followers
youtube count=2.8k;
Followers
pinterest count=524;
Followers
instagram count=849;
Followers

Blog Archive

▼ 2019 (7)
- ▼ May (1)
  - [Advisory] Unpatched URL Address Bar Spoofing Vuln...
- ► April (5)
- ► March (1)

► 2018 (5)
- ► December (1)
- ► November (1)
- ► August (1)
- ► February (1)
- ► January (1)

► 2017 (1)
- ► April (1)

Menu - Pages

Home

Recent

Popular

Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

Introduction Are Chinese device makers on purpose making their software and OS insecure for international markets? Chinese manufactur...
[Unpatched Vulnerability] CVE-2019-11015: Lock Screen Auth Bypass leading to Sensitive Information Disclosure and an Improper Access Control issue in Xiaomi MIUI OS (latest stable releases affected)

So, as promised on Twitter, the wait ends, new security vulnerability full disclosure in Xiaomi! MiSRC team accepted and confirme...
[Advisory] Unpatched URL Address Bar Spoofing Vulnerability in UC Browser 12.11.2.1184 and UC Browser Mini 12.10.1.1192: With the same old one-liner payload...

Brief I discovered an URL Address Bar spoofing vulnerability in the latest version of the UC Browser 12.11.2.1184 and UC Browser Mini ...
This is how (easily) Indiamart gave away access to their Internal corporate secrets and Dev Instances

I tried to reach out to the IndiaMart folks regarding the security issues I found there but sadly didn't find a proper channel to repo...
How I managed to get an @Google.com email address, bypassing their previous patch!

The Google Bug Tracker helps them(Google) in tracking through different bugs and security issues, but Gopal, a highly skilled security re...

Comments

Archive

Sponsor

Technology

Tags

0day advisory android security beef projec beef xss framework Blind SQLi bug bounty bug bounty writeup Business logic bugs content based corporate secrets CVE data leak google google issue tracker bug hacking hacking google hostile subdomain takeovers Indiamart InfoSec internal panel Mi MIUI mobile security penetration testing PoC Reddit security security breach SECURITY RESEARCH security testing security vulnerability security writeup sensitive information disclosure SQL injection SSRF Subdomain takeovers ticket trick UC Browser UC Browser Security Advisory UC Browser security vulnerability unpatched vulnerability URL Address Bar Spoofing vulnerability vulnerability analysis vulnerability assessment vulnerability testing framework Xiaomi xiaomi browser 0day xiaomi browser vulnerability xiaomi security issue

Pages

Home

Tags

0day (1) advisory (1) android security (1) beef projec (1) beef xss framework (1) Blind SQLi (1) bug bounty (2) bug bounty writeup (1) Business logic bugs (1) content based (1) corporate secrets (1) CVE (1) data leak (1) google (1) google issue tracker bug (1) hacking (2) hacking google (1) hostile subdomain takeovers (1) Indiamart (1) InfoSec (1) internal panel (1) Mi (2) MIUI (1) mobile security (4) penetration testing (1) PoC (1) Reddit (1) security (2) security breach (1) SECURITY RESEARCH (1) security testing (3) security vulnerability (2) security writeup (2) sensitive information disclosure (1) SQL injection (1) SSRF (1) Subdomain takeovers (1) ticket trick (1) UC Browser (1) UC Browser Security Advisory (1) UC Browser security vulnerability (1) unpatched vulnerability (2) URL Address Bar Spoofing (1) vulnerability (2) vulnerability analysis (1) vulnerability assessment (1) vulnerability testing framework (1) Xiaomi (4) xiaomi browser 0day (2) xiaomi browser vulnerability (3) xiaomi security issue (3)

Connect With us

34.2k likes

Like

28.6k followers

Follow

8.6k subscribers

Subscribe

17.3k followers

+1

Recent News

About Me

An independent security researcher.
Learn More →

Contact Form

Name

Email *

Message *

Categories

Crafted with by TemplatesYard