Andmp | A blog about infosec, bug hunting and more!: vulnerability

Home
about
contact

"Good artists copy; great artists steal."

Just another web hacking and vulnerability research blog that details how I use existing knowledge and old ways to discover new vulns ;)

My Vulnerability Disclosure Policy
About Me
InfoSec

Breaking

Post Top Ad

Showing posts with label vulnerability. Show all posts

Tuesday, 23 April 2019

This is how (easily) Indiamart gave away access to their Internal corporate secrets and Dev Instances

vulnerability

Arif Khan April 23, 2019 0

By Arif Khan at April 23, 2019

Reactions:

No comments: Links to this post

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: corporate secrets, data leak, Indiamart, internal panel, security breach, security vulnerability, vulnerability

Arif Khan

Bug hunter and vulnerability researcher

Friday, 5 April 2019

Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

xiaomi security issue

Arif Khan April 05, 2019 10

By Arif Khan at April 05, 2019

Reactions:

10 comments: Links to this post

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: Mi, PoC, vulnerability, Xiaomi, xiaomi browser vulnerability, xiaomi security issue

Arif Khan

Bug hunter and vulnerability researcher

Older Posts Home

Post Bottom Ad

About Author

A Security Researcher and Bug Hunter based in India.

Author

Socialize

facebook count=3.5k;
Followers
twitter count=3.3k;
Followers
gplus count=735;
Followers
youtube count=2.8k;
Followers
pinterest count=524;
Followers
instagram count=849;
Followers

Twitter

Tweets by payloadartist

Follow by Email

Blog Archive

▼ 2019 (7)
- ▼ May (1)
  - [Advisory] Unpatched URL Address Bar Spoofing Vuln...
- ► April (5)
- ► March (1)

► 2018 (7)
- ► December (1)
- ► November (1)
- ► September (1)
- ► August (2)
- ► February (1)
- ► January (1)

► 2017 (1)
- ► April (1)

Menu - Pages

Home
Packetstorm

Recent

How I managed to get an @Google.com email address, bypassing their previous patch!

The Google Bug Tracker helps them(Google) in tracking through different bugs and security issues, but Gopal, a highly skilled security re...
Escalating SSRF in a Vulnerable Jira Instance to RCE via Docker Engine API

Originally posted by me on Reddit. This is just a repost of what I wrote there on /r/netsec, and formatting is a bit awkward. Due to some...
Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

Introduction Are Chinese device makers on purpose making their software and OS insecure for international markets? Chinese manufactur...
OSCP Review - Cracking OSCP at 17

Meet Kunal, a friend and fellow security researcher and hacker, the youngest boy to crack OSCP in India at the age of 17, all at the ag...
The case of an unusual $10k worth content-based Blind SQLi in a Private Program

Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that asks the database true or false questions and de...

Comments

Sponsor

Technology

Tags

0day (1) advisory (1) android security (1) beef projec (1) beef xss framework (1) Blind SQLi (1) bug bounty (2) bug bounty writeup (1) Business logic bugs (1) certification (1) content based (1) corporate secrets (1) csrf (1) CVE (1) data leak (1) First guy to crack OSCP at 17 (1) google (1) google issue tracker bug (1) hacker (1) hacking (3) hacking google (1) hostile subdomain takeovers (1) Indiamart (1) InfoSec (2) internal panel (1) Mi (2) MIUI (1) mobile security (4) Offensive Security Certified Professional (1) OffSec (1) OSCP (1) OSCP review (1) penetration testing (2) pentest (1) PoC (1) Reddit (1) security (4) security breach (1) security certifications (1) SECURITY RESEARCH (1) security testing (3) security vulnerability (2) security writeup (2) sensitive information disclosure (1) SQL injection (1) SSRF (1) Subdomain takeovers (1) ticket trick (1) UC Browser (1) UC Browser Security Advisory (1) UC Browser security vulnerability (1) unpatched vulnerability (2) URL Address Bar Spoofing (1) vulnerability (2) vulnerability analysis (1) vulnerability assessment (1) vulnerability testing framework (1) Xiaomi (4) xiaomi browser 0day (2) xiaomi browser vulnerability (3) xiaomi security issue (3)

Connect With us

34.2k likes

28.6k followers

8.6k subscribers

17.3k followers

About Me

An independent security researcher.
Learn More →

Contact Form

Name

Email *

Message *

Breaking

ad

Post Top Ad

Tuesday, 23 April 2019

This is how (easily) Indiamart gave away access to their Internal corporate secrets and Dev Instances

Friday, 5 April 2019

Xiaomi URL Address Bar spoofing w/ SSL vulnerability or, CVE-2019-10875 - Was it intentionally kept in the global versions by Xiaomi?

Post Bottom Ad

About Author

Twitter

Follow by Email

Blog Archive

Menu - Pages

Recent

Popular

Comments

Archive

Sponsor

Technology

Tags

Pages

Tags

Connect With us

Recent News

About Me

Contact Form

Categories