Shan Journey

What Is Content Spoofing ? Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain. This attack is typically used as, or in conjunction with, social engineering because the attack is exploiting a code-based vulnerability and a user's trust. PoC Vuln URL :  http://partner-points.line.me/%2f../free%20sticker%20has%20been%20changed%20by%20a%20new%20one%20https://www.evil.com%20so%20go%20to%20the%20new%20one%20since%20this%20one  Reference https://www.owasp.org/index.php/Content_Spoofing https://hackerone.com/reports/181594 https://hackerone.com/reports/154921 Respond Line : 

Content Spoofing or Text Injection On hire.withgoogle.com Text Injection I found some text injection on google web service  Steps to reproduce: 1. Visit the url and see the text attacker injection 2. https://hire.withgoogle.com/sign-in?error=noOauthAccount&emailAddress=please%20login%20on%20evil.com%20because%20someone%20try%20to%20login%20on%20your%20account%20and%20make%20your%20account Sadly, google won't fix this bug. maybe because it's low risk.  Reference :  https://hackerone.com/reports111094 https://www.google.com/search?q=text+injection+hackerone&oq=text+injection+hackerone&aqs=chrome..69i57.6159j0j7&sourceid=chrome&ie=UTF-8 Google Respond

What is the POODLE attack? Padding Oracle On Downgraded Legacy Encryption (POODLE) is an issue that affects SSL 3.0. If an adversary can modify network transmissions between the client and the server they can downgrade the SSL connection to SSL 3.0 and tamper with/decrypt data in transmission. The actual problem stems from the fact that the block cipher padding in CBC encryption in SSL 3.0 is not fully verified during the decryption process. Is *.googlevideo.com Vuln ? actually i test 2 subdomain in googlevideo.com r8---sn-2uuxa3vh-n0cl.googlevideo.com r6---sn-4pvgq-n8ve.googlevideo.com Steps To Reproduce  openssl s_client -connect r8---sn-2uuxa3vh-n0cl.googlevideo.com:443 -ssl3  Output :   $ openssl s_client -connect r8---sn-2uuxa3vh-n0cl.googlevideo.com:443 -ssl3 CONNECTED(00000158) --- Certificate chain  0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googlevideo.com    i:/C=US/O=Google Inc/CN=Google Internet Authority G2  1 s:/C=US/O=Google Inc/CN=Googl

What is the POODLE attack? Padding Oracle On Downgraded Legacy Encryption (POODLE) is an issue that affects SSL 3.0. If an adversary can modify network transmissions between the client and the server they can downgrade the SSL connection to SSL 3.0 and tamper with/decrypt data in transmission. The actual problem stems from the fact that the block cipher padding in CBC encryption in SSL 3.0 is not fully verified during the decryption process. Is line.me vulnerable to POODLE? PoC :  openssl s_client -connect line.me:443 -ssl3 Output :  shan@pasuruanblackhat :~$ openssl s_client -connect line.me:443 -ssl3  CONNECTED(00000003)  depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority  verify return:1  depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA  verify return:1  depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3  verify return:1  depth=0 C = JP, ST = Tokyo, L = Shibuya-ku, O = LINE Corporation, OU = System Operation Team, CN = *.line.me  ve

What is the POODLE attack? Padding Oracle On Downgraded Legacy Encryption (POODLE) is an issue that affects SSL 3.0. If an adversary can modify network transmissions between the client and the server they can downgrade the SSL connection to SSL 3.0 and tamper with/decrypt data in transmission. The actual problem stems from the fact that the block cipher padding in CBC encryption in SSL 3.0 is not fully verified during the decryption process. Is WhatsApp.com & Blog.WhatsApp.com vulnerable to POODLE? root@pasuruanblackhat:/home/shan# openssl s_client -connect blog.whatsapp.com:443 -ssl3 Output :   CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA verify return:1 depth=0 C = US, ST = California, L = Santa Clara, O = "WhatsApp, Inc.", CN = *.whatsapp.com verify return:1 --- Certificate chain 0 s:/C=US/ST