Note: The following article was published on 16/01/2017 on https://FogMarks.com
As promised in the last case-study, today we are going to see a very interesting case-study, with an interesting twist.
Note: The following article was published on 16/07/2019 on https://FogMarks.com
oday’s case-study does not involve any vulnerability at all.
Yes — you heard me. No XSSes, no open redirects, no CSRFs or IDORs. Nothing. Nada.
We’ll only learn about a wrong implementation that was used by Tinder in order to integrate their users Instagram accounts on their platform.
While joking with (Ok, more like on) a friend about that the only way he’ll get a match on Tinder is if he’ll find a vulnerability for it, I have started to read about recent security vulnerabilities Tinder has suffered. So…
Note: The following article was published on 25/12/2016 on https://FogMarks.com
appy Hanukkah and Marry Christmas to you all!
The end of the year is always a great time to wrap things up and set goals for the next year. And also to get super-drunk, of course.
In today’s holiday-special case-study we’ll examine a case where an attacker from one website can affect an entire other website, without accessing the second one at all. But before that, we need to talk a bit about Self XSS.
Basically, Self XSS is a stupid vulnerability. Usually, to be attacked, victims need to…
Note: The following article was published on 27/11/2016 on https://FogMarks.com
Sorry for the no-new-posts-November, FogMarks has been very busy experiencing new fields and worlds. But now — we’re back on baby!
oday’s case-study is about an old incident (and by “old” I mean 3 months old), but due to recent developments in an active research of a very known company’s popular product, I want to present and explain the huge importance of having an Anti-IDOR mechanism in your application.
Note: The following article was published on 13/09/2016 on https://FogMarks.com
“Fences were made to be jumped over” — John Doe
you might have already guessed (or not), today’s case-study is all about open redirects, and bypassing mechanisms that were made to prevent them. Fun!
I have already shared with you my thoughts about open redirects and their consequences on the website’s general security.
Now it is the time to demonstrate how open redirects can be achieved by manipulating the AOR (Anti Open Redirects) mechanism.
A great example for a great AOR is again Facebook’s linkshim system. Its basically attaching…
Note: The following article was published on 09/08/2016 on https://FogMarks.com
what way do you interact with private information of your users? I mean to information like their full name, email address, living address, phone number or any other kind of information that may be important to them, or information they’d rather keep private.
Today’s case-study talks just about that. Parental advisory: Parental advisory: Explicit content. Just kidding.
We will talk about the way private objects (and I’ll explain my interpretation of the term ‘objects’ later on) should be handled, and then we will see 2 neat examples from vulnerabilities…
Note: The following article was published on 24/07/2016 on https://FogMarks.com
PoC video is at the bottom of this case-study.
oday’s case-study will discuss the importance of having a Token Management Mechanism.
Every web application which supports users authentication will normally use a token for validating ‘critical’ actions users initiating do.
Facebook, for example, automatically adds a token at the end of any link a user provide, sometimes even to pages within Facebook. This mechanism is called ‘Linkshim’ and it is the primary reason why you rarely hear about Facebook open redirects, CSRFs or clickjacking vulnerabilities. Facebook’s method is pretty…
Note: The following article was published on 13/06/2016 on https://FogMarks.com
few years ago, when FogMarks was not even a tiny idea or a vision in my head, I used to do casual programming jobs on Fiverr.
One of the jobs/gigs I was asked to do is to cause a user in site x.com to be redirected to Facebook.com and then, without an action from his side, to be redirected to a y.com site. I didn’t realize back then why would someone want that kind of thing. Why not just simply redirect the user directly to y.com? I asked the…
Note: The following article was published on 16/05/2016 on https://FogMarks.com
fter reading some blog posts about Mozilla’s Addons websites, I was fascinated from this python-based platform and decided to focus on it.
The XSS vector led basically to nowhere. The folks at Mozilla did excellent job curing and properly sanitizing every user input.
This led me to change my direction and search for the most fun vulnerabilities — logic flaws.
Most people don’t know, but the fastest way to track logic-based security issues is to get into the mind of the author and to try and think from his…
Note: The following article was published on 03/04/2016 on https://FogMarks.com
hen Facebook was just a tiny company with only a few members, it needed a way to get more members.
Today, when you want more visitors to your site, you advertise on Facebook, because everybody is there.
Back then, the main advertising options were manually post advertisements on popular websites (using Google, for instance), or getting your members invite their friends using their email account.
When a user joined Facebook at its early days, there was literally nothing to see. …