This is being published with the permission of Uber under the responsible disclosure policy.
The vulnerability detailed in this blog post is being disclosed by
Anand Prakash of AppSecure. This was plugged quickly by the security team at Uber.

This issue is similar to Facebook’s access token leak which was discovered last year https://techcrunch.com/2018/09/28/facebook-says-50-million-accounts-affected-by-account-takeover-bug/

About Uber
Uber is a transportation network company (TNC) headquartered in San Francisco, California. Uber offers services including peer-to-peer ridesharing, taxi cab hailing, food delivery, and a bicycle-sharing system. The company has operations in 785 metropolitan areas worldwide. …


Photo by John Petalcurin on Unsplash

This is being published with the permission of Uber under the responsible disclosure policy.

This post is about an information leakage vulnerability on riders.uber.com in which we identified an public API endpoint of https://riders.uber.com/profile that could send back server tokens and client secret for applications authorized by the account owner to access their Uber account.

As per Uber’s documentation:

“The secret for your application, this should be treated like your application’s password. Never share this with anyone, check this into source code, or post in any public forum. Additionally, this should not be distributed on client devices where users could…


This is being published with the permission of Facebook under the responsible disclosure policy.

The vulnerabilities mentioned in this blog post were plugged quickly by the engineering teams of Facebook and Tinder.

This post is about an account takeover vulnerability I discovered in Tinder’s application. By exploiting this, an attacker could have gained access to the victim’s Tinder account, who must have used their phone number to log in.

This could have been exploited through a vulnerability in Facebook’s Account Kit, which Facebook has recently addressed.

Both Tinder’s web and mobile applications allow users to use their mobile phone numbers…


I am publishing this with the permission of Facebook under the responsible disclosure policy. They have fixed this vulnerability.

This post is about a simple vulnerability I discovered on Facebook which I could have used to hack into other users’ Facebook accounts easily and without any user interaction.

This gave me full access to other users account by setting a new password. I was able to view messages, their credit/debit cards stored under their payment section, personal photos, and other private information.

Facebook acknowledged the issue promptly, fixed it, and rewarded me with a US $15,000 bounty based on the…


Note: This is being published with the permission of Zomato Team. The vulnerability is now fixed.

AppSecure is a specialised cyber security company with years of skill acquired and meticulous expertise. We are here to safeguard your business and critical data from online and offline threats or vulnerabilities.

Contact us: hello@appsecure.security

Zomato is an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife for various cities of India and 21 other countries. It has 62.5 million registered users.

While creating an account, the users can store their phone number, addresses, date of birth, link…


[Responsible disclosure]

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed.

AppSecure is a specialised cyber security company with years of skill acquired and meticulous expertise. We are here to safeguard your business and critical data from online and offline threats or vulnerabilities.

Contact us: hello@appsecure.security

Facebook recently introduced "Say Thanks", an experience that lets Facebook users create a personalized video card for their Facebook friends.

To create a Thanks video, a user needs to visit facebook.com/thanks and needs to choose a friend. A user could select different themes…


Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed.

AppSecure is a specialised cyber security company with years of skill acquired and meticulous expertise. We are here to safeguard your business and critical data from online and offline threats or vulnerabilities.

Contact us: anand.prakash@appsecure.in or sales@appsecure.in

Summary:

This blog post is about an Insecure direct object reference vulnerability in Facebook Notes, using which attacker could have removed all your notes just by replacing his Note id with yours in note editing request.

About Facebook Notes:

Facebook Notes are ways…


Summary

This post is about a critical bug on Uber which could have been used by hackers to get unlimited free Uber rides anywhere in the world. This post also explains few best practices while integrating payment gateways.

Description

Uber Technologies Inc. is an online transportation network company, headquartered in San Francisco, California, with operations in 528 cities worldwide. Users can create their account on Uber.com and book a ride. When the ride is completed a user can either pay cash or charge it to their credit/debit card.

But, by specifying an invalid payment method (for example, abc, xyz, and so on)…


Photo by Charles Deluvio 🇵🇭🇨🇦 on Unsplash

Summary

This blog post is about an Insecure direct object reference vulnerability on Twitter. This vulnerability could have been used by attackers to undertake various activities. For example, they could tweet from other accounts, upload videos on behalf of users, delete pics/videos from the victim’s account, or view private media uploaded by other twitter accounts. All endpoints on studio.twitter.com were vulnerable.

Description

Twitter is an online news and social networking service where users post and interact with messages, called “tweets”, restricted to 140 characters. Registered users can post tweets, but those who are unregistered can only read them. …

AppSecure, Inc.

Making The Internet More Secure

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store