Abdelhak Kharroubi[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking ApplicationThis is new story about reversing a banking application that use “Xamarin” platform , bypass the integrity of the requests and finding…Nov 26, 2022Nov 26, 2022
Abdelhak Kharroubi[Hacking Bank] Broken Access Control Vulnerability in Banking application [PART II]As I mentioned in Part 1 the story of finding a Critical vulnerability in Banking mobile app , in the Part II,I will explain how I debugged…Oct 10, 20225Oct 10, 20225
Abdelhak Kharroubi[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I]This is the part I of the story about finding a critical Vulnerability in a banking mobile app that allows attackers to obtain full user…Oct 10, 2022Oct 10, 2022
Abdelhak Kharroubibreak and bypass verification emailwith this issue ,i can register and verify my account with any email (not owned :D)Aug 7, 20191Aug 7, 20191
Abdelhak KharroubiCRLF injection allow => cookie injection in root domain & xssintro crlf https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20InjectionAug 6, 20191Aug 6, 20191
Abdelhak Kharroubiself XSS to stored XSS [ think out the box]first , i found self xss in wiki page of tibco web site ,Aug 6, 2019Aug 6, 2019
Abdelhak Kharroubi[sidefx][Poc] user enumeration & no rate limeted in send message functionDescribe Vulnerability :Apr 26, 2019Apr 26, 2019