Sign in

C|EH Master | CNSS | NSE | CCNA Cyber Ops | CPISI | CSFPC

Today I am going to share a POC (Proof of Concept) on a vulnerability that I found on a popular Forum Management System by Q2A. Q2A is a free and open-source content management system to create Question & Answer communities like StackOverflow or Yahoo Answers. These types of management systems are used on sites where users ask questions to get answers from other users. Q2A provides high social engagement with comments, voting, following questions, tags and categories, users and has a powerful points-based reputation system.

How did IT begin?

The adventure began with a friend of mine asking me to resolve a problem that…

This Is What Actually Facebook’s SVG Malware Is Doing. We Had Used W3School’s IDE While Analyzing The Malicious SVG File. We Had Also Changed Some Code Of That Malicious SVG’s File For Decryption Purpose, The Values Have Been Decrypted From The SVG File.

  • After sending the SVG file could have been possibly been auto-loaded or could have required some user interaction.
  • It had been re-directed to [ ], as it was the place for a malicious extension.

Hi, there today I want to share small proof of concept regarding “Reflective Cross-Site Scripting [ R-XSS ]” which I had found on eBay back in 2016. I am not an active participant in bug bounty programs, but one day I had finished all my office works so I was surfing on Facebook and received a message from my brother, Samir, asking for advice regarding some musical instruments. The message contained an eBay link. …

Sometime back I was testing a private site where I was able to execute an XSS. By using the previous XSS I managed to steal CSRF token to bypass CSRF and made an XHR request which leads to another XSS in a different endpoint. After chaining both XSSes It allowed me to execute javascript remotely from the attacker’s control panel(Mine). I used nodejs to deliver my malicious commands from the control panel to the target’s browser. I could even steal credentials, any keystrokes, change whole security questions, passphrase and what not of the target. So, that target won’t be able…

Aug 14, I was testing one web application and going through error parameters and then found a Reflected XSS.

http://Redact/Redact.EXT?errorMsg=<Vulnerable End-point>

I did not think to find an R-XSS was the kind of critical vulnerability I was looking for. Next, I was going to go for CSRF but the site had CSRF protection so that was not possible. Continuing my search, I stumbled upon a page where you could change passwords but there was no “Old Password” field. Due to the CSRF protection, an attacker could not remotely change to a new password. …

While testing on a PRIVATE site back on Dec 19, 2017. I found a “commonfunctions.js” in the source code. That “commanfunctions.js” contained a path from where the pdf’s were downloadable. That point was vulnerable to LFI (Local File Inclusion).

Hi guys, so today I am going to present a security issue that I found on a website that is famous among the information security researchers. Samy Kamkar is an American privacy and security researcher, computer hacker, entrepreneur and for me a very big influencer. Samy Kamkar is the person who created the first JavaScript-based worm known as Samy Worm which went viral within a few hours ultimately compelling myspace to shut down temporarily.

I was explaining the work of Samy Kamkar to one of my friends. Samys site has so many easter-egg like challenges. We are not allowed to…

Nirmal Dahal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store