Info Sec & Developers Blog

 Hi All, I was able to identify stored XSS in one online attendance system i.e. ZKT Eco ADMS (v 3.1-164 )(Automatic Data Master Server) is a powerful web-based time and attendance management software. which is used to configure the attendance devices and manage its users. Cve ID assigned CVE-2022-44213: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44213 Technical details Login to ZKT Eco ADMS (default admin/admin) Click on System and click on Employee Click on Append button to add new Employee In Emp Name field Add your XSS payload. For testing I have used a non malicious code "/><img src=a onerror=alert('stored-XSS');> Click on Submit button, it will redirect you to the employee list, and our payload will be executed. XSS payload embedded in EMP NAME field. our payload executed successfully. XSS has been fixed in latest versions after 3.1-164.

 Hi all, Recently I have faced an issue where I was sending windows logs to my logs collector, however the logs were sent in below format Timestamp, System Hostname , Event-ID, etc etc Since to resolve the hostname to IP address the collector needed access to local DNS server, but there is no local DNS :-P So there are 2 solutions. Create local DNS server, and add all the entries of all the hosts and point the logs collector to this local DNS. Find some work around to be implemented on all the server so it can convert the hostname to its local IP before forwarding it to the logs collector. After googling for around 4-5 hrs. I wasn't able to find any proper solution, every solution which I was reading were converting IP to hostname. So I started reading the documentations of NXLOG and found a core function which can be used to convert the Hostname to Host IP.  Lets assume you have already configured the INPUT entity in the NXLOG config file and you know which logs to be co...

 Hi all, I am here with new post. Recently I have identified a csv injection vulnerability in one of the web-based time and attendance management software. Below are the details: Software Description: ZKBio Time is a powerful web-based time and attendance management software. With a powerful data handling capacity, the system can manage the attendance data of 10,000 employees. It can easily handle hundreds of devices and thousands of employees and their transactions. ZKBio Time comes with an intuitive user interface is able to manage timetable, shift and schedule and can easily generate attendance reports. Impacted Version: 8.0.7 (Build: 20220721.14829) and before. CVE ID: CVE-2022-40472 Vulnerability details: Login to ZKBio Time Application In the left Menu click on Messages -> Public Click on ADD new message button Write your Device Serial Number Mention any date/time and duration In Content Field Add your CSV injection payload. As shown below Any user who extract th...

 Hi All, So today i was testing one exploit but on windows it was not showing the colors which was very annoying, i tried to install colorama, termcolor. however nothing worked, the exploit was still showing ASCI instead of colors. as shown below After alot of search i was able to fix it, it requires alittle modification of the exploit. 1st make sure to  install colorama, termcolor. For Python 2.7 x pip install colorama pip install termcolor For Python 3x pip3 install colorama pip3 install termcolor Next open the file in notepad or any other editor and add below lines at the start of script; import os os.system("") Save the script and re-run it, it will give start showing the color codings Thanks

 Hi all,  I was using Acunetix version 13.0.201217092 for scanning purposes back in Jan 2021, and I was able to identify CSV Injection vulnerability in the web scanner. Any user who is not the administrator can perform these actions which can lead to admin system compromise. For testing I used the Admin account. Lets get to the technical details. CVE ID Assigned:  CVE-2022-29315  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29315 https://www.cve.org/CVERecord?id=CVE-2022-29315 Vulnerable Version: Before version 14 Fixed Version: 14 and 14+ # Software description: Acunetix by Invicti Security is an application security testing tool built to help small & mid-size organizations around the world take control of their web security. # Technical Details & Impact: It was observed that Target page is vulnerable to CSV Injection, using CSV injection; Maliciously crafted formulas can be used for three key attacks: Hijacking the user's computer by exploiting...

 So As discussed in Part 1, the 1APP has implemented another trick to avoid bypassing SSL Pinning. Before they were focusing on CA certificates present in device. Which we were able to bypass by putting our burpsuite certificate in CA directory. Now After update the Old trick was not working. To understand the implemented fix, I have decompile the APK again and In "resources\res\xml" directory I checked for "network_security_config.xml" after reviewing the XML file I Saw a new entry like <trust-anchors>             <certificates src="@raw/myAPP"/> </trust-anchors> This means that they have embedded their own certificate in "\resources\res\raw" directory with "myAPP" name. which means that application will not accept any certificate (CA/system or User) from device, it will only use myAPP certificate which is embedded in APK. I have tried multiple attempts to bypass it however every time I manipulate the APK file and tri...

 Hi everyone as you are aware I update this blog when I get stuck in some situation and after multiple attempts if I bypass that situation I write a blog about it. So today we will be discussing multiple issues which I faced while bypassing SSL pinning in one Application. lets call it 1APP So 1APP is configured in a way that normal installing burpsuite certificate in Andriod was not working. Running the application with normal burp certificate it was giving error like "java.security.cert.certpathvalidatorexception" webhook etc. After decompiling the app using online tools or you can use APKTOOL. In "resources\res\xml" directory I checked for "network_security_config.xml" after reviewing the XML file it was clear application is only trusting those certificate which are installed in CA directory of Device. So it was cleared that we have to copy our certificate to Android CA directory. After alot of searching I came across an awesome article where he explaine...