Google Open URL Redirection Vulnerability which does the Social Engineering part too.

Twitter: @teh_h3ck Email: vag[d0t]mourikis[@]gmail.com Open URL Redirection definition, quoted by OWASP: "An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious…

[Facebook | Aol] Internal ip disclosure that really hurts.

There are a lot of factors who can disclose an internal ip address. All of these factors are groupped in the lowsest vulnerability risk category because they do not expose an organisation at imminent risk. Also, there are a lot of ways that a penetration tester can find an internal…

Facebook open-redirect vulnerability that does the social engineering job too.

Twitter: @teh_h3ck Email: vag[d0t]mourikis[@]gmail.com Update: Hours after the initial post, facebook patched the vulnerability. It seems that the impact is higher than expected? Prologue Open redirects are security bugs that can easilly be exploited. From OWASP: An open redirect is an application that takes a…

[CVE-2015-6668] CV filename disclosure on Job-Manager WP plugin

Title: CV filename disclosure on Job-Manager WP plugin Date: 08/25/2015 CVE-ID: 2015-6668 Author: Evangelos Mourikis Blog URL: https://vagmour.eu Twitter: @teh_h3ck Versions: <= 0.7.25 Plugin URLs: 1. http://www.wp-jobmanager.com 2 .https://wordpress.org/plugins/job-manager/ Description: It is possible to enumerate the…

Sokar hacking challenge

Sokar Vulnhub Competition Author: teh3ck Twitter: https://twitter.com/teh_h3ck Email: teh3ck[@]gmail[d0t]com Sokar_pwner: sokarpwner.py Sokar is the first Vulnhub competition in 2015 by Rasta Mouse. As usual, you have to reach the flag of the boot2root machine. Link for the Sokar Virtual Machine: https…

Bsides Manchester UK 2014 CTF

Evangelos Mourikis Email:vag.mourikis()gmail[dot]com Bsides Manchester 2014 CTF (Hardened Version) 25/01/2015 Challenge link: http://c002.xref.info/ Sql enumeration Firstly, i put an ' to the search field and i clicked search. This is what i got as result: Error in query : [SELECT * FROM…