Got rewarded by Buffer for my XSS issues 🙂
https://pbs.twimg.com/media/Bq9QYOiCUAArSjh.jpg
https://pbs.twimg.com/media/Bq9QgJwCQAE-Ram.jpg
Latest Blog Posts
Blue Ivy Logger
Blue Ivy Logger is a powerful keylogger for Windows environments. You have a variety of options to generate your customized logger. Author takes no responsibility for any kind of damage you cause.
This is developed for educational and research purposes only. Use this at your own risk.
Download:
https://github.com/OsandaMalith/BlueIvy
Blue Ivy Logger by Osanda Malith Jayathissa is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at http://osandamalith.wordpress.com.
Share this:
shutdown -h now Shellcode
This another small shellcode I’ve written for both linux x86 and x86_64 architectures. Let’s have a look at the Linux programmers manual about how execve() takes arguments.
[code language=”C”]
#include <unistd.h>
int execve(const char *filename, char *const argv[],
char *const envp[]);
[/code]
Share this:
Chmod 0777 Polymorphic Shellcode
This is my first hand written shellcode for linux which I wrote it for fun and exploration. I am a bit new to shellcoding in *nix environments. This shellcode changes the permission of the shadow file in linux/x86 system to 0777. According to the Linux programmer’s manual of chmod it takes two arguments.
[code language=”c”]
#include <sys/stat.h>
int chmod(const char *path, mode_t mode);
[/code] (more…)
Share this:
Rewarded by VMware
For reporting a security issues related to their web application I got rewarded with a license key for VMware 10 and a nice cap.
Share this:
ZTE WXV10 W300 Multiple Vulnerabilities
Default Password Being Used (CVE-2014-4018)
In ZTE routers the username is a constant which is “admin” and the password by default is “admin”
ROM-0 Backup File Disclosure (CVE-2014-4019)
There is a rom-0 backup file contains sensitive information such as the passwords. There is a disclosure in which anyone can download that file without any authentication by a simple GET request.
http://192.168.1.1/rom-0 (more…)
Share this:
ZTE and TP-Link RomPager DoS
Introduction
I think by now you know the security issues disclosed related to TP-Link routers. I’ve noticed that some ZTE and TP-Link routers have the same ADSL firmware which is “FwVer:3.11.2.175_TC3086 HwVer:T14.F7_5.0”. I was curious to test the web application and I found out that the embedded server which is “RomPager” cannot handle fairly large POST requests.
Tested Routers:
- ZTE ZXV10 W300
Share this:
Rewarded by Rapid7
Found one POST XSS issue and I got rewarded by Rapid7 ?
Thank you very much guys! Really love this 🙂 (more…)
Share this:
Rewarded by Sony
For reporting many web app sec issue I got mentioned in their hall of fame. So they also sent me a small t-shirt 😉
