Summary: LinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without their approval. We were able to achieve this by playing around with some HTTP request parameters. Technical Details Vulnerability A Read More…
Understanding PCI DSS and PA DSS is crucial to the role of a penetration tester. Quoting the relevant PCI-DSS or PA-DSS control reference for your findings would help demonstrate the proper risk arising from common security findings such as support of older SSL versions, weak encryption when storing cardholder data, lack of proper logs from the application, and of course the entire gamut of web application security bugs. PCI DSS for Penetration Testing from Network Read More…
From the year 2012-2025 ICAO(International civil aviation organization) have decided to transform the present aviation environment by introducing new technology which will revolutionize present aviation industry. According to ICAO, the technology responsible to do so is named NextGen (Next Generation Air Transportation System), which is developed by the United States and will be mandatory throughout the US by 2025. Said that they also confirmed that the platform which is used for this is too Read More…
Many times we receive SMS’s on our cell phones displaying messages like the one shown below: Typically a phone number to call or a website link is given which asks the user to provide his/her personal identifiable information – bank account number, PIN, or credit card number – to claim the prize money. When an innocent user provides such information, unauthorized transactions are made from user’s talk time or bank account on user’s behalf. What Read More…
Below are the steps of how to fix the banner (version information) in IIS 7.5 Install the latest version of URLScan 3.1 (http://learn.iis.net/page.aspx/726/urlscan-overview/). Select the correct version as per your OS (64-bit or 32-bit) The reference article to setup URLScan is http://learn.iis.net/page.aspx/475/urlscan-setup/ Enable ‘ISAPI Filters’ for your webserver. This is necessary for URLScan to be able to modify the sever parameters Open the IIS Manger (inetmgr) module. We select our ‘website’ from the left Read More…