ScriptJacker  Blogs

Vulnerabilities Die Here

Services Contact
ScriptJacker

Latest Blog Post

hyperlink injection protection bypass

Deep dive in Hyperlink Injection Protection Bypass

The bug involved hyperlink injection where the domain validation logic was bypassed using a double period trick, origannly disovered by Parth Narula. The application checked if the trusted domain was present in the URL string, but failed to properly parse the actual hostname. As a result, the injected link looked safe but actually directed to the attacker’s domain. This could lead to phishing or malicious redirection.

Parth Narula
Parth Narula

Difficulty: Low

sensitive data exposure

Sensitive Data Exposure AKA Information Disclosure go through

Sensitive data exposure refers to the unauthorized access, disclosure, or transmission of confidential information, such as personal details, financial data, or intellectual property. It occurs when security measures fail to protect sensitive data, making it vulnerable to threats and potentially leading to data breaches and significant harm. This can happen due to various factors, including inadequate security measures, weak encryption, improper access controls, or human error.

Parth Narula
Parth Narula

Difficulty: Low

vulnerable and outdated components

Vulnerable and Outdated Componets Exploitation

Vulnerable and outdated components refer to software, libraries, or frameworks that are either no longer supported by their developers or have known security flaws. These components, often used as dependencies in applications, can be exploited by attackers to compromise the system or data.

Parth Narula
Parth Narula

Difficulty: Low


Topics

All

Web App

API

Business

Research

Tags

Let's Talk

Do you want to learn more about how I can help your company in your pentesting needs? Let us have a conversation.