Description During a pentesting engagement at CyberAR, I discovered an open redirect vulnerability on the login page that I was able to escalate to an account takeover. In this write-up, I’ll explain how I achieved this. Exploit Begins – OpenRedirect to Account Takeover While exploring the website, I noticed a redirect parameter on the login
Read More
In today’s digital age, secure user authentication is paramount to protect sensitive information and maintain user trust. However, during a recent web application penetration test, I uncovered a critical security flaw in the OTP (One-Time Password) verification process of a popular web application. This vulnerability allows attackers to bypass OTP verification, potentially leading to unauthorized
Read More
Overview: During a penetration testing engagement with CyberAr, I focused on examining the security of a cloud service’s advanced features. I discovered a Server-Side Request Forgery (SSRF) vulnerability that allowed me to expose and access AWS credentials, leading to significant security risks. What was the feature? The application provides an advanced automation feature aimed at
Read More
During a recent penetration testing engagement at CyberAR, we uncovered a seemingly simple yet critically impactful vulnerability in a platform designed to sync WhatsApp with CRM systems. This platform allows teams to collaborate within workspaces, manage members, and work on projects together. The feature is central to the platform’s core business logic, making it an
Read More