During a recent penetration testing engagement at CyberAR, we uncovered a seemingly simple yet critically impactful vulnerability in a platform designed to sync WhatsApp with CRM systems. This platform allows teams to collaborate within workspaces, manage members, and work on projects together. The feature is central to the platform’s core business logic, making it an
Read More
While performing a pentesting engagement with CyberAR on a cloud solutions web application, I chained a vulnerability and a weird function to reach a critical impact. The website has some roles for managing project content, let’s say Admin, Team member, and Viewer. The really weird function is that an Admin can edit other admins’ email
Read More
While conducting web application testing, I focused on the email and password update sections, particularly the email update functionality. This feature is crucial as it contains a critical vulnerability that can lead to the overwriting of any user account. Description: A critical logic flaw in the account update functionality allows an attacker to overwrite any
Read More
Understanding 0-click account takeover (ATO) via Google Authentication is crucial for maintaining your online security. This type of attack allows hackers to gain access to your accounts without any action needed from you. They exploit vulnerabilities in the authentication process. Google Authentication is widely used for securing accounts. It adds an extra layer of security
Read More