Image for post
Image for post

OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites. [Wikipedia]

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. …


Image for post
Image for post

I was surfing in one of the famous online transportation applications and its PWA service. After a while I noticed a Critical vulnerability in Payment Gateway Module. So Let me explain the scenario.

At the first step, You should enter your mobile number and then it sends an OTP to verify your mobile. Next, I try to increase my account balance and I select 10,000 amounts and click on payment button. The first request is as following:


Image for post
Image for post

In one of the RedTeam projects, I was looking to use BloodHoundAD Script. BloodHound is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment. …

About

Aidin Naserifard

Bug Hunter, Penetration Tester, Red Teamer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store