So, I recently installed the ‘upGrad’ iOS App & navigated through searching for some good courses, etc.
Honestly,
there weren’t too many courses but the existing ones had good quality & were from Universities over the world.
So, I recently installed the ‘upGrad’ iOS App & navigated through searching for some good courses, etc.
Honestly,
there weren’t too many courses but the existing ones had good quality & were from Universities over the world.
I still haven’t been able to write a proper blog post about my Smart India Hackathon (SIH) experience.
But yeah, we finally won.
Then after more than a month, we all received an email from AICTE saying that our SIH Certificates were ready!
But, I ain’t writing this post just to show off my achievement!
After downloading the certificate, I crawled through the site in & out and managed to find few vulnerabilities. This post only contains info. about the major one.
Time: 5 min approx.
Severity of vulnerability: High
Technique: SQL Injection (Noob level)
The certificate server had receiving endpoints in “?id=” format & then this happened –
As you can see,
I’m inside their database and have complete access to the information.
I saved all the data from all the ‘tables’ in that DB to a csv file to observe more (can’t show user info. here) & found all the details of the participants, winners, which team won, which participated, mentor details, evaluator details, etc.
Given few more hours,
I could simply alter the winning and participating teams, their winning status, change mentors, evaluators. Basically, I could create a havoc in their system but rather chose to report the vulnerability.
Final Thoughts:
They already took more than a month to build a certificate distribution server, could’ve taken a few more weeks to make it a lil bit more secure.
Getting errors or crashes right after updating dependencies and pushing the update to production can be very frustrating!
(more…)Recently, while migrating one of my App ‘InSaver!’ from Java to Kotlin, I stumbled upon a strange, like very strange issue.
I had a SettingsActivity and a SettingsFragment nested in the same Activity which extended PreferenceFragmentCompat.
(more…)If you’ve ever used VirusTotal to scan your Android apps, at some point you would’ve seen an irritating result with ‘Babable’ Antivirus marking your App as unsafe with “PUP.HighConfidence”.
(more…)