Safetech Blog - Security Tips and Tricks

Monthly Archive: : August 2014



by Ionut Cernica

AT&T – Old version of JBoss and default credentials

I found an old JBoss console on one of the AT&T subdomains https://espcare.att.com/ There was an old version of JBoss web application, the application was vulnerable to authentication bypass, not to mention that I was able to authenticate with default username and password. Risk: I was able to deploy my desired application on the server…

Read More

614 total views, no views today


by Ionut Cernica

Parse.com security problem

This is a writeup for a security problem in parse.com website. Parse.com is an acquisition of facebook and every security problem on this website is eligible for a bounty in the facebook bugbounty program.   There was a problem with the download URL for important information about the applications you manage on your account. The…

Read More

653 total views, no views today