Safetech Blog - Security Tips and Tricks

Penetration Testing Archive



by Ionut Cernica

AT&T – Old version of JBoss and default credentials

I found an old JBoss console on one of the AT&T subdomains https://espcare.att.com/ There was an old version of JBoss web application, the application was vulnerable to authentication bypass, not to mention that I was able to authenticate with default username and password. Risk: I was able to deploy my desired application on the server…

Read More

615 total views, 1 views today


by Ionut Cernica

Parse.com security problem

This is a writeup for a security problem in parse.com website. Parse.com is an acquisition of facebook and every security problem on this website is eligible for a bounty in the facebook bugbounty program.   There was a problem with the download URL for important information about the applications you manage on your account. The…

Read More

654 total views, 1 views today


by Ionut Cernica

eBay Authentication Bypass

On 18 January 2014 I reported to eBay a security problem about an authentication bypass on one of their websites -> community.ebay.co.jp. To login to community.ebay.co.jp, I was first sent to the eBay website, where you must complete a form with your ebay username and password, after that you are redirected to community.ebay.co. jp with…

Read More

1,397 total views, 1 views today