Safetech Blog - Security Tips and Tricks

Penetration Testing Archive



by Ionut Cernica

AT&T – Old version of JBoss and default credentials

I found an old JBoss console on one of the AT&T subdomains https://espcare.att.com/ There was an old version of JBoss web application, the application was vulnerable to authentication bypass, not to mention that I was able to authenticate with default username and password. Risk: I was able to deploy my desired application on the server…

Read More

651 total views, no views today


by Ionut Cernica

Parse.com security problem

This is a writeup for a security problem in parse.com website. Parse.com is an acquisition of facebook and every security problem on this website is eligible for a bounty in the facebook bugbounty program.   There was a problem with the download URL for important information about the applications you manage on your account. The…

Read More

699 total views, no views today


by Ionut Cernica

eBay Authentication Bypass

On 18 January 2014 I reported to eBay a security problem about an authentication bypass on one of their websites -> community.ebay.co.jp. To login to community.ebay.co.jp, I was first sent to the eBay website, where you must complete a form with your ebay username and password, after that you are redirected to community.ebay.co. jp with…

Read More

1,496 total views, 2 views today