Sensitive Data Exposure over *.unesco.org, thanks to OptionsBleed for low-hanging fruit

Date reported — 02–07–2019 # Vulnerable Software — Apache # CVE: CVE-2017–9798 / USN-3425–1 “OptionsBleed” # Type — P1:Sensitive Data Exposure + P5:Fingerprinting/Banner Grabbing # Domain Affected — *.unesco.org # Tested — https://en.unesco.org (193.242.192.49) Options Bleed is a use after free error in Apache HTTP that causes a corrupted Allow header…

By Piyush Raj

Address bar spoofing in Firefox Lite for Android ...and the idiocy that followed

Date reported — 2019-08-29 Firefox Lite 1.9.2 for Android and earlier suffer from exhaustive Address Bar Spoofing, allowing attackers to potentially trick a victim into visiting a malicious domain for legitimate domain name. Firefox Lite is almost installed on more than 10M devices. URL Address Bar spoofing…

By Piyush Raj

Aroma of the Songs A.K.A. Project A.O.S. In The Making

Brief HistoryThis story is about how I developed the project and what I learnt in the process of doing so. I love music and frankly, who doesn't. From my childhood days, I have this innate tendency of tinkering things for example, from sending songs wirelessly using…

By Piyush Raj

How I Hacked My College's Online Exam Portal During COVID-19 Quarantine Period

Back StoryCOVID-19. Quarantined. How to take tests? Voila. Online. Okay, but how? Tadaa. We were sent an email regarding a new platform which was indigenously built just for us, the students for carrying out the quizzes. Soon enough, I was bombarded to do something about that. I…

By Piyush Raj

Reflecting Back: 15 Y/O Kid Working At Dominos During Summers

For everyone, internships are short jobs to earn, learn and gain – skills and stuffs, but for me it was way different because, I was just 15 years old at the time, living in India, trying to land an internship. It was driven by my curiosity and desire to get some experience for…

By Piyush Raj