Wednesday, February 19, 2020

Data Tampering Issue in Spot.im Application (Write Up)



Howdy!


Early in November last year I found a vulnerability on a comment plugin of Spot.IM which affects their customers that uses their service. The vulnerability allows attacker to tamper data of the comment that can end up into impersonating other users. It can allow attacker to change the Text, Display Name and the Star ratings for the comment. The vulnerability was reported to Spot.IM and was rejected as for their reason it was related to phishing.

--Proof of Concept--






--Report Timeline--

Reported: Tue, Nov 26, 2019, 6:16 PM
Closed (Final Response): Fri, Dec 6, 2019, 3:21 AM

Hi Evan,
You are only modifying your own account data and it does not interfere with the data of others.
You will be unable to set a username if the username is already taken. You will be able to modify your display name, however display names are different from usernames.
Currently there are no privacy or authentication issues caused by this.
Kind Regards,
Spot.IM  

I hope you enjoy this write up! stay tune for more contents like this in the future.

Have a great day,

Evan

"Push yourself, because no one else is going to do it for you."

Thursday, February 06, 2020

Popping Alerts in Mixmax Chrome Extension (Write Up)





Howdy!


Back in 2017, I reported this simple XSS vulnerability that affects Mixmax Chrome Extension. The vulnerability was due to a feature called insert link/URL. This vulnerability didn't trigger on other user since the payload was filtered after it was push to the victim so ends up into self-XSS but Mixmax issued a fix and rewarded me a Mixmax swag that until now didn't arrive. (I don't know why). This vulnerability was reported to Mixmax via Hackerone.


--Proof of Concept--



PS: Don't mind my inbox, nothing sensitive in there.

--Report Timeline--

Report Title: XSS in Mixmax Chrome Extension
Reported: 2017-10-31 13:00:48 +0000
Triaged: 2018-01-08 19:45:25 +0000
We'll fix, thanks!
Fixed: 2018-02-10 03:50:44 +0000
Reward: Mixmax Swag

I hope you enjoy this write up! stay tune for more contents like this in the future.

Have a great day,
Evan

“To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment.”
― Ralph Waldo Emerson

Monday, December 09, 2019

[Tutorial] Huawei Devices latest EMUI downgrade to bypass Google FRP

Howdy!

This article is a simple tutorial on how to bypass the Google FRP in the latest version of Huawei Devices EMUI. Most common problem that triggers this issue is forgotten Google Account password and forgotten lockscreen password of the device. Based on my research and experience, the latest EMUI of Huawei blocked the old method of the FRP bypass including the Talkback and etc... It is hard to bypass the Google FRP in the latest EMUI due to some harden security patch of it. The only thing to bypass it is to downgrade your latest firmware using some SD Card magic thru it.

I was doing a research on how to bypass this issue in the latest EMUI and the only thing that can make it possible is to downgrade the firmware.

So long story short, here's the steps on how I am able to bypass a Huawei Y9 Prime 2019 Google FRP.

--Things needed--

SD Card (Micro - 4gb up!)
Old Firmware

--Steps--

1. Download old firmware from the internet (In my test I was trying to bypass a Huawei Y9 Prime 2019. So I downloaded the July 2019 update of it)
PS: Just find the firmware on Google.
2. If you have an old SD Card, just backup your important files and reformat it
3. Make a folder and name it "dload" in your SD Card
4. Transfer your downloaded firmware to the dload folder in your SD Card
5. Put the SD Card in your Huawei Device (Make your device was turn off.)
6. Press and hold the Power and Volume Up (+) button of your Huawei Device and wait for the Huawei logo to appear on your screen before you release the power button and keep holding the volume up until the EMUI page will appear then wait for your device to finish the software/firmware update until it will shutdown itself.
7. Press and hold the Power and Volume Up (+) button of your Huawei Device and wait for the Huawei logo to appear on your screen before you release the power button and keep holding the volume up until the EMUI page again. In the EMUI page select "Wipe data/factory reset"
8. Type the word "yes" and select "Wipe data/factory reset" again
9. Select the "Wipe data/factory reset" again. (yes again)
10. After you finish resetting your device, select the "Safe mode" button and wait for your device to reboot
11. After your device finish rebooting for Safe mode, go to the Settings > System > Reset > Reset all settings or you can directly reboot your device again after the Safe mode and done. You can now use Huawei device again.

In my experience, I successfully bypass the Google FRP of the latest EMUI of a Huawei Y9 Prime 2019 device using this method.

Actual picture of the device after the successful bypass.

I hope this article helps you bypass your device.

Cheers and have a great day
Evan!