Thursday, December 31, 2015

Restore accidentally removed Cydia in iOS 7 (Tutorial)

Hello Everyone,

Today I will show you how I restored my Cydia App in my iPhone 4s iOS 7.1.2.

Around 2 AM of December 31, 2015, I was about to install an app from Cydia but unexpectedly removed my Cydia App and got freaked out because it. So I roll over the internet to find a solution on my problem but I found nothing, All tutorials from the internet are all the same but I found a way to restore my Cydia App.

--Follow the steps below--



.deb File:

Step1. Download Tongbu

Step2. Install the Tongbu Application on your PC

Step3. Open Tongbu then connect your iOS device on your PC

Step4. After you connect your iOS device you will see your iOS Device details in Tongbu


Step5. Click "Jailbreak Now" button and wait till it finish installing.

Step6. Download the .deb File now

Step7. In the Tongbu, click File System then click "Cydia Install" then drag the .deb into Cydia Install in Tongbu


Step8. In your iOS device, open iFile then navigate to "var/root/Media/Cydia/AutoInstall" then tap the .deb file your imported then tap installer and wait until it will finish installing.

After you install the .deb file, you will see an error result but just ignore it, restart your device then your will see the Cydia App again.

Thanks for reading.

Evan - [email protected]

Thursday, December 24, 2015

Abusing Facebook's Mailing Service - Broken Authentication or Feature?(Write Up)


In this article I will share to you my finding about creating a two different accounts in one email address in a vulnerable website.

I found this issue because of my research on Facebook mailing procedure. Last month, I was about to present this issue on TCON2 (Hack The North PH) Conference but I missed the whole event because of emergency reason.

So below is the mapping documentation of the issue.

So I hope you understand, enjoy and learn something new on this article.

Merry Christmas Everyone :)



You can download the Mapping Documentation here: Abusing Facebook Mailing Service - Broken Authentication or Not?

Please don't forget to leave a comment and share this article to everyone.

It is not how much we have, but how much we enjoy, that makes happiness.
~Charles Spurgeon

Local File XSS Vulnerability in (Write Up)

Friday, December 18, 2015 around 3 AM midnight. I was about to write a blog post for my Year in Review 2015 and because of that, I found a Local File XSS Vulnerability. I called this as "Local File XSS" because the XSS came from the localhost.

3 AM of December 18, 2015 while writing a blog post, I found a HTML file in my desktop. I opened the file on sublime and found out that it was encoded with XSS Payload then opened it on my browser. I accidentally drag the broken images cause by XSS payload to the Wordpress editor box and luckily found a Cross Site Scripting.

Proof of Concept

Local File XSS Vulnerability in
Local File XSS Vulnerability in


Reported: 2015-12-17 05:19:12 +0800

Status: Duplicate

I hope you enjoy this article.

Happy Holidays,

Evan - [email protected]

Please don't forget to leave a comment or share this article.

Have patience. All things are difficult before they become easy.


Monday, December 21, 2015

Arbitary File Upload Vulnerability in Google Nest (Write Up)

In this article I will show you how I found a Arbitary File Upload Vulnerability in Google owned Nest which allows me to access Nest sensitive customer datas like Credit Card Information, Emails and Passwords and etc… The vulnerability can also cause a Stored XSS by uploading a malicious file with a Cross Site Scripting payload encoded.

So here’s a video demonstration of the issue.


Reported: Tue, Sep 2, 2014 at 10:07 PM

Triaged: Tue, Sep 2, 2014 at 11:25 PM

Confirmation: Thu, Sep 11, 2014 at 6:30 AM

Fixed: Fri, Sep 19, 2014 at 3:53 AM

Shell Uploaded on Google Nest
Shell uploaded on Nest

I hope you enjoy reading this article.


Failure will never overtake me if my determination to succeed is strong enough.
~Og Mandino