Breaking Systems to Build Better Security
I discovered a vulnerability that leads to the leakage of the .env file, which contained database credentials and Office accounts.
Critical SQL injection in teachers portal allowing complete database access personal data, and administrative functions.
I discovered a misconfiguration in the company's Firebase setup that allowed me to access data of around 80,000 users.
An improper session expiration vulnerability that allowed bypassing 2FA and gaining full access to the account.
Authorization bypass during the SSH server linking process, where the server allows a user with read-only permissions to access this function and obtain an admin role from the server's response.
Leak of a Firebase key with admin privileges, which allowed me to create my own account and gain full access to everything in the Firebase project.
A critical Broken Access Control vulnerability on an API allowed unauthenticated attackers to leak sensitive multi-tenant data and internal infrastructure details, and subsequently modify customer job settings.
An authorization bypass was achieved by using HTTP verb tampering (POST instead of GET) to gain unauthenticated access to restricted internal documents and team information on a NASA directory.
A publicly exposed .svn metadata file on a NASA server leaked internal repository details and a committer's username, enabling unauthenticated access to sensitive project files.
Exposed AWS access keys hard-coded in the client-side source code permitted valid AWS API authentication against the internal cloud environment but limited access.
A server misconfiguration permitted the unauthenticated public download of an internal SQLite database, exposing the mobile application's complete database schema and aiding attacker reconnaissance.
Interaction between the company's server and my server over HTTP and DNS.
Interaction between the company's server and my server over HTTP and DNS.