]> http://www.ajaypal.com/taxonomy/term/18/0 en http://www.ajaypal.com/cyberix_auth_bypass.html <p>A mohali based company http://www.cyberix.in/ has an otherwise good Internet Management Software Product by the name Cyberix, is vulnerable to a very simple authentication bypass vulnerability (rather it is more of a software design issue).</p> <p>Cyberix IMS when authenticating a user using, the web login via a popup window, sends the MD5 hash of the users password in the GET request. As all URLs, along with the GET variables and their values, are saved in the browser's history, thus any user who has access to the system, used by a previous user, can simply check the browser history and click on the login URL to login as the other user, without providing any password. Defeating the purpose of an IMS where different users may have different access levels as promised by Cyberix IMS.</p> Bug Reports Security Mon, 19 Mar 2007 02:40:01 -0700 http://www.ajaypal.com/say_no_to_xss.html <p>These days I am having too much fun with <a href='http://en.wikipedia.org/wiki/Xss'>XSS</a>. It is no good <a href='http://www.ptu.ac.in/ptu_upload/ptuadmin/index.asp?err=%3Cscript%20%20src=http://ajaypal.com/holix.js%3E%3C/script%3E'>wishing happy holi</a> by manipulating other peoples websites, even though it is harmless. You never know when you will come across some crazy hippocrat who believes that its website has been defaced and then tries to grab the poor fun loving XSSer by neck.</p> <p><b >Note to Self</b><br /> Keep out of trouble and stop XSSing even if the other guy does not fix the website. Hey did I mention it is possible to move Lambi Assembly Constituency in Punjab to Haryana, now don't ask me how. A number of other funny permutations are also possible. Guess what am I talking about, or wait till <a href='http://www.cert-in.org.in/'>these people</a> say something...</p> Bug Reports Humor Security Sat, 03 Mar 2007 15:49:47 -0700 http://www.ajaypal.com/online_ticket_booking_is_fun.html <p>The fun of online ticket booking. No going to agents and listening to their non-sense, no asking questions, just sit in front of your dear computer fire the browser, select Destination, make payment using the Credit Card and lo and behold you have the tickets.</p> <p>Well not that simple, specially when you are using a computer based on <A href='http://www.gnu.org'>free software</a> (free as in freedom). I use GNU/ Linux, Mozilla Firefox, I dont trust Windows for online transactions [<a href='online_ticket_booking_is_fun.html#WHATIF'>*</a>].</p> Bug Reports Exposed Fri, 15 Sep 2006 10:52:43 -0700 http://www.ajaypal.com/ptu_xss.html <p>These days <a href='http://lists.grok.org.uk/full-disclosure-charter.html'>Full Disclosure mailing list</a> is being dominated by <a href='http://en.wikipedia.org/wiki/XSS'>XSS vulnerabilities</a>. It is time I should put up my contribution too, for an XSS vulnerability I have known for around 7-8 months.<br /> The site in question ptu.ac.in is of Punjab Technical University, Jalandhar. The URL http://ptujal.org used to refers to the same site.</p> Bug Reports Exposed Security Sun, 28 May 2006 22:01:51 -0700