Rody Shahnazarian (Komradz86)

Pinned

Weird (im)possible XSS on error page
Hello all,
This is my first write up.
I am not usually a person who does write ups, but wanted to start sharing some with everyone.
I was working on a private program, which I am not allowed to mention the name lets say test.com.
The error page was disabled on this website and it was kind of integrated in the website itself with a background and all even when trying to add something malicious it redirects you to another page. In test.com/test I was able to get an error ( Reflection Exception) which surprised me. I started searching for…

Read more · 3 min read

Dec 3, 2020

Leaking Credit card Activity in logs? Yes Sir!
Hello again,
This is the easiest bug you can find while testing an android application. When you report it, you’re gonna be the problem for the developers because this bug must not happen.
<img alt="Image for post" class="ey es eo fx v" src="https://miro.medium.com/max/948/1*wyPda9M_VjNk32KQsvPLvg.jpeg" width="474" height="769" srcSet="https://miro.medium.com/max/552/1*wyPda9M_VjNk32KQsvPLvg.jpeg 276w, https://miro.medium.com/max/948/1*wyPda9M_VjNk32KQsvPLvg.jpeg 474w" sizes="474px"/>
That's not how my invitation looked likeI was invited to a private program, and I saw that they have an Android application so I decided to test on it.
I used Genymotion to install the App and used it with burp suite.
I started understanding what this app does and how it works. The app is used to send an receive money at the same…

Rody Shahnazarian (Komradz86)

Armenian Lebanese Living in Germany, Hacker, Gamer and a Father up for challenges.

About

Help

Legal

Get the Medium app