Thursday, 2 February 2017

PlayTime - Get More Information A Cyber Game

PlayTime Its playtime to get more information a cyber play time! Playstimes will give a time to quickly learn the fundamental of information security. As it stand on internet as security thread to find those thread playtime will help you to secure your product or privacy from unauthentic access. Just see one of the...

Friday, 30 December 2016

Google Dork

A way to find thing more specific in Google search engine. Also a vulnerability detection method to those who have vulnerable  resources in there systems and web applications. Most of google dork are used to find those vulnerabilities for security and unauthorized resources. I will include both topics to use google dork...

Wednesday, 21 December 2016

CVE Reports A Vulnerability Detection

CVE reports is publicly identified types of vulnerability found in systems and internet. These vulnerability found in system are categorized in different different topics, these topics have lots of method to found in one of many systems, software and web applications. This method is what can be identified uniquely. CVE...

Sunday, 18 December 2016

Exploit Offencive Security

Exploit! What do you think about exploit? Exploit a term of direct use of resource! A thread of program to have direct benefit of resource. In offense of security of a program or software which have a dynamic or uncontrollable flaw can be exploit, which give a term of resource access by unidentified program. Exploit...

Tuesday, 14 June 2016

SSRF and User IP Address Grabbing Vulnerability in ESEA [Web]

Greetings Reader, Here I come up with another interesting article / blog post about the vulnerability that I found on ESEA (https://play.esea.net) almost a month before. Where a web app functionality causing two critical vulnerabilities SSRF (Server Site Request Forgery) and other one that can allow attacker to grab...

Tuesday, 5 May 2015

Unpatched Facebook User-Agent Cross Site Scirpting Vulnerability [Web]

Greetings readers, I found a one of critical bug on investor[dot]fb[dot]com, However the risk severity is medium and hard to exploit remotely but still it is a security bug. Yes!! I'm talking about user-agent header cross site scripting vulnerability on one of subdomain of fb.com. As a information security researcher...

Wednesday, 29 April 2015

AIMP v3.60.1470 - Denial of Service [Crash]

  # Exploit Title: [AIMP v3.60.1470 - Denial of Service] # Date: [23/01/2015] # Exploit Author: [Kapil Soni (Haxinos)] # Twitter: @Haxinos # Vendor Homepage: [http://www.aimp.ru/] # Software Link: [https://drive.google.com/file/d/0B0hkLvGZtoWUcGl5R21LQTZYaHM/view?usp=sharing] # Version: [AIMP 3.60.1470] # Tested on:...

Crystal Player 1.99 - Memory Corruption Vulnerability [Local]

# Exploit Title: [Crystal Player 1.99 - Memory Corruption Vulnerability] # Date: [21/01/2015] # Exploit Author: [Kapil Soni] # Twitter: [@Haxinos] # Vendor Homepage: [http://www.crystalplayer.com] # Software Link: [download link if available] # Version: [Crystal Player v1.99] # Tested on: [Windows XP SP2] ''' Affected...