Symphony Fatal Database Error Disclosure - NOKIA

09:18 Posted by Ali Hassan Ghori ,

Here is Ali Hassan Ghori, Back after a long time.

As I have already back to my field so let me share with one of my Nokia finding. While I was finding a Bug in Nokia, I had discovered something Critical that is Symphony Fatal Database Error Disclosure in nokiaconnection.co.uk.

Steps To Reproduce:
1- Visit https://nokiaconnection.co.uk/sign-in/resend-password/ (For exploit In Mozilla Firefox Browser, install a Plugin Tamper Data or You need Burp Suite.)

2- Type single quote (') command in email field, its shows an error. right ? ( something like this 'Please enter a valid email address')

3-  Launch Tamper Data, Tamper the given page. change the email parameter value to  single quote (').

4-  Exploited !!!!
 
Symphony Fatal Database Error Disclosure - NOKIA
Symphony Fatal Database Error Disclosure - NOKIA


Video POC:

IBM Xssed

08:49 Posted by Ali Hassan Ghori ,
I felt Happy when I found Cross Site Scripting Vulnerability in one of the most biggest Company's Site IBM.It is my pleasure that I helped them as a White Hat Web Application Security Researcher.

About IBM
Inventions:
Computing Scale: Used to weigh and price things that any vendor can use.  This invention saved retailers a lot of money.
Universal Product Code: Even though barcodes were dreamed up and patented in the late 1940s and early 1950s, it wasn’t in use until lasers emerged years later that they could be digitally read.  This technology sped up checkouts and improved inventory-keeping.
Their inventions have helped ease the daily life of many people, such as managers, teachers, students, store owners, and many employees. IBM has many other inventions that have made our lives easier and should be greatly appreciated.

It is my Honor that I helped IBM.

btw, here is a Proof Of Concept of Cross Site Scripting Vulnerability in IBM:
 

Host:  https://www.research.ibm.com
PoC: https://www.research.ibm.com/cgi-bin/haifa/svt/public.pl?group=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E
Status: Fixed