-
Put.io API design issues - I can haz your files
August 10, 2015
Put.io is a great torrent cloud storage service that allows to almost instantly stream videos you download from a Torrent. Their API is pretty powerful, and allows easy integration in software, browser extensions and plugins for multimedia appliances. I was reading its documentation and unfortunately quickly found out that the design was open to sensitive data exfiltration by just making an unsuspecting logged-in user visit a malicious web page. …
-
Abusing JSONP with Rosetta Flash
July 8, 2014
In this blog post I present Rosetta Flash, a tool for converting any SWF file to one composed of only alphanumeric characters in order to abuse JSONP endpoints, making a victim perform arbitrary requests to the domain with the vulnerable endpoint and exfiltrate potentially sensitive data, not limited to JSONP responses, to an attacker-controlled site. This is a XSRF bypassing Same Origin Policy. …
-
XSRF and Cookie manipulation on google.com
September 15, 2013
Here I present a (reported and fixed) XSRF and Cookie manipulation vulnerability I discovered in google.com, requiring no user interaction. It was possible to set arbitrary cookies and tamper with existing ones. …
