Tuesday, December 30, 2014

WiFi Pineapple MK5 / SSLSplit v1.1 Cross-Site Scripting (Stored)

Vendor: Hak5
Website: http://www.hak5.com
Hardware: Wifi Pineapple MK5
Software: SSLSplit
Version: 1.1
Author: 1N3

I'm releasing this info purely for educational purposes. There appears to be a stored Cross-Site Scripting vulnerability in the SSLSplit v.1.1 infusion for the Pineapple MK5. This could be used by a rogue wifi user to invoke a Cross-Site Scripting vulnerability on the owner of the Pineapple wifi device when viewing the SSLSplit logs.

Reproduction Steps:
1. Attacker sets up a RogueAP using PineappleV with SSLSplit running
2. A Wifi user connects to the PinappleV RogueAP setup
3. Wifi user then creates an image on his webserver with meta tags embedded with the following string: "></script>">'><img src=x onerror=confirm(4)>
4. Wifi user opens a web browser and navigates to the affected image they just created
5. Attacker then tries to download his logs via the SSLSplit web UI (SSLSplit > History > Click "Download" for the affected log file)

Result:
Alert window message is displayed to attacker




Wednesday, December 3, 2014

CrowdShield Bug Bounty Disclosure Programs | #bugbounty

Leverage the crowd! 

Improve your cyber security! 

Our CrowdShield framework connects you to security experts globally to keep you one step ahead of malicious hackers. CrowdShield allows you to test your technology around the clock to measure and prioritize real world threats to your cyber security. 

Our community of researchers, also known as the crowd, is comprised of ethical hackers from around the world who responsibly disclose security bugs in our bounty programs. 

Cost effective and faster than standard security programs, CrowdShield provides the framework to easily manage your bounty program and rewards the crowd for their contributions. It's a win for everyone. 

Open an account to start creating your customized bounty program. Using the CrowdShield platform, you will be able to choose the scope and reward for your bounty. Researchers send submissions to your bounty program. You review and validate submissions to determine if the researcher should be rewarded. Use information from the crowd to patch bugs and make your technology safer than ever before, protecting sensitive data and your reputation.

Start your bug bounty program in seconds and start receiving feedback from ethical hackers around the world! 

http://crowdshield.com/signup.php