all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

RCE on Application’s Tracking Admin Panel

Add to bookmarks
Oct. 1, 2023, 6:30 p.m. | Nithissh

InfoSec Write-ups - Medium infosecwriteups.com

In this blog post, we’ll explore some intriguing scenarios where the add extension functionality in a particular subdomain can be exploited to enable a Remote Code Execution vulnerability. The application in question is a tracking system that can monitor study hours, walking distance, and, if using the Android version, application usage levels. By delving into the specifics of this potential vulnerability and its potential impact, we hope to provide valuable insights for both developers and security professionals.

Vulnerability in Tracking …

admin android application blog blog post bug bounty bugbounty-writeup code code execution cybersecurity enable exploited extension monitor panel question rce remote code remote code execution study subdomain system tracking version vulnerability

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

AWS S3 Bucket Misconfiguration Exposes PII and Documents of Job Seekers 5 days, 21 hours ago | infosecwriteups.com
bug bounty cloud cybersecurity india +1
Honeypots 101: A Beginner’s Guide to Honeypots 6 days, 21 hours ago | infosecwriteups.com
art attacker attackers attacks +19
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI 1 week ago | infosecwriteups.com
ai anti-malware can companies +29
The Diamond Model: Simple Intelligence-Driven Intrusion Analysis 1 week ago | infosecwriteups.com
analysis continue cyber cybersecurity +18
Analysis of Competing Hypotheses: How to Find Plausible Answers 1 week ago | infosecwriteups.com
analysis continue cybersecurity discover +10
Devvortex Hackthebox Walkthrough 1 week ago | infosecwriteups.com
cybersecurity htb htb-walkthrough htb-writeup +1
Port Scanning for Bug Bounties 1 week ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
How I Accidentally Discovered an Insecure Direct Object Reference (IDOR) Vulnerability on Coursera 1 week ago | infosecwriteups.com
article certificate coursera cybersecurity +15
TryHackMe - Mr. Robot CTF 1 week ago | infosecwriteups.com
ctf linux security tryhackme

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Red Team Operator

@ JPMorgan Chase & Co. | LONDON, United Kingdom
View on infosec-jobs.com

SOC Analyst

@ Resillion | Bengaluru, India
View on infosec-jobs.com

Director of Cyber Security

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Jr. Security Incident Response Analyst

@ Kaseya | Miami, Florida, United States
View on infosec-jobs.com

Infrastructure Vulnerability Consultant - (Cloud Security , CSPM)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Product Security Lead

@ Lely | Maassluis, Netherlands
View on infosec-jobs.com
View more jobs