Security analysis of <portal> element

Portal is a fairly new HTML element that is currently supported only in Chrome Canary behind the #enable-portals flag. Their main objective is to enable seamless transitions to the web by pre-rendering content in an iframe-like element that can be then “promoted” (activated) to a top-level frame. In this article we focus of security analysis thereof.

Another XSS in Google Colaboratory

Three months ago I described XSS which I found in Google Colaboratory. Before you start reading this article, I recommend you go back to the previous one first, because I am going to develop the topic which started there. In a nutshell, however, what previously happened: I was looking for XSS in Google Colaboratory (an …

Single Code Line CCTV Camera Takeover – One Can Record Audio/Video/Have Access to Recordings

I have already presented this subject twice, but there was no information on the topic until now. The Ganzsecurity ZN-DNT352XE-MIR camera is worth about 5000 PLN. Securitum provides solutions to organisations such as NY Police, FBI, Spawar Command (NAVY), or prisons. The camera can also be found also as CCTV. All information presented in this …

Description of CVE-2018-0296 error – bypassing authorization in Cisco ASA web interface.

In this text we describe CVE-2018-0296 error concerning Cisco ASA devices, publicized 6th of June by Cisco. Officially, vulnerability was classified as Denial Of Service, although our report concerned a different type of error. More details below. A word of introduction:Cisco ASA device (Adaptive Security Appliance) is very popular and is often a part of …

BetterZip – from XSS to any code execution

XSS (Cross-Site Scripting) is one of the most popular vulnerabilities in the world of web applications. On the OWASP TOP 10 list it has been ranked first in terms of popularity for many years. Until now, XSS has usually been identified only in the world of browsers. However, due to the fact that HTML and …

How to take over the CCTV camera

This time, we take a look at the camera Ganz Security – model ZN-M2F (price is about $650). We were able to get root privileges without authentication. Ganz Security? This is a company known in the West: The Ganz brand is currently used by more than 100,000 businesses and research and development institutions in the …

Security problems of Apache Cordova – steal the entire contents of the phone’s memory card with one XSS

There are many different technologies available on the mobile market that allow you to create applications. One of them – Apache Cordova – allows you to write applications in JavaScript and HTML. Applications created in this way are easy to distribute, and their operation does not differ from native applications written in Java or C. …