Vulnerability- No limit of incorrect attempts

Summary

It is possible to brute-force recovery code from email on SFIT-ERP as it doesn’t have an incorrect input limit. I have tried 80+ different combinations until I reached the 6 code user received on email.

Severity — Medium

Steps to Reproduce:-
1. Click “Reset…

What is Buffer Overflow ?

Buffer overflow has been the most common form of a security vulnerability in the last ten years. Moreover, buffer overflow vulnerabilities dominate in the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host…

#1 — Breaking in the machine, getting a shell.

Scan Result:

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 1d:f3:53:f7:6d:5b:a1:d4:84:51:0d:dd:66:40:4d:90 (RSA)
| 256 26:7c:bd:33:8f:bf:09:ac:9e:e3:d3:0a:c3:34:bc:14 (ECDSA)
|_ 256 d5:fb:55:a0:fd:e8:e1:ab:9e:46:af:b8:71:90:00:26 (ED25519)
5001/tcp open http Gunicorn 19.7.1
|_http-server-header: gunicorn/19.7.1
|_http-title: Homepage
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

There is a link…

What is LDAP?

LDAP (Lightweight Directory Access Protocol) is an open and cross-platform protocol used for directory services authentication.

LDAP provides the communication language that applications use to communicate with other directory service servers. …

Setting up a Virtual Lab

We need to set up a virtual lab/Isolated system so that our acts won't affect our main system or may not harm our main system while we conduct any test as handling of some potentially dangerous malware may be needed at certain stages. To set…

How is it possible to hack cars wirelessly?

Its because vehicle manufactures are building the cars in such a way that makes their electrical system and computer networks as a mobile phone connected to the internet, which exposes a whole lot of possibilities to hack a car and allowing hackers…

Harsh Malhotra

A student interested in cyber security and making internet a more safer place :-)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store