Capture The Coin Write-up

Result ‌ My team: Kubertu stayed at top #6‌ My personal work stayed at top #10 ‌Read more: https://enderspub.kubertu.com/capture-the-coin-writeup ‌ enderphanLove doing security research, pen-testing in web/mobile, blockchain security, smart contract security…

CVE-2019-11384

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11384 Author: Ender Phan Description: The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user

CVE-2019-11383

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11383 Author: Ender Phan Description: An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml Exploit # Exploit