SmashTheTux – Chapter 0x00 – Basic Buffer Overflow & Ret2libc

SmasTheTux is Vulnerable VM hosted by VulnHub and created by CanYouPwnMe

Disclaimer

This is for educational purpose and I will try to explain this tutorial with beginner-friendly explanation as I can.

SmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation. This VM consists of 9 challenges, each introducing a different type of vulnerability. SmashTheTux covers basic exploitation of the following weaknesses:

  • Stack Overflow Vulnerability
  • Off-by-One Vulnerability
  • Integer Overflow
  • Format String Vulnerability
  • Race Conditions
  • File Access Weaknesses
  • Heap Overflow Vulnerability
Read more “SmashTheTux – Chapter 0x00 – Basic Buffer Overflow & Ret2libc”

Leaking Sensitive User Data via IDOR in Tokopedia Endpoint

After a long hiatus with busy activities in RL, I decided to write again in this blog about my experience with Bug Bounty from Tokopedia. While testing Tokopedia program, I find an IDOR vulnerability in one of the endpoints that lets me leaking user sensitive information include name, phone number, address and etc. Tokopedia has allowed me to share this finding but with redacted sensitive information.

Read more “Leaking Sensitive User Data via IDOR in Tokopedia Endpoint”