what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Aseem Jakhar

Kankun Smart Socket / Mobile App Hardcoded AES Key

Posted Jun 8, 2015

Authored by Aseem Jakhar

The Kankun Smart Socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.

tags | exploit, local, udp, info disclosure

advisories | CVE-2015-4080

SHA-256 | 9225a407cd8c8dd1c678631cb1e646a383b42ee99ca1ea8aa1e039b735e9be08

Download | Favorite | View

Rediff.com Cross Site Scripting

Posted Apr 21, 2009

Authored by Aseem Jakhar | Site null.co.in

Multiple bits of search functionality in rediff.com suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 59d63836bd264f54d9d95ed8c77b0c5c2d42aa6cbf21b6126306234ea151c41c

Download | Favorite | View

Kosmix.com Cross Site Scripting

Posted Apr 17, 2009

Authored by Aseem Jakhar | Site null.co.in

Kosmix.com, the web search engine, suffers from a cross site scripting vulnerability.

tags | exploit, web, xss

SHA-256 | 8718783775cdb9e9ba414d910bb66769cf945a867d9e31c81ff4f99cc8e8a579

Download | Favorite | View

Idea Cellular SQL Injection

Posted Mar 25, 2009

Authored by Aseem Jakhar | Site null.co.in

Idea Cellular suffered from a SQL injection vulnerability.

tags | advisory, sql injection

SHA-256 | 58db50ea20a4e0d8945ec934cad0bb3336aad9c5172ea8e6a05907837d051921

Download | Favorite | View