Hi Abhiram.V Here
I am ABHIRAM V, a B.Tech Graduate who is into cyber security research,
I do bug bounty hunting, Capture The Flag as a hobby and passion, i am from Kerala, India. 🇮🇳
I am an Information security enthusiast and who loves to do research on the topics related to InfoSec and Pentesting. Iam a Bug Bounty Hunter, a CTF Player and a Content creator. I try and work to improvise my knowledge through reading various blogs, writeups and resources from several Hacker community and forums.
As a Security Enthusiast, my major includes Web Security and Network Security. Now i tend to explore Exploit development too.
As a Bug Bounty Hunter I like to secure renowned companies digital products on the Internet and Opensource products. It has just been few months since i start doing Bug bounty hunting but within this time, I have been acknowledged by organizations like Dell,Indeed,Upwork,Telekom etc.
As a CTF Player i love to work in Hackthebox and Im a GURU Rank holder in the same
as a part of this i did Pentester Lab Pro and earned considerable amount of badges from there.
As a Content Creator, I love to develop CTF for the public, share my knowledge, experiences and findings through blogs and several social media platforms. I love to travel as it provides me a peace of mind and by doing so i collect memmories by taking pictures of beautiful places and loved ones and even anything i find curious out there.
Top 20 in the world in Cyberwraith Challenge in Defcon
Volunteered for the Defcon 28 as a part of Red Team Village
Coordinated Asian region fo Cyber Jungle Virtual Summit
Persistent Cross-site Scripting in Cabot application
While I was searching for opensource software for finding bugs I found Cabot application. Cabot is a free, open-source, self-hosted infrastructure monitoring platform that provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios without their cost and complexity.It provides a web interface that allows you to monitor services and send telephone, sms or hipchat/email alerts to your on-duty team if those services start misbehaving or go down - all without writing a line of code. After installing it i used each functionality for few hours and came to know about how to use them
Then I tried a simple XSS payloads to ensure the security and suddenly got surprised with finding of a cross site scripting vulnerability i was curios because it storing my payload so i came to checks and again run that to confirm
Yeah I got it.. got a Critical stored Cross-site Scripting Vulnerability which is persistant and affects every users including admin users.
Affected component : New HTTP check Section
Attack vector :
Cabot application allows XSS in the dashboard via a category of creating New HTTP Checks.XSS triggers each time when we run the checks too, This can be found in the both administrative and user dashboards.
1. Download and Install Latest Cabot Application in a local server.
2. Go to the dashboard section then Navigate to New Checks Tab.
3. Create New HTTP Checks.
4. Append the input boxes of End point with XSS Payload.
5. Save the checks and run the checks.
6. We can see an XSS pop up if we click on run button.
we can trigger this xss on other users by just by adding a new services which notify in victim account
THANK YOU For Reading my blog post