Portfolio
Recent Work
Clockify is a popular time tracker and timesheet app for teams of all sizes.
The team was missing a major logical vulnerability in the team management functionality, and a significant path traversal bug in user account handling.
I analyzed the API requests and spotted two critical security issues:
User account takeover issue affecting 2+ million users. Exploiting path traversal bug was the entry point to this issue.
Any low privileged user could have been an admin of his team’s workspace through exploiting a logical issue presented in the team management functionality. This affected 150k+ teams.
Then I assisted the software engineers to study these bugs by presenting a step-by-step explanation video and a detailed security report of the vulnerabilities.
Highlights
-
Helped them grow the main API security by 200%.
-
Found 1 critical account takeover vulnerability that enabled hacking 2+ Million user accounts.
-
Uncovered 2 API security issues affecting the user verification process.
-
Located 1 workspace takeover vulnerability affecting 150k+ teams in Clockify application.
-
Helped the team to study the security vulnerability by preparing a detailed security report.
-
Published a technical write-up about one security finding that led to 5.7k views.
-
The Clockify team partially disclosed the report on their website.
Clio is a top legal software for clients, cases, billing, and more.
I went through all the features of the web application. There was 2-factor authentication in place for user accounts as extra protection. Another feature was changing the emails of the clients of a legal firm.
I found a neat trick to break the access control policy on email changing functionality. This resulted in hacking 150k+ legal professional accounts and their client accounts. It also bypassed the 2-factor authentication of user accounts.
I got a special appreciation from the security team for finding the best security issue on the Clio platform.
Highlights
-
Secured 150k+ lawyers’ accounts from cyber-attacks.
-
Identified an account takeover vulnerability.
-
Got a special acknowledgment from the team for discovering the best critical finding in Clio API.
-
Built a comprehensive security report for a serious security vulnerability in their API
Nozbe is a productivity app that helps you get organized anytime with projects, tasks, and comments.
They were missing a huge SSRF vulnerability in the platform. I noticed a report generation feature in the app.
There was HTML code going through the API request, and it got converted to a pdf report. I changed the HTML code to trick the API into generating reports with the internal AWS instance files.
The CTO was really happy with the findings and the report. They fixed the security issue very quickly.
Highlights
- Protected over 100,000 productivity nerds from data leakage
- Found 3 security issues in total, out of which 2 were critical impact loopholes.
- Discovered a Server-side request forgery(SSRF) vulnerability
- Published a technical write-up about the SSRF finding.
- Assisted the CTO to reproduce the vulnerabilities
- Generated a security report and a video presentation for the SSRF issue.