YoKo Kho

Category: Bug Report

Collection of Bug Hunting Activity

From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration

A story about how I Finally could use an AD account that unenrolled to MFA, by using an EWS Misconfiguration to Access Email Inbox and (Having...

June 19, 2020

Intercept Server Responses Feature on Burpsuite

Bug Report / Web Apps / Write-Up

From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response

A story about how I got several simple bugs (1 P2, 1 P3, and 2 P4s) on a target (that just allow Specific Country Code to...

June 6, 2020

Bug Report / Web Apps / Write-Up

From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) at One of the Biggest ICT company in the...

February 19, 2020

Bug Report / Desktop Apps / Write-Up

5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)

CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggered from the SSID Name (It also affected AVG AntiVirus because basically the product codes were mostly...

October 29, 2019

Bug Report / Mobile Apps / Write-Up

CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)

The story of when you download a file that looks “legitimate”, but changes when you run the file. In the name of Allah, the Most Gracious,...

October 26, 2019

Bug Report / Web Apps / Write-Up

Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)

In the name of Allah, the Most Gracious, the Most Merciful. – Part I from (hopefully) IV Parts – Update I: Added a “Reference” Section. Update...

September 14, 2019

Bug Report / Desktop Apps / Random Things

Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired

In the name of Allah, the Most Gracious, the Most Merciful. Description: The expired subscription pop-up could be bypassed by opening the .pdf document at the...

January 2, 2019

Bug Report / Web Apps / Write-Up

IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] IDOR...

April 17, 2018

Bug Report / Web Apps / Write-Up

Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to other Photo Profile

In the name of Allah, the Most Gracious, the Most Merciful. Please kindly visit this simple paper directly to looking this release in simple:[English Version] Ribose — IDOR...

April 16, 2018

Bug Report / Mobile Apps / Write-Up in Bahasa

[Bahasa] Multiple Parameter Pollution Bugs at “Battle Camp” Game that could Leads to Several Illegal Action

In the name of Allah, the Most Gracious, the Most Merciful. Silahkan langsung mengunduh paper sederhana pada tautan berikut untuk dapat melihat tulisan ini lebih nyaman:...

April 10, 2018

Latest Tweets

Retweet on Twitter YoKo Kho Retweeted

Black Hills Information Security @BHinfoSecurity·

September 29, 2020

***NEW***
BHIS | Tester's Blog

Exploiting MFA Inconsistencies on Microsoft Services
by: @dafthack
Published: 9/29/2020

Learn more: https://www.blackhillsinfosec.com/exploiting-mfa-inconsistencies-on-microsoft-services/

Twitter 1310934952616353795

Retweet on Twitter YoKo Kho Retweeted

Tom Sellers @TomSellers·

September 29, 2020

Speaking of Exchange, we took another look at Exchange CVE-2020-0688 (any user -> SYSTEM on OWA).

It's STILL 61% unpatched.

This is dangerous as hell and there is a reliable Metasploit module for it.

See the UPDATED information on the ORIGINAL blog:
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/

Twitter 1310991824828407808

Retweet on Twitter YoKo Kho Retweeted

The Bug Bounty Hunter @tbbhunter·

September 29, 2020

Jailbreaking iOS without a Mac (1/4): The Plan

https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759

Twitter 1311033620254142464

Retweet on Twitter YoKo Kho Retweeted

The Bug Bounty Hunter @tbbhunter·

September 29, 2020

Dropbox Escalation of Privileges to SYSTEM on Windows

https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows/

Twitter 1310922791525416960

Retweet on Twitter YoKo Kho Retweeted

Zero Day Initiative@thezdi·

September 29, 2020

Two different RCE bugs in #IBM #WebSphere are detailed by @zebasquared in his latest blog. Read the root cause and see video demos of CVE-2020-4464 and -4448 at https://bit.ly/33eQK2S

Twitter 1310992105628721153

Category: Bug Report

From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration

From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response

From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World

5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)

CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)

Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)

Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired

IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks

Ribose – IDOR with Simple CSRF Bypass – Unrestricted Changes and Deletion to other Photo Profile

[Bahasa] Multiple Parameter Pollution Bugs at “Battle Camp” Game that could Leads to Several Illegal Action

Search

Recent Posts

Categories

Latest Tweets