Client side validation Client side validation is a common weakness found during penetration tests and security audits performed by Randorisec. Because client side is by definition… on the user side, it can be altered by the user and sometimes it can be done quite easily. Netflix Parental Control PIN A […]

Client side validation strikes again: PIN code bypass !

Abstract A few weeks ago we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” and found a RCE affecting version and prior versions of E2 series IP cameras. In fact it is the third time we find a a […]

[s03e01] RCE on Geutebruck IP Cameras

As Google defines it « Google Play Billing is a service that lets you sell digital content from inside an Android app, or in-app. » It can be used to sell one-time products like additional game levels, premium loot boxes, media files or subscriptions like online magazines or music streaming services. But what […]

Get Freebies by Abusing the Android InApp Billing API