Last year, I found a bug on Keepr Storage’s Android app. It has the same bug as of Globe Telecom’s where the API endpoint was not using secure HTTP. As a result, I can see my data in plaintext over Wi-Fi. Using Wireshark But as of version v1.3.6 of their app, this bug has beenContinue reading “Keepr Storage Bug”
I found a simple vulnerability of GoManila, the app from Manila’s Office of the Mayor. The app is using Firebase for the backend and the developer forgot to set the privacy settings thus anyone can visit the link and view its data on https://gomanila.firebaseio.com/.json I reported it to the Office of the Mayor and settingsContinue reading “Go Manila Bug”
I discovered that the Globe rewards app is communicating over insecure HTTP and because of this, it suffers from data leak. Using Wireshark I was able to read in clear plain text my phone number that I entered. I was able to contact Globe Telecom regarding this bug and was rewarded with 2,000 pesos. Lol.