eval.blog
Open in
urlscan Pro
185.199.111.153
Public Scan
Submitted URL: http://eval.blog/
Effective URL: https://eval.blog/
Submission: On October 21 via api from US — Scanned from DE
Effective URL: https://eval.blog/
Submission: On October 21 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
VIKRANT SINGH CHAUHAN
Security Researcher & Red Teamer
NAVIGATION
* CV
* Blog
* Research
* Projects
CURRICULUM VITAE
* 0x00 INTRO
* 0x01 RESEARCH
* 0x02 PROJECTS
* 0x03 ACCOMPLISHMENTS
* 0x04 CERTIFICATIONS
* 0x05 WORK EXPERIENCE
* 0x06 ACADEMICS
* 0x07 HOBBIES
SOCIAL
* Mastodon
* Twitter
* LinkedIn
* Donate
© 2023 Vikrant Singh Chauhan.
0X00 INTRO
@main def hello() = println("👋 Hi there!")
Hi there, I am Vikrant Singh Chauhan, also known as 0xcrypto. I am a security
researcher driven by a passion for making the internet a safer place for
everyone. Presently, I freelance, do bug bounty hunting and maintain a few open
source projects.
CONNECT WITH ME
0X01 RESEARCH
* Breaking The Mutant Language's "Encryption (Writeup)"
> AppSec Village DEF CON 31 CTF^2 (developer) winning entry. Bypassed the
> encryption and mutation techniques of the Mutant Language.
References:
* https://twitter.com/AppSec_Village/status/1694786713007059008
* https://github.com/0xcrypto/mutant-cure
* https://hackaday.com/2023/08/18/this-week-in-security-tunnelcrack-mutant-and-not-discord/
* [CVE-2021-27902, CVE-2021-27903]: CraftCMS Zero-day Chain: XSS to SSTI
triggering RCE
> Reported CVE-2021-27902 (XSS) and CVE-2021-27903 (SSTI) that can be chained
> together to gain Remote Code Execution in CraftCMS.
References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-27902
* https://nvd.nist.gov/vuln/detail/CVE-2021-27903
* https://eval.blog/research/craftcms-zero-day-ssti-xss-triggering-rce
* https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
* https://github.com/craftcms/cms/commit/c17728fa0bec11d3b82c34defe0930ed409aec38
* CVE-2021-21705: FILTER_VALIDATE_URL bypass in PHP 8
> Reported a bypass of FILTER_VALIDATE_URL filter in PHP 8 that can lead to
> SSRF by escaping the URL validations in any PHP target which depend on
> FILTER_VALIDATE_URL.
References:
* https://bugs.php.net/bug.php?id=81122
* https://nvd.nist.gov/vuln/detail/CVE-2021-21705
* CVE-2021-3603: Untrusted code execution in PHPMailer
> Reported a vulnerability in PHPMailer where a function could run
> unexpectedly while sending a mail leading to untrusted code execution.
References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-3603
* https://github.com/advisories/GHSA-77mr-wc79-m8j3
* https://huntr.dev/bounties/1-PHPMailer/PHPMailer/
* active_url validation check bypass in Laravel
> Reported and fixed a vulnerability in Laravel where active_url validation
> rule could be bypassed in a situation where a target has a subdomain
> localhost.
References:
* https://huntr.dev/bounties/2-laravel/framework/
* https://github.com/laravel/framework/commit/c50087d457d3b2e2839f2e8b080f40832f4f7e46
* https://github.com/laravel/framework/pull/37675
* POP Gadget using function injection in RequiredIf
> Reported and fixed a vulnerability in Laravel where
> Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for
> deserialization vulnerabilities.
References:
* https://huntr.dev/bounties/3-laravel/framework/
* https://github.com/laravel/framework/pull/37688
* https://github.com/laravel/framework/pull/37700
* https://github.com/ambionics/phpggc/blob/c42dbd18538324c4337655651fe41ad54d081399/gadgetchains/Laravel/RCE/8/gadgets.php#L18
* Code Execution via Cross Site Scripting in Tagspaces (A file manager)
> Reported a code execution via cross site scripting in TagSpaces. The XSS is
> used to escape the sandbox of electron to gain Code Execution in TagSpaces.
References:
* https://huntr.dev/bounties/1-other-tagspaces/tagspaces/
* https://huntr.dev/bounties/1-other-tagspaces/viewerText/
* Relative Path Traversal in Flarum using fake OAuth Provider
> Reported a low impact Path Traversal where an OAuth Provider could read
> local files exploiting relative path traversal in Flarum.
References:
* https://huntr.dev/bounties/2-other-changeweb/Unifiedtransform/
* XSS in Unified Transform (A school management software)
> Reported a stored cross site scripting in xyz
References:
* https://huntr.dev/bounties/2-other-changeweb/Unifiedtransform/
* Stored Cross Site Scripting in October CMS
> Reported a stored cross site scripting by uploading XML file in October
> CMS.
References:
* https://huntr.dev/bounties/1-packagist-october/rain/
* Cross Site Scripting in digidocu
> Reported a stored cross site scripting in digidocu.
References:
* https://huntr.dev/bounties/2-other-digidocu/
* Internal IP Address leak in Misconfigured WordPress to bypass WAF
> Discovered a method to leak IP addresses in a misconfigured WordPress
> instance (useful when targets are behind a dns firewall like CloudFlare)
* Account Takeover on unverified emails in File Sync & Share in Acronis
> Reported an account takeover vulnerability that allows an attacker to claim
> accounts having unverified emails in File Sync & Share in Acronis.
References:
* https://hackerone.com/reports/906790
* Unrestricted access to any "connected pack" in docs in coda.io
> Reported an Broken Access Control in coda.io where an attacker could
> leverage the trial feature to gain access to paid offerings.
References:
* https://hackerone.com/reports/777942
* Open Redirect in Flattr
> Reported a low impact Open Redirect to Flattr
0X02 PROJECTS
* Mutant Cure
> A decompiler for the Mutant Language
References:
* https://github.com/0xcrypto/mutant-cure
* https://eval.blog/posts/breaking-the-mutant-languages-encryption
* Project PURGE
> PURGE is a collection of multiple tools to perform automated vulnerability
> scanning on a large scale.
Following are some of the public repositories belonging to Project PURGE:
* OSINT Data
* takeover.py
* webdetect
References:
* https://github.com/0xcrypto/purge/releases
* https://pypi.org/project/takeover.py
* https://pypi.org/project/webdetect
* whack
> Automagically generated wordlists.
References:
* https://github.com/0xcrypto/whack
* https://github.com/0xcrypto/wordlists
0X03 ACCOMPLISHMENTS
* First Place Winner in CTF^2 (Developer) 2023
> Issued by AppSec Village - DEF CON 31, Las Vegas on Aug, 2023
Won first place in the CTF^2 2023 organized by AppSec Village in DEF CON 31,
Las Vegas. The challenge I submitted involved building a deobfuscator for a
new programming language called Mutant Programming Language that claims to be
resistant to reverse engineering. To accomplish this, language uses
encryption and mutation techniques.
I built a deobfuscator that breaks the protection in place questioning the
very sole purpose of Mutant Programming Language.
References:
* https://twitter.com/AppSec_Village/status/1694786713007059008
* https://eval.blog/posts/breaking-the-mutant-languages-encryption
* Bug bounty hunting
> Reported security issues to PHP, Laravel, Flickr, Coda, JFrog, Acronis,
> FanDuel, Smartsheet, CoinSpot, Harvest, and many private programs.
* Top rank in Coda.io since 2021
* Middleweight Rank on Huntr.dev
* Fanduel Hall of Fame (Wayback Mirror)
0X04 CERTIFICATIONS
* (ISC)²
> Member of (ISC)2 since April, 2023
* Certified in Cybersecurity
* Coursera
> Training and Certifications done on Coursera
* IBM Cybersecurity Analyst
* AWS Fundamentals
0X05 WORK EXPERIENCE
* Independent Security Researcher (MAY 2020 - Present)
> Performing security research, bug bounty hunting and providing freelance
> services.
* Member of Synack Red Team (2023-Present)
* Member of Detectify (2021-Present)
References:
* https://huntr.dev/users/0xcrypto
* https://hackerone.com/0xcrypto
* https://bugcrowd.com/0xcrypto
* https://cs.detectify.com/profile/0xcrypto
* Freelance Web Developer @ Moirae Creative Ltd, Doncaster (UK) (Jan 2022-Jul
2023)
> Provided development and consultancy services. Worked in C# and ASP.NET
> Applications.
* Backend Engineer @ Zap Infolabs Pvt. Ltd (NOV 2019 - MAY 2020)
> Worked as a fulltime backend engineer working on PHP based projects.
0X06 ACADEMICS
* Bachelor of Computer Applications
> Manipal University, Jaipur
0X07 HOBBIES
* Game Dev
References:
* https://0xcrypto.itch.io
Menu