• Twitter
  • Facebook
  • Youtube

About me

Let me introduce myself


A bit about me

Shawar Khan is an Ethical Hacker & Security Researcher from Pakistan.

With over years of experience in cyber security, Shawar Khan identified major security flaws in world's well known companies. This includes Google, Microsoft, PayPal, Apple and many others. A huge number of Halls of Fame and Certificates were rewarded as a token of appreciation from these companies. In spare time, Shawar used to develope exploits and web-app penetration testing tools. Some of them are BruteXSS & D-TECT.

Profile

Shawar Khan

Personal info

Shawar Khan

A Web Application Penetration Tester and Security Researcher.

Skills & Things about me

Web Application
95%
Penetration Testing
Mobile App
88%
Penetration Testing
Python
90%
Exploit Writing

Portfolio

My latest projects


Sunday, March 5, 2017

WhatsApp - 0day Vulnerability in IOS & Android


Greetings Everyone

Today we are going to share the 0day that we have discovered in WhatsApp. Our team(Muhammad Uwais, Kunal Khubchandani, & Shawar Khan) identified a 0day vulnerability in WhatsApp Mobile Applications(iOS & Android). The Followings are the details:

Bug: Buffer Overflow App Crash Denial of Service Vulnerability
Affected Versions: All Whatsapp Versions prior to "2.17.79"

Platform: IOS & Android
Researchers: Muhammad Uwais, Kunal Khubchandani, Shawar Khan
This vulnerability allows a remote attacker to crash the target victim's mobile application. This affects both version of Whatsapp which include Whatsapp for IOS & Whatsapp for Android. 


Recently Uwais joined WhatsApp and started the Pentest against the application as thats what a hacker does at start, identifying security flaws is the first step every hacker performs. Recently a flaw was discovered that allowed attackers to crash victim's whatsapp by sending a message containing unknown characters and recently a guy found that he could crash Whatsapp Ios Version by 2 emojis if you know those are rainbow and a white flag . According to Uwais:

I decided to make up a contact file and add up few emojis "Smiley Face" in the area of Contact name that is shared . Luckily my mobile Xiamoi Mi 3 allowed me to add emoji's and characters as many as I want .Then I shared this contact nothing happened , I added bomb emoji with other 30 smiley face emoji's. Then I send the contact to Kunal while opening his chat I noticed a slightly delay of 1.5-2 secs than usual time while opening his chat.
Uwais noticed this behaviour and asked Kunal to have a look into it because of limited access to computers at my college .

So he made the other contact i.e the contact named with bomb emojis which caused delay , then Kunal copied that message(contact) and only added characters of "bomb" emoji's and then he kept on multiplying the bomb emoji's and kept on testing its response (delay) in opening the conversation (message) .

He noticed a lot of serious lagging and I couldn't type back in the conversation while testing on android application , and again he added more and more bomb emoji characters around 5000 then he sent the contact to me on my phone, as soon as I opened his chat the mobile screen turned black and bamm whatsapp crashed !! As some phones couldn't store emoji's as the contact name so he used 3rd party app from playstore to create a contact like that . As for now we are sure all Android devices along with the whatsapp versions were affected if contact was shared with name containing around 5000 Bomb emoji's.

It was time to test ios devices , so we messaged another friend named Shawar Khan who is also a Cyber Security Researcher & WhiteHat Hacker from Pakistan and we asked him to test ios device as he is an IOS Application Penetration Tester .
I(Uwais) sent him the same contact , this time the results we noticed were crazy. 

 
His phone started lagging and his whatsapp crashed on the pressing of his home button on his iPhone. The payload was further modified by Shawar and a much powerful payload was created which caused a complete application crash of the Victim's device. To handle this such huge payload a powerful device was required as Android devices was not able to handle it, Iphone 6s was used to send the modified payload and was successfully able to takedown any WhatsApp Conversation / Group.



So finally we are confirmed that it effects every phone rather it's an iOS or android 😉 .

All versions prior to 2.17.79 were affected . Along with the app crash main ios was also affected.
The vulnerability was reported to Facebook and is now fully patched.

Demonstrations: 
Android to Android(Demo by Kunal)


IOS to Android(Demo by Shawar Khan)

 

Saturday, August 1, 2015

Stored Cross-Site Scripting(XSS) vulnerability in Intel founded by Shawar Khan


Cross-Site Scripting(XSS) using .jpg file upload in Linux


Reflected Cross-Site Scripting(XSS) & HTML Injection vulnerability in BlackBerry founded by Shawar Khan


Testing and detection of Open Redirection Vulnerability


 


Wednesday, July 15, 2015

What is Stored Cross-Site Scripting(XSS) Attack & its testing

Today, i will tell you about Stored Cross-Site Scripting(XSS) vulnerability.
You may have seen my previous videos related to XSS testing and Flash-XSS.But now i will tell you about its Stored Type .



Stored Cross-Site Scripting(XSS) Attack and its testing.
In the Following video you will learn:
  • What is Stored Cross-Site Scripting(XSS).
  • How to test Stored-XSS vulnerability in a site.
  • Detection of Stored-XSS

In Stored XSS(also known as persistent-XSS), the XSS code is stored in the site's database.for example we posted a script in a comment and post it.so it will be saved in the site even if we refresh it.so if its vulnerable, it will show xss whenever the page loads.
The testing is same as nomal xss.we just need to check if our xss is stored in the page.we check that by refreshing the page.
For example if i post a comment using a payload "/><svg/onload=prompt(1)>
and then XSS executes
now if i refresh the page and visit it again and if the popup executes it means its vulnerable to Stored XSS.
This can be used to inject keylogger,deface site and perform other attacks like Redirection when victim opens the site and like that.

Shawar Khan
Cyber Security Researcher

Services

What can I do


Web-App Penetration Testing

Provides a complete Penetration Test against the web application in order ensure its safety.

Android App Penetration Testing

Provides Android Application Penetration Testing in order to make the app & secure.

iOS App Penetration Testing

Provides iOS Application Penetration Testing in order to make the app & secure.

Contact

Get in touch with me