DURAKICONSULTING FINDINGS AND PUBLICATIONS
| YEAR | TARGET | PLATFORM | VULNERABILITY |
|---|---|---|---|
| 2011 | KLIX.ba | web | SQL injection to remote code execution |
| 2012 | OLX.ba | web | SQL Injetion to root account takeover |
| 2013 | KLIX.ba | web | Path traversal to local file inclusion |
| 2013 | KLIX.ba | android | Session manipulation, account takeover |
| 2013 | BHTELECOM.ba | web | Bosnian Telecom provider, multiple vulns in CMS |
| 2012 | RADIOSARAJEVO.ba | web | SQL injection, gaining admin access |
| 2014 | HUAWEI.com | web | Stored XSS, unrestricted redirect |
| 2017 | KLIX.ba | web | Account takeover, File upload, multiple API vulns |
| 2020 | APPLE.com | web | Sensitive Data Disclosure |
CVE. Reports. Papers.
Vulnerabilities and
Exposures
Repoted
Vulnearbilities
Academic
Papers
Our published CVE(S), bug reports and academic works are publicly available.
CVE
Common Vulnerabilities and Exposures
| YEAR | CVE#NO | APP. NAME | EXPLOIT TITLE |
|---|---|---|---|
| 2013 | CVE-2013-5099 | Anchor CMS Platform | Stored Cross-Site Scripting (XSS) |
| 2020 | CVE-2020-13648 | Crystal Shard | A Crystal Shard (Library), IP Spoofing Bypass |
| 2013 | CVE-NDA-XXXX | Anchor CMS Platform | CSRF bypass in Login Form |
| 2015 | CVE-NDA-XXXX | MeekroDB PHP | Blind SQL injection (Beta) |
-
Academic and Research Papers
On-Going Research
BMW ADS Interface Reverse Engineering
We are hacking BMW ADS Interface from the unofficial BMW's documentation. Hardware reverse engineering and schematics …
~ ongoing
Making a Search Engine for regional limits
Mitix.ba is a Google-like search engine built for Bosnia-Herzegovina. It uses Elasticsearch as well as custom crawler to …
~ ongoing
Applying offensive RE in cyber espionage
PoC explains a workflow for extracting users registered on the Viber Messanger application, through out the iOS …
~ ongoing
:)