A Remote Code Execute Vulnerability in the modem of the ISP

Today, I want to share with you how I successfully exploit the modem of an ISP in Vietnam. I found the multiple vulnerabilities in the GPON firmware, all of them belong to the web portal of the modem. That means it can only be exploited from a client which joined in LAN or it can be triggered by a CSRF in LAN. Anyway, I don’t wanna magnify this stuff.

Continue reading

Tell me your bank account number, I’ll show you the rest detail

THIS FLAW HAS BEEN FIXED BY THE OWNER AT THE TIME THIS POST IS PUBLISHED. THE CONTENT IS FOR KNOWLEDGE SHARING PURPOSE TO PREVENT THIS FLAW HAPPEN AGAIN


Retail bank industry is booming in Vietnam recent years. Many banks invest for retail business through improve customer service. Mobile banking is one of the hot topics, every bank already had or soon to have mobile banking and mobile apps for their customers use. Winter season is nebulous in Vietnam and the repetitive company work make me so bored. I need a fresh air. Luckily, a commercial bank contacted us for help them idetify the security risks on their mobile application  (iOS, Android) and I took care of it.

Continue reading