Exploring Negative Balance

 Exploring Negative Balance Token Integration in Finance and it’s countermeasures

Hello everyone,

I hope we are doing well amidst the challenges life throws at us I’m writing this to share and document an interesting part of my cyber security journey.

Sit back and relax because this story would blow your mind as it opened my eyes to Pletoria of opportunities cyber criminals use to evade law as it regards matters of the cyber realm.

I was contracted this year by a name I would not like to disclose and would also like to call the apps inogorevealam.com, api.inogorevealam.com.

I started by using the app like a normal user signed up while I created multiple accounts so I can test for some certain kind of vulnerabilities on the long run so I checked all technologies used by the app they seem to be updated with the latest versions so there were no pre existing N days or Current zero day for the technologies involved at this point I created a mind map but if you done understand what a mind map is I will give a quick definition.

A mind map is simply a blue print of your attack method where you start and stop documented properly.

I started using my mind map to attack the apps and was able to uncover some vulnerabilities.

The first was at the password endpoint where there was a host header injection that was chained to an account takeover.

Things were getting Intresting as I was fired up but the vulnurability that took me to cloud nine was present in their ecommerce section, the app allows people from anywhere in the world book flights so I decide to test the functionality wanted to see if I could travel around the world for free my curiosity was at its peak.

Here