Vulnerability

Reflected XSS on IBAN Secured Transfer

SkypLabs published on
7 min, 1260 words

IBAN Secured Transfer is a web application developed by the Paris Notary Chamber “to proscribe IBAN transfers using emails, in order to protect notaries and their clients from email spoofing, interception of emails, or other cyberattacks”.

When a notary office needs to communicate its IBAN to one of its clients, the office uploads its IBAN to the IBAN Secured Transfer platform and enters the client’s e-mail address and phone number. A notification e-mail comprising a single-use link is then sent to the client. Upon clicking the link, the client is directed to a page where they are prompted to enter a one-time password sent by SMS this time as per the double authentication process. If all steps are completed correctly, the client can then download the bank account details as a PDF file.

Read More

Appwrite CLI - Too permissive access on preferences file

SkypLabs published on
2 min, 392 words

While involved in the design and implementation of a back-end infrastructure for one of our clients, we had the occasion to work with Appwrite, an open-source solution that aims to provide an all-in-one back-end platform for web and mobile applications. Targeting mostly front-end developers, Appwrite positions itself as a Firebase alternative.

The scope of the features provided by Appwrite is rather large: user management, authentication, authorisation, database, object storage, etc. To administrate the platform, a web console is provided as well as a CLI tool.

Read More