Introduction Reverse engineering an iOS application can feel like solving a puzzle, especially when it’s built with a cross-platform framework like Flutter. In this post, I’ll guide you through th...
Summary A debugging error disclosure vulnerability exists on Ednovation’s https://dashboard.ednoland.com/ subdomain. By requesting a non-existent path, the application returns a full Laravel excep...
Apple’s iOS ecosystem is renowned for its sleek user interface and curated app experience, prominently displaying stock apps like Safari, Photos, and Calendar on the Home screen. However, beneath t...
Apple’s free developer accounts offer a convenient way to test iOS apps using Xcode, but they impose a firm restriction: you’re limited to installing only three apps on your device at a time. If yo...
Address Space Layout Randomization (ASLR) is a security feature in iOS that randomizes where apps load in memory, making it harder for attackers to exploit vulnerabilities. For security researchers...
Summary A publicly accessible internal API testing tool was discovered on Ednovation’s development subdomain. This tool contains hardcoded production credentials and allows unauthenticated users t...
Summary A publicly accessible PHP configuration page (phpinfo()) was discovered on Ednovation’s production subdomain eproject.ednoland.com. The exposure reveals sensitive server configuration deta...
Summary A directory listing exposure was identified on Ednovation’s production subdomain eproject.ednoland.com. The vulnerability reveals sensitive server directories, configuration folders, and i...
Summary A cryptographic weakness was discovered in the AIMath Web App, a math learning platform for children operated by Ednovation. User passwords are stored using the obsolete and insecure MD5 h...
Summary A publicly accessible directory listing was found on Ednovation’s development subdomain, exposing the internal file structure of a web application, including PHP request handlers, code lib...