Acknowledged By Twilio WIth (POC) ( Dos With Email)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Logical Denial Of Service Bug To Twilio. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. <br /> <br /> <br /> <b>Small Description :-</b> i m able to create a email with 100000000000000 words so , when i use that email on login page its make sites unavailable. <br /> <br /> <br /> <b>About Bug:-</b>  Google Says<span class="_Tgc"> <b>denial-of-service</b> (<b>DoS</b>) <b>attack</b> is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.</span><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB3iTNQWGuRg1M7y45SEpxKROZr4EtXsZLOnySLZEp-67t4Jut8mmFynI8GsBggGBwETyaDmaDMKVbLEdPqfi0dCmYtOvNlF7h65mX9nAYAMVq7xYjK-FKI7Jplbni4ds69u0-Imnut2zo/s1600/twilio.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB3iTNQWGuRg1M7y45SEpxKROZr4EtXsZLOnySLZEp-67t4Jut8mmFynI8GsBggGBwETyaDmaDMKVbLEdPqfi0dCmYtOvNlF7h65mX9nAYAMVq7xYjK-FKI7Jplbni4ds69u0-Imnut2zo/s400/twilio.JPG" width="400" /></a></div> <br /> <br /> <span class="_Tgc"><b>Hall Of Fame Link :-  <a href="https://bugcrowd.com/twilio/hall-of-fame">https://bugcrowd.com/twilio/hall-of-fame</a></b></span><br /> <br /> <br /> <br /> Thanks for reading...</div>

Acknowledged By Twilio WIth (POC) ( Dos With Email)

I Reported Logical Denial Of Service Bug To Twilio. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. Small Description :- i m able to create a email with 100000000000000 words…

Read more »

Acknowledged By Jet WIth (POC) ( Dos With Password)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Logical Denial Of Service Bug To Jet. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. <br /> <br /> <br /> <b>Small Description :-</b> i m able to create a password with 100000000000000 words so , when i use that password on login page its make sites unavailable. <br /> <br /> <br /> <b>About Bug:-</b>  Google Says<span class="_Tgc"> <b>denial-of-service</b> (<b>DoS</b>) <b>attack</b> is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.</span><br /> <br /> <span class="_Tgc"><b>Hall Of Fame Link :-  <a href="https://bugcrowd.com/jet/hall-of-fame">https://bugcrowd.com/jet/hall-of-fame</a></b></span><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcUXlT4YPEqjxnBJsBUK2jg5xcZSS4uDpdfq5cjnwxwON4l3o7o5alog7AVDtoiHsbp8GBCXz0r1tzXEsSrVXvT8F4eGR3T3IM7GHdYyvuDIjbkb_F6ivgPOtCGr0gGMIL6ASzK9-rl7Dx/s1600/jet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcUXlT4YPEqjxnBJsBUK2jg5xcZSS4uDpdfq5cjnwxwON4l3o7o5alog7AVDtoiHsbp8GBCXz0r1tzXEsSrVXvT8F4eGR3T3IM7GHdYyvuDIjbkb_F6ivgPOtCGr0gGMIL6ASzK9-rl7Dx/s400/jet.jpg" width="400" /> </a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <span class="_Tgc">Thanks for reading......<b> </b></span></div>

Acknowledged By Jet WIth (POC) ( Dos With Password)

I Reported Logical Denial Of Service Bug To Jet. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. Small Description :- i m able to create a password with 100000000000000 words…

Read more »

Acknowledged By Itbit WIth (POC) ( Dos With Password)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Logical Denial Of Service Bug To ItBit. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. <br /> <br /> <br /> <b>Small Description :-</b> i m able to create a password with 100000000000000 words so , when i use that password on login page its make sites unavailable. <br /> <br /> <br /> <b>About Bug:-</b>  Google Says<span class="_Tgc"> <b>denial-of-service</b> (<b>DoS</b>) <b>attack</b> is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.</span><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9mYRnS-Bs8mtiOCWRxQ7LRJf3vCILsZ9eagMJgCKqpfnRlauWWkC54OLmLr_Tdfk3Zk59TDiOSO05C9cxMN6ews4dzg251HQ0wyEGhqFdfvsLRU4lwtETS5-P_K_uVwrIIRfhn55pahBY/s1600/itbit.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9mYRnS-Bs8mtiOCWRxQ7LRJf3vCILsZ9eagMJgCKqpfnRlauWWkC54OLmLr_Tdfk3Zk59TDiOSO05C9cxMN6ews4dzg251HQ0wyEGhqFdfvsLRU4lwtETS5-P_K_uVwrIIRfhn55pahBY/s400/itbit.JPG" width="400" /> </a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <br /> <span class="_Tgc"><b>Hall Of Fame Link :-  <a href="https://hackerone.com/itbit/thanks">https://hackerone.com/itbit/thanks</a></b></span><br /> <br /> <span class="_Tgc"><b>Disclosed Report:-  <a href="https://hackerone.com/reports/98083">https://hackerone.com/reports/98083</a></b></span><br /> <br /> <br /> <span class="_Tgc">Thanks for reading... </span></div>

Acknowledged By Itbit WIth (POC) ( Dos With Password)

I Reported Logical Denial Of Service Bug To ItBit. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. Small Description :- i m able to create a password with 100000000000000 word…

Read more »

Acknowledged By Blockhain WIth (POC)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div id="summary3471379279319678408"> I Reported <span class="_Tgc"><b>Content spoofing</b></span>  Bug To Blockchain They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty.<br /> <br /></div> <div id="summary3471379279319678408"> </div> <div id="summary3471379279319678408"> <b>About Bug:-</b>  Google Says <span class="_Tgc"><b>Content spoofing</b>, also referred to as <b>content</b> injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application.</span><br /> <br /></div> <div id="summary3471379279319678408"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy77HH-qP4-j8e1iSgwDtNFSeTmYaQP1cjZMew7PwTp2aFjfGrcvEIsPoCCRpxrTPAB_ZnhrmXaiQZFc46vnhZ5-4f-1Au94R81EjO7V1assDDraaF-iLJcKx0_U3I9vdCQ5R35LRxLak0/s1600/block.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy77HH-qP4-j8e1iSgwDtNFSeTmYaQP1cjZMew7PwTp2aFjfGrcvEIsPoCCRpxrTPAB_ZnhrmXaiQZFc46vnhZ5-4f-1Au94R81EjO7V1assDDraaF-iLJcKx0_U3I9vdCQ5R35LRxLak0/s400/block.JPG" width="400" /></a></div> <div id="summary3471379279319678408"> </div> <div id="summary3471379279319678408"> <br /> <br /> <span class="_Tgc"><b>Vulnerable Link :-</b> <a href="https://goo.gl/g2FW2O">https://goo.gl/g2FW2O</a></span></div> <div id="summary3471379279319678408"> <span class="_Tgc"><br /></span></div> <div id="summary3471379279319678408"> <b><span class="_Tgc">Hall Of Fame :- </span></b><a href="https://cobalt.io/blockchain-info/hall-of-fame/all"><span class="_Tgc">https://cobalt.io/blockchain-info/hall-of-fame/all</span></a><br /> <br /></div> <div id="summary3471379279319678408"> </div> <div id="summary3471379279319678408"> <span class="_Tgc">Thanks for reading .. </span></div> <div id="summary3471379279319678408"> <span class="_Tgc"><br /></span></div> <div id="summary3471379279319678408"> </div> </div>

Acknowledged By Blockhain WIth (POC)

I Reported Content spoofing  Bug To Blockchain They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty. About Bug:-  Google Says Content spoofing, also referred to as content injection …

Read more »

Acknowledged By Apptentive (Certificate + T-shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: left;"> I Reported Cross Site Request Forgery  Bug To Apptentive They Accept My Report And Decided To Provide Me Certificate + T-shirt.</div> <br /> <b>About Bug:- </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <div class="separator" style="clear: both; text-align: left;"> <span class="_Tgc"> </span> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr0tsvWIfXEmf0FqTEsEzbue1yVsEX0vdpk1xRIk_0T8rnz1SLvmF_xLoK3FKLSaBaPTb6X-6VmNAj4oGWcxbKxb46nLhYzMCNk_9-F0Yk9nxhnuryFGuiSVP31y0NcXQl7ajTgqONMr5C/s320/certi.jpg" width="244" /></div> <br /></div>

Acknowledged By Apptentive (Certificate + T-shirt)

I Reported Cross Site Request Forgery  Bug To Apptentive They Accept My Report And Decided To Provide Me Certificate + T-shirt. About Bug:-  Google Says Cross-Site Request Forgery (CSRF) is a type of…

Read more »

Acknowledged By Urban Airship (T-shirt + Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Misconfigured SPF Bug To Urban Airship They Accept My Report And Decided To Provide  Me T-shirt + Hall Of Fame<br /> <br /> <span class="_Tgc"><b>Google Says About </b></span><span class="_Tgc"><b>Misconfigured Spf if there is no spf or </b></span>misconfigured spf issue on any websites its fully leads to spoof mails. attacker can manage to send fake mail  from anything@example.com.<br /> <br /> <b>Hall Of Fame Link:-</b> <a href="http://urbanairship.com/full-disclosure-security-policy">http://urbanairship.com/full-disclosure-security-policy</a><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZGckOaB0QkBXkL7hYcvIzmw1PZ97xWP-KN3WqADlLusJ0Xz6m7RlCOm5GSo_x7HmQgQ2gDu1keRbPfjsRNP___EDqEdko1ormTr3vzwHBmnzQPyVe2ro7X1ggLeAbREmHwf2FyBh437X/s1600/airship.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZGckOaB0QkBXkL7hYcvIzmw1PZ97xWP-KN3WqADlLusJ0Xz6m7RlCOm5GSo_x7HmQgQ2gDu1keRbPfjsRNP___EDqEdko1ormTr3vzwHBmnzQPyVe2ro7X1ggLeAbREmHwf2FyBh437X/s400/airship.JPG" width="400" /></a></div> </div>

Acknowledged By Urban Airship (T-shirt + Hall Of Fame)

I Reported Misconfigured SPF Bug To Urban Airship They Accept My Report And Decided To Provide  Me T-shirt + Hall Of Fame Google Says About Misconfigured Spf if there is no spf or misconfigured spf i…

Read more »

Acknowledged By Jumplead (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: left;"> I Reported Broken Authentication Bug To Jumplead They Accept My Report And Decided To Provide Me Hall Of Fame.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <span class="_Tgc"><b>Google Says</b></span> when authentication function application are not worked correctly which will allow hackers to compromise passwords or session id's or to exploit other users using other users credentials.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>Hall Of Fame Link:</b>- <a href="https://jumplead.com/about/security">https://jumplead.com/about/security</a> </div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;">  <img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0uLUXQJHxvPoWtMCZuuKSOoHVAekanUkYyH9rGA7XrBUqbYqUoxyDempSYufpjpNejALf1sb4alRwHMwwujJ3lYodbTx7rwyyWIRwjsGox4OSsBT9zVgM9CWe1EgjmqCScaWJaJyzmqLZ/s400/jumplead.JPG" width="400" /></div> <br /></div>

Acknowledged By Jumplead (Hall Of Fame)

I Reported Broken Authentication Bug To Jumplead They Accept My Report And Decided To Provide Me Hall Of Fame. Google Says when authentication function application are not worked correctly which will…

Read more »

Acknowledged By Pagerduty (T-shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Cross Site Request Forgery  Bug To Pagerduty They Accept My Report And Decided To Provide Me T-shirt.<br /> <br /> <b>About Bug:- </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGuUX3c-Mwkbg0ipKiiP8m0QKkXDLYqBMyWGtk4JRSZ6dt8DjgRa9CEEGpFozMj-toh-Bp4hiBdmClC9KTEPJPKydE6bGHXJkZBrJdw2deNOtNGFfNYxwGBtxOM6sxIbIPtZzBJmgk9KVc/s1600/pagerduty.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGuUX3c-Mwkbg0ipKiiP8m0QKkXDLYqBMyWGtk4JRSZ6dt8DjgRa9CEEGpFozMj-toh-Bp4hiBdmClC9KTEPJPKydE6bGHXJkZBrJdw2deNOtNGFfNYxwGBtxOM6sxIbIPtZzBJmgk9KVc/s400/pagerduty.JPG" width="400" /></a></div> </div>

Acknowledged By Pagerduty (T-shirt)

I Reported Cross Site Request Forgery  Bug To Pagerduty They Accept My Report And Decided To Provide Me T-shirt. About Bug:-  Google Says Cross-Site Request Forgery (CSRF) is a type of attack that o…

Read more »

How I Convert Self Xss Into Stored Xss On Fb's Oculus

<div dir="ltr" style="text-align: left;" trbidi="on"> Hello guys after a long time i tested facebook <span style="font-weight: normal;">acquisitions</span> oculus first i try to find common bugs like cross site request forgery ,cross site scripting, click jacking , open redirect but oculus main domain is really secure so after sometime  i started testing oculus sub domains and in one of sub domain i got self cross site scripting bug and i converted it into stored cross site scripting sounds cool na?.<br /> <br /> <b>Vulnerable Domain:-  <a href="http://answers.oculus.com/">answers.oculus.com</a></b><a href="http://answers.oculus.com/"><br /></a><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcfPQzGytSC3NKOBqeT2ShTPoM5aeWf_T0XSY0rMoUPgyceB9a6x_ErBK6DLqIqryzJvtb7etk6sCFP_Y2Sx3cks14p2fj4-iX2mRQeyc8hs_tZ_gh5cwuLER8VzvhV0dEdv6feLDWzwF8/s1600/xsss.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcfPQzGytSC3NKOBqeT2ShTPoM5aeWf_T0XSY0rMoUPgyceB9a6x_ErBK6DLqIqryzJvtb7etk6sCFP_Y2Sx3cks14p2fj4-iX2mRQeyc8hs_tZ_gh5cwuLER8VzvhV0dEdv6feLDWzwF8/s400/xsss.JPG" width="400" /></a></div> <br /> <div style="text-align: center;"> <b>SO HERE IS PROOF OF CONCEPT</b></div> <div style="text-align: center;"> <b>   </b></div> <div style="text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/2aCdA4IhsIo/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/2aCdA4IhsIo?feature=player_embedded" width="320"></iframe> </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> hope you like my finding if you have any questions then please drop your comment i will try my best to answer your questions.  </div> <div style="text-align: center;"> <b>  </b></div> </div>

• 
• 

1. 1
2. 2

• Previous
• Next

How I Convert Self Xss Into Stored Xss On Fb's Oculus

Hello guys after a long time i tested facebook acquisitions oculus first i try to find common bugs like cross site request forgery ,cross site scripting, click jacking , open redirect but oculus main…

Read more »