Acknowledged By Apptentive (Certificate + T-shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: left;"> I Reported Cross Site Request Forgery  Bug To Apptentive They Accept My Report And Decided To Provide Me Certificate + T-shirt.</div> <br /> <b>About Bug:- </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <div class="separator" style="clear: both; text-align: left;"> <span class="_Tgc"> </span> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr0tsvWIfXEmf0FqTEsEzbue1yVsEX0vdpk1xRIk_0T8rnz1SLvmF_xLoK3FKLSaBaPTb6X-6VmNAj4oGWcxbKxb46nLhYzMCNk_9-F0Yk9nxhnuryFGuiSVP31y0NcXQl7ajTgqONMr5C/s320/certi.jpg" width="244" /></div> <br /></div>

Acknowledged By Apptentive (Certificate + T-shirt)

I Reported Cross Site Request Forgery  Bug To Apptentive They Accept My Report And Decided To Provide Me Certificate + T-shirt. About Bug:-  Google Says Cross-Site Request Forgery (CSRF) is a type of…

Read more »

Acknowledged By Urban Airship (T-shirt + Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Misconfigured SPF Bug To Urban Airship They Accept My Report And Decided To Provide  Me T-shirt + Hall Of Fame<br /> <br /> <span class="_Tgc"><b>Google Says About </b></span><span class="_Tgc"><b>Misconfigured Spf if there is no spf or </b></span>misconfigured spf issue on any websites its fully leads to spoof mails. attacker can manage to send fake mail  from anything@example.com.<br /> <br /> <b>Hall Of Fame Link:-</b> <a href="http://urbanairship.com/full-disclosure-security-policy">http://urbanairship.com/full-disclosure-security-policy</a><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZGckOaB0QkBXkL7hYcvIzmw1PZ97xWP-KN3WqADlLusJ0Xz6m7RlCOm5GSo_x7HmQgQ2gDu1keRbPfjsRNP___EDqEdko1ormTr3vzwHBmnzQPyVe2ro7X1ggLeAbREmHwf2FyBh437X/s1600/airship.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigZGckOaB0QkBXkL7hYcvIzmw1PZ97xWP-KN3WqADlLusJ0Xz6m7RlCOm5GSo_x7HmQgQ2gDu1keRbPfjsRNP___EDqEdko1ormTr3vzwHBmnzQPyVe2ro7X1ggLeAbREmHwf2FyBh437X/s400/airship.JPG" width="400" /></a></div> </div>

Acknowledged By Urban Airship (T-shirt + Hall Of Fame)

I Reported Misconfigured SPF Bug To Urban Airship They Accept My Report And Decided To Provide  Me T-shirt + Hall Of Fame Google Says About Misconfigured Spf if there is no spf or misconfigured spf i…

Read more »

Acknowledged By Jumplead (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: left;"> I Reported Broken Authentication Bug To Jumplead They Accept My Report And Decided To Provide Me Hall Of Fame.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <span class="_Tgc"><b>Google Says</b></span> when authentication function application are not worked correctly which will allow hackers to compromise passwords or session id's or to exploit other users using other users credentials.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>Hall Of Fame Link:</b>- <a href="https://jumplead.com/about/security">https://jumplead.com/about/security</a> </div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;">  <img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0uLUXQJHxvPoWtMCZuuKSOoHVAekanUkYyH9rGA7XrBUqbYqUoxyDempSYufpjpNejALf1sb4alRwHMwwujJ3lYodbTx7rwyyWIRwjsGox4OSsBT9zVgM9CWe1EgjmqCScaWJaJyzmqLZ/s400/jumplead.JPG" width="400" /></div> <br /></div>

Acknowledged By Jumplead (Hall Of Fame)

I Reported Broken Authentication Bug To Jumplead They Accept My Report And Decided To Provide Me Hall Of Fame. Google Says when authentication function application are not worked correctly which will…

Read more »

Acknowledged By Pagerduty (T-shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Cross Site Request Forgery  Bug To Pagerduty They Accept My Report And Decided To Provide Me T-shirt.<br /> <br /> <b>About Bug:- </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGuUX3c-Mwkbg0ipKiiP8m0QKkXDLYqBMyWGtk4JRSZ6dt8DjgRa9CEEGpFozMj-toh-Bp4hiBdmClC9KTEPJPKydE6bGHXJkZBrJdw2deNOtNGFfNYxwGBtxOM6sxIbIPtZzBJmgk9KVc/s1600/pagerduty.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGuUX3c-Mwkbg0ipKiiP8m0QKkXDLYqBMyWGtk4JRSZ6dt8DjgRa9CEEGpFozMj-toh-Bp4hiBdmClC9KTEPJPKydE6bGHXJkZBrJdw2deNOtNGFfNYxwGBtxOM6sxIbIPtZzBJmgk9KVc/s400/pagerduty.JPG" width="400" /></a></div> </div>

Acknowledged By Pagerduty (T-shirt)

I Reported Cross Site Request Forgery  Bug To Pagerduty They Accept My Report And Decided To Provide Me T-shirt. About Bug:-  Google Says Cross-Site Request Forgery (CSRF) is a type of attack that o…

Read more »

How I Convert Self Xss Into Stored Xss On Fb's Oculus

<div dir="ltr" style="text-align: left;" trbidi="on"> Hello guys after a long time i tested facebook <span style="font-weight: normal;">acquisitions</span> oculus first i try to find common bugs like cross site request forgery ,cross site scripting, click jacking , open redirect but oculus main domain is really secure so after sometime  i started testing oculus sub domains and in one of sub domain i got self cross site scripting bug and i converted it into stored cross site scripting sounds cool na?.<br /> <br /> <b>Vulnerable Domain:-  <a href="http://answers.oculus.com/">answers.oculus.com</a></b><a href="http://answers.oculus.com/"><br /></a><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcfPQzGytSC3NKOBqeT2ShTPoM5aeWf_T0XSY0rMoUPgyceB9a6x_ErBK6DLqIqryzJvtb7etk6sCFP_Y2Sx3cks14p2fj4-iX2mRQeyc8hs_tZ_gh5cwuLER8VzvhV0dEdv6feLDWzwF8/s1600/xsss.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcfPQzGytSC3NKOBqeT2ShTPoM5aeWf_T0XSY0rMoUPgyceB9a6x_ErBK6DLqIqryzJvtb7etk6sCFP_Y2Sx3cks14p2fj4-iX2mRQeyc8hs_tZ_gh5cwuLER8VzvhV0dEdv6feLDWzwF8/s400/xsss.JPG" width="400" /></a></div> <br /> <div style="text-align: center;"> <b>SO HERE IS PROOF OF CONCEPT</b></div> <div style="text-align: center;"> <b>   </b></div> <div style="text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/2aCdA4IhsIo/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/2aCdA4IhsIo?feature=player_embedded" width="320"></iframe> </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> hope you like my finding if you have any questions then please drop your comment i will try my best to answer your questions.  </div> <div style="text-align: center;"> <b>  </b></div> </div>

• 
• 

1. 1
2. 2

• Previous
• Next

How I Convert Self Xss Into Stored Xss On Fb's Oculus

Hello guys after a long time i tested facebook acquisitions oculus first i try to find common bugs like cross site request forgery ,cross site scripting, click jacking , open redirect but oculus main…

Read more »

75% Yahoo Subdomains Are Vulnerable With Poodle

<div dir="ltr" style="text-align: left;" trbidi="on"> <b>Hello guys on this post i am going to share something interesting with you yesterday (4/6/2015) i was testing yahoo and when i test its sub domains i notice that 75% of yahoo sub domains are vulnerable with poodle. :D</b><br /> <b><br /></b> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidnXzH0R76sT3OFMFgYCE115VJV_2tzd5_xYW0bUQ0YkDEJET_2EO1a8NBiJzSYo5CtGeh_0MNsjEffCnEzk-qzVcqDgkPPeMxB1FbvlK0OzGwWJFCPf0_1R4SQHsc4ohnYjPSnTmg-mun/s1600/hull.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="384" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidnXzH0R76sT3OFMFgYCE115VJV_2tzd5_xYW0bUQ0YkDEJET_2EO1a8NBiJzSYo5CtGeh_0MNsjEffCnEzk-qzVcqDgkPPeMxB1FbvlK0OzGwWJFCPf0_1R4SQHsc4ohnYjPSnTmg-mun/s640/hull.jpg" width="640" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOJE3GyEZy9IRYg05UIRiQz0TtlItt_JliohydV4nAY1HmCkoRr0_86ut5ZwvRGAHI8ONV9lIqkYAAz2o5PzMWtOC-Po_AlLxIO_jozWWdqe9bfr8GJUlsVJZutm9cp5yyvhi8dxLQa-Gl/s1600/papapa.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div> <div class="separator" style="clear: both; text-align: center;"> </div> <br /> <b><br /></b> <b>What Is Poodle:- is a vulnerability in the design of SSL version 3.0. The vulnerability allows the decryption to plaintext of secure connections.</b><br /> <b><br /></b> <br /> <div style="text-align: center;"> <b><u>Here are little list of sub domains of yahoo check it 75% domains are vulnerable with poodle vulnerability </u></b></div> <div style="text-align: center;"> <br /> <b>games.yahoo.com</b><br /> <b>news.yahoo.com</b><br /> <b>finance.yahoo.com</b><br /> <b>groups.yahoo.com</b><br /> <b>dev.yahoo.com<br />ns1.yahoo.com<br />directory.yahoo.com<br />images.yahoo.com<br />food.yahoo.com<br />movies.yahoo.com<br />uk.mobile.yahoo.com<br />hk.adspecs.yahoo.com<br />devel.yahoo.com<br />www.answers.yahoo.com<br />weather.yahoo.com<br />football.fantasysports.yahoo.com<br />image.yahoo.com<br />class.yahoo.com<br />data.yahoo.com<br />frontier.yahoo.com<br />marketing.yahoo.com<br />elections.yahoo.com<br />quote.yahoo.com<br />m.yahoo.com<br />ro.yahoo.com<br />login.yahoo.com<br />web.analytics.yahoo.com<br />il.yahoo.com<br />info.yahoo.com<br />sports.yahoo.com<br />jobs.yahoo.com<br />help.yahoo.com<br />sms.yahoo.com<br />download.yahoo.com<br />purinaanimalallstars.yahoo.com<br />pop3.yahoo.com<br />employment.yahoo.com<br />r.yahoo.com<br />adserver.yahoo.com<br />id.yahoo.com<br />extern.yahoo.com<br />uk.antispam.yahoo.com<br />in.business.yahoo.com<br />es.yahoo.com<br />windows.yahoo.com<br />beta.yahoo.com<br />ads.yahoo.com<br />forum.yahoo.com<br />chat.yahoo.com<br />sales.yahoo.com<br />smtp.yahoo.com<br />tv.yahoo.com<br />support.yahoo.com<br />research.yahoo.com<br />eurosport.yahoo.com<br />bugs.yahoo.com<br />email.yahoo.com<br />pulse.yahoo.com<br />discovery.yahoo.com<br />in.yahoo.com<br />health.yahoo.com<br />rogers.software.yahoo.com<br />gallery.yahoo.com<br />cards.yahoo.com<br />site.yahoo.com<br />tax.yahoo.com<br />nz.youth.yahoo.com<br />next.yahoo.com<br />election.yahoo.com<br />wwww.yahoo.com<br />mx.yahoo.com<br />ww.yahoo.com<br />me.yahoo.com<br />express.yahoo.com<br />video.yahoo.com<br />uk.overview.mail.yahoo.com<br />home.yahoo.com<br />system.yahoo.com<br />gma.yahoo.com<br />accounts.yahoo.com<br />exchange.yahoo.com<br />dns.yahoo.com<br />br.yahoo.com<br />be.yahoo.com<br />ca.celebrity.yahoo.com<br />report.yahoo.com<br />account.yahoo.com<br />babelfish.yahoo.com<br />err.yahoo.com<br />shop.yahoo.com<br />digital.yahoo.com<br />uk.mail.yahoo.com<br />uk.messenger.yahoo.com<br />finances.yahoo.com<br />notepad.yahoo.com<br />hk.lifestyle.yahoo.com<br />server.yahoo.com<br />new.yahoo.com<br />msg.edit.yahoo.com<br />uk.calendar.yahoo.com<br />members.yahoo.com<br />uk.tv.yahoo.com<br />brazil.yahoo.com<br />alerts.yahoo.com<br />asia.yahoo.com<br />news.yahoo.com<br />map.yahoo.com<br />business.yahoo.com<br />uk.answers.yahoo.com<br />office.yahoo.com<br />privacy.yahoo.com<br />tech.yahoo.com<br />w.yahoo.com<br />games.yahoo.com<br />att.yahoo.com<br />website.yahoo.com<br />live.yahoo.com<br />mobile.yahoo.com<br />rss.yahoo.com<br />us.data.toolbar.yahoo.com<br />blog.yahoo.com<br />message.yahoo.com<br />9.yahoo.com<br />mlogin.yahoo.com<br />axis.yahoo.com<br />cf.calendar.yahoo.com<br />d.yahoo.com<br />auto.yahoo.com<br />it.yahoo.com<br />hp.yahoo.com<br />digits.yahoo.com<br />tickets.yahoo.com<br />www.littlewoods.com<br />fr.yahoo.com<br />uk.address.yahoo.com<br />radio.yahoo.com<br />maps.yahoo.com<br />tr.yahoo.com<br />phone.yahoo.com<br />relay.yahoo.com<br />events.yahoo.com<br />settings.yahoo.com<br />dk.yahoo.com<br />uk.lifestyle.yahoo.com<br />security.yahoo.com<br />www.labs.yahoo.com<br />mail.yahoo.com<br />groups.yahoo.com<br />www.calendar.yahoo.com<br />finance.yahoo.com<br />tw.promo.yahoo.com<br />uk.search.yahoo.com<br />mim.yahoo.com<br />headlines.yahoo.com<br />uk.yahoo.com<br />my.yahoo.com<br />calendar.yahoo.com<br />au.yahoo.com<br />au.advertising.yahoo.com<br />uk.games.yahoo.com<br />antispam.yahoo.com<br />card.yahoo.com<br />docs.yahoo.com<br />apps.yahoo.com<br />alert.yahoo.com<br />uk.celebrity.yahoo.com<br />profile.yahoo.com<br />enc.yahoo.com<br />intern.yahoo.com<br />za.yahoo.com<br />sip.yahoo.com<br />ph.yahoo.com<br />custom.yahoo.com<br />ibm.yahoo.com<br />src.yahoo.com<br />spam.yahoo.com<br />search.yahoo.com<br />local.yahoo.com<br />uk.yhs4.search.yahoo.com<br />cn.search.yahoo.com<br />profiles.yahoo.com<br />communications.yahoo.com<br />abuse.yahoo.com<br />chile.yahoo.com<br />uk.data.toolbar.yahoo.com<br />avatar.yahoo.com<br />messenger.yahoo.com<br />code.yahoo.com<br />publisher.yahoo.com<br />address.yahoo.com<br />communication.yahoo.com<br />ns3.yahoo.com<br />ns2.yahoo.com<br />images.search.yahoo.com<br />survey.yahoo.com<br />downloads.yahoo.com<br />forums.yahoo.com<br />www.yahoo.com<br />homes.yahoo.com<br />uk.astrology.yahoo.com<br />uk.images.search.yahoo.com<br />developer.yahoo.com<br />style.yahoo.com<br />nl.yahoo.com<br />gr.yahoo.com<br />servers.yahoo.com<br />sg.yahoo.com<br />internet.yahoo.com<br />ca.yahoo.com<br />biz.yahoo.com<br />messages.yahoo.com<br />wap.yahoo.com </b><br /> <br /></div> <div style="text-align: center;"> </div> <div style="text-align: center;"> </div> <div style="text-align: center;"> <b>For Checking It in One Click Go here <a href="https://www.poodlescan.com/">https://www.poodlescan.com</a></b><br /> <b>Enter the domain captions : </b><b><b>games.yahoo.com</b> </b><br /> <b>And it will prompt as vulnerable</b> </div> </div>

75% Yahoo Subdomains Are Vulnerable With Poodle

Hello guys on this post i am going to share something interesting with you yesterday (4/6/2015) i was testing yahoo and when i test its sub domains i notice that 75% of yahoo sub domains are vulner…

Read more »

Acknowledged By Sellfy (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Cross Site Request Forgery  Bug To Sellfy They Accept My Report And Decided To Provide Me Hall Of Fame.<br /> <br /> <b>About Bug:- </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <br /> <span class="_Tgc"><b>Hall Of Fame Link :- <a href="https://sellfy.com/security/">https://sellfy.com/security/</a></b></span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge9UNHL707m22RcbXNyTG4v9a089FLlegZ0TXonosnQE2LbUq6iBgnc0St6bIe4Defqof2Z5wNtxJcPvnWbgPjBm7O3w50B5STIjuHcQUV1kaQBC8PvgJZvbKMgH_pdJmCUOZumr4PyJ_0/s1600/sellfy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge9UNHL707m22RcbXNyTG4v9a089FLlegZ0TXonosnQE2LbUq6iBgnc0St6bIe4Defqof2Z5wNtxJcPvnWbgPjBm7O3w50B5STIjuHcQUV1kaQBC8PvgJZvbKMgH_pdJmCUOZumr4PyJ_0/s320/sellfy.jpg" width="320" /></a></div> <br /> <br /></div>

Acknowledged By Sellfy (Hall Of Fame)

I Reported Cross Site Request Forgery  Bug To Sellfy They Accept My Report And Decided To Provide Me Hall Of Fame. About Bug:-  Google Says Cross-Site Request Forgery (CSRF) is a type of attack that…

Read more »

Acknowledged By Pocket (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: left;"> I Reported Heart bleed Bug To Pocket They Accept My Report And Decided To Provide Me Hall Of Fame.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>About Bug:- </b></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).<br /> <br /> The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.<br /> <br /> <b>Content From :-</b> http://heartbleed.com/ <br /> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsznmc1odsRwDmxNeZHwLCQFzEG3cEnrHG6kUZ0k3JtIF7mX6Ei_ILcD96bRFEc99tc4FeGcX-R-IkNFCxigvoBZKV9cwdVvYDLPifwTABxbnALNmxCyKW6FzbyhQ6CsoONpHpQ8VcnaYr/s1600/fffffffffffffffff.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsznmc1odsRwDmxNeZHwLCQFzEG3cEnrHG6kUZ0k3JtIF7mX6Ei_ILcD96bRFEc99tc4FeGcX-R-IkNFCxigvoBZKV9cwdVvYDLPifwTABxbnALNmxCyKW6FzbyhQ6CsoONpHpQ8VcnaYr/s400/fffffffffffffffff.jpg" width="400" /></a></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> </div> <div class="separator" style="clear: both; text-align: left;"> <b>Hall of fame link :-</b> http://help.getpocket.com/customer/portal/articles/1225832-pocket-security-overview</div> </div>

Acknowledged By Pocket (Hall Of Fame)

I Reported Heart bleed Bug To Pocket They Accept My Report And Decided To Provide Me Hall Of Fame. About Bug:- The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic so…

Read more »

Acknowledged By Newrelic (T-Shirt) With Poc

<div dir="ltr" style="text-align: left;" trbidi="on"> Hello guys today i am going to share my newrelic stored cross site scripting proof of concept hope you like it <br /> <br /> when i reported about this bug to newrelic security team they accept my report and decided to provide me t-shirt.<br /> <br /> Domain:- <a href="http://www.newrelic.com/">www.newrelic.com </a><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5BjikhxMHS2eqVJjcQTKcq5qTtAEZtWc4FB4cek9TEDnxfRaGB9YyoyHKONUhfBFgMfV8-RVFZYvo8A_NTNiquQ9J0mNjmhzHUb8sw1gAvP8AmzWnQYDJhYrF9k9YOUTbOy1d5T-mjZWU/s1600/dddddd.bmp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5BjikhxMHS2eqVJjcQTKcq5qTtAEZtWc4FB4cek9TEDnxfRaGB9YyoyHKONUhfBFgMfV8-RVFZYvo8A_NTNiquQ9J0mNjmhzHUb8sw1gAvP8AmzWnQYDJhYrF9k9YOUTbOy1d5T-mjZWU/s400/dddddd.bmp" width="400" /> </a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <h4 class="separator" style="clear: both; text-align: center;"> Stored Cross Site Scripting Proof Of Concept :D</h4> <h4 class="separator" style="clear: both; text-align: center;">  </h4> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/ggbpsfLT8eA/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/ggbpsfLT8eA?feature=player_embedded" width="320"></iframe></div> <h4 class="separator" style="clear: both; text-align: center;">  </h4> <h4 class="separator" style="clear: both; text-align: center;"> <span style="font-weight: normal;">if you have any question then please drop your question in comment box i will try to reply you soon......</span></h4> <h4 class="separator" style="clear: both; text-align: center;"> </h4> </div>

• 
• 

1. 1
2. 2

• Previous
• Next

Acknowledged By Newrelic (T-Shirt) With Poc

Hello guys today i am going to share my newrelic stored cross site scripting proof of concept hope you like it when i reported about this bug to newrelic security team they accept my report and deci…

Read more »

Acknowledged By Nokia (Hall Of Fame) With Poc

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Html Injection Bug To Nokia They Accept My Report And Decided To Provide Me Hall Of Fame.<br /> <br /> <b>About Html Injection Content From Owasp:-</b>Hypertext Markup Language (HTML) injection, also sometimes referred to as <i>virtual defacement</i>, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page.<br /> <br /> This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.<br /> <br /> <b>Hall of fame link:-  </b><a href="http://networks.nokia.com/responsible-disclosure">http://networks.nokia.com/responsible-disclosure</a><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibH3w7UpXvl-N9vwi66HSjMov2Ij0pPw97ipugZ8emuSDXF_inttpxyTpTGhibdJ9wBVNOn0SXs-Tp4-44eZWqqW6esJI2ahBIUVnV9Y_js4QF3qzNPhyphenhyphenueQhknZHQTiuPKrje5LFxzxRu/s1600/11167685_1381812635481978_4617930359809391424_n.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibH3w7UpXvl-N9vwi66HSjMov2Ij0pPw97ipugZ8emuSDXF_inttpxyTpTGhibdJ9wBVNOn0SXs-Tp4-44eZWqqW6esJI2ahBIUVnV9Y_js4QF3qzNPhyphenhyphenueQhknZHQTiuPKrje5LFxzxRu/s1600/11167685_1381812635481978_4617930359809391424_n.jpg" width="400" /> </a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <b>Nokia Html Injection Proof Of Concept Video Watch And Enjoy :D </b></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div style="text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/cAf0jGlVf5Y/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/cAf0jGlVf5Y?feature=player_embedded" width="320"></iframe></div> <br /> If you have any question related to this post then please drop your comment in comment box. and if you like my post then please share it with your friends because sharing is caring. </div>

• 
• 

1. 1
2. 2

• Previous
• Next

Acknowledged By Nokia (Hall Of Fame) With Poc

I Reported Html Injection Bug To Nokia They Accept My Report And Decided To Provide Me Hall Of Fame. About Html Injection Content From Owasp:-Hypertext Markup Language (HTML) injection, also sometime…

Read more »

Acknowledged By Google (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: left;"> I Reported Frame Limit Protection Bypass Bug To Google They Accept My Report And Decided To Provide Me Hall Of Fame.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>What Is Frame Limit Protection:-</b>there is a protection regarding brute force and bots attacks is known as frame limit protection.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> For Example:- in a simple language when you attempt 50 -60 wrong passwords on a website after that you got errors likes ( try after sometime, reset password, login limit exceeds )these error shows that there is a frame limit protection.</div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>Hall of fame link :-</b> <a href="http://www.google.com/about/appsecurity/hall-of-fame/archive">http://www.google.com/about/appsecurity/hall-of-fame/archive</a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5ySjx14Md4UwQLo0F0ghu3YKAVcTPwOztbFwg_nQfCqA3mBX0l3acm9ITuBsV_HjU5byZn6tcZ9slKVmIxAQoA9F_cdLUHaY1_j6ECftBXvaoWHtZhtrIGLLDoN6EtegoxcThCZaZYK56/s1600/ffffffff.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5ySjx14Md4UwQLo0F0ghu3YKAVcTPwOztbFwg_nQfCqA3mBX0l3acm9ITuBsV_HjU5byZn6tcZ9slKVmIxAQoA9F_cdLUHaY1_j6ECftBXvaoWHtZhtrIGLLDoN6EtegoxcThCZaZYK56/s1600/ffffffff.jpg" width="320" /></a></div> <br /></div>

Acknowledged By Google (Hall Of Fame)

I Reported Frame Limit Protection Bypass Bug To Google They Accept My Report And Decided To Provide Me Hall Of Fame. What Is Frame Limit Protection:-there is a protection regarding brute force and bo…

Read more »

Microsoft's Skype Cross Site Scripting Bug

<div dir="ltr" style="text-align: left;" trbidi="on"> Hello readers i am ashish pathak today i am going to share my one of the best finding which i got in skype.<br /> <br /> <h3 style="text-align: center;"> I Got Cross Site Scripting Bug In Skype :D</h3> <h3 style="text-align: center;"> <b><br /></b></h3> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvpt9yxxLk6dGy62puXhIvnCCvZkbnSme9Mb6iRsEfRPrnwmAcGtUHoXCV-j13oh5Q67p1V-5yWQkN8BxWBTBfHRXBNtj_Zc2idAN0F1GmCIBHlhvY15al51EaIR_xcVBBcM-KHi85-SDU/s1600/jhgj.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvpt9yxxLk6dGy62puXhIvnCCvZkbnSme9Mb6iRsEfRPrnwmAcGtUHoXCV-j13oh5Q67p1V-5yWQkN8BxWBTBfHRXBNtj_Zc2idAN0F1GmCIBHlhvY15al51EaIR_xcVBBcM-KHi85-SDU/s1600/jhgj.JPG" width="400" /></a></div> <br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <br /> <span class="_Tgc"><b>What Is Cross Site Scripting :- </b></span><br /> <br /> <span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span><br /> <br /> <h3 style="text-align: center;"> <span class="_Tgc">Proof Of Concept Full Video Watch In HD </span></h3> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div style="text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/96Lf-HZyUDc/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/96Lf-HZyUDc?feature=player_embedded" width="320"></iframe></div> <br /> <div style="text-align: left;"> When i reported about this bug to microsoft they accept my report and decided to provide me  hall of fame. and my reaction is.<br /> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYRioygaCL14V86v4xCWftjkAwLbiaLc3Ynl-7_VY_o95yVn6MafrHwnvi7w_wEq71Fengq33_UQ3AM_x1nW-9PIsSIzyNRM1aXCldtZzBOUbjHN9XQiFxO_F8u-16_FtyBz_Zbl3Hq411/s1600/nacho+bc+Desi+Emotion+nana.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYRioygaCL14V86v4xCWftjkAwLbiaLc3Ynl-7_VY_o95yVn6MafrHwnvi7w_wEq71Fengq33_UQ3AM_x1nW-9PIsSIzyNRM1aXCldtZzBOUbjHN9XQiFxO_F8u-16_FtyBz_Zbl3Hq411/s1600/nacho+bc+Desi+Emotion+nana.jpg" width="289" /> </a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> Thanks for reading if you have any question related to bug hunting or anything else then please drop your comments in comment box ...</div> <br /> <br /></div>

• 
• 
• 

1. 1
2. 2
3. 3

• Previous
• Next

Microsoft's Skype Cross Site Scripting Bug

Hello readers i am ashish pathak today i am going to share my one of the best finding which i got in skype. I Got Cross Site Scripting Bug In Skype :D What Is Cross Site Scripting :- Google Says Cro…

Read more »

Again Acknowledged By ESET (T-shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Cross Site Scripting Bug To Eset They Accept My Report And Decided To Provide Me Certificate And T-shirt.<br /> <br /> <span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span><br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-pBbCqit_LeluE-OCTx1DzIjkT3LV0897mme0iWmrSl2a1y-xXObF4bSEFet7KW5U9pnWwPaVRdRPxnA3MPkb_IBBHSmXo2qwdrwwTj56Ol3wQKXBM8Jn2WbZrprU94eyG4KAhtQR-xbF/s1600/11130401_1377553922574516_8888911621322744611_o.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-pBbCqit_LeluE-OCTx1DzIjkT3LV0897mme0iWmrSl2a1y-xXObF4bSEFet7KW5U9pnWwPaVRdRPxnA3MPkb_IBBHSmXo2qwdrwwTj56Ol3wQKXBM8Jn2WbZrprU94eyG4KAhtQR-xbF/s1600/11130401_1377553922574516_8888911621322744611_o.jpg" width="400" /></a></div> <br /> <br /></div>

Again Acknowledged By ESET (T-shirt)

I Reported Cross Site Scripting Bug To Eset They Accept My Report And Decided To Provide Me Certificate And T-shirt. Google Says Cross-site scripting (XSS) is a type of computer security vulnerabilit…

Read more »

Acknowledged By Mail Chimp (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <span class="_Tgc"><b>I Reported Cross Site Scripting Bug To Mail Chimp They Accept My Report And Provide Me Hall Of Fame And Stickers</b></span><br /> <br /> <span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span><br /> <br /> <span class="_Tgc">Link:- <a href="http://mailchimp.com/about/security-response/">http://mailchimp.com/about/security-response/</a></span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7YP1er9Zw9wlo0_x-4z2gxYtdd3nJ8ikFWHZNcrlC7Hb6yKEGO-u8T8LEmwyXZcBrPvKbViA4Z-w_ZH7VtisgBenzAuZbgP481NCIKt3T0E8xt3pMdYc_RDTpaUua-yH5kxSnMFscdd85/s1600/dgdg.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7YP1er9Zw9wlo0_x-4z2gxYtdd3nJ8ikFWHZNcrlC7Hb6yKEGO-u8T8LEmwyXZcBrPvKbViA4Z-w_ZH7VtisgBenzAuZbgP481NCIKt3T0E8xt3pMdYc_RDTpaUua-yH5kxSnMFscdd85/s1600/dgdg.JPG" width="400" /></a></div> </div>

Acknowledged By Mail Chimp (Hall Of Fame)

I Reported Cross Site Scripting Bug To Mail Chimp They Accept My Report And Provide Me Hall Of Fame And Stickers Google Says Cross-site scripting (XSS) is a type of computer security vulnerability ty…

Read more »

Acknowledged By At & T (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> I Reported Privilege Escalation Bug To Att They Accept My Report And Decided To Provide Me Hall Of Fame.<br /> <br /> Link:- <a href="https://bugbounty.att.com/hof.php">https://bugbounty.att.com/hof.php</a><br /> <br /> <span class="_Tgc"><b>Google Says Privilege escalation</b> is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.</span> <br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3MhuPoGxJK29NjLnT_v-yfcyODuSyJUyjanHC_nqHyHb-FwiynbWePo8kkfp_ywQeN33T2DQVApi1uNCdgOEj2ggWDG0pSd0gEbN7PkN9-0uxc0rW0Ckd4kKsOx2fG_1nL-LPcWdbzoXJ/s1600/dgdg.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3MhuPoGxJK29NjLnT_v-yfcyODuSyJUyjanHC_nqHyHb-FwiynbWePo8kkfp_ywQeN33T2DQVApi1uNCdgOEj2ggWDG0pSd0gEbN7PkN9-0uxc0rW0Ckd4kKsOx2fG_1nL-LPcWdbzoXJ/s1600/dgdg.JPG" width="400" /></a></div> <br /></div>

Acknowledged By At & T (Hall Of Fame)

I Reported Privilege Escalation Bug To Att They Accept My Report And Decided To Provide Me Hall Of Fame. Link:- https://bugbounty.att.com/hof.php Google Says Privilege escalation is the act of exploi…

Read more »

Acknowledged By Sky Tv (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <b> I Reported </b><b><span class="_Tgc"><b>Sql Injection </b></span>Bug To Sky Tv </b><b>They Accept My Report And Provide Me Hall Of Fame.</b><br /> <br /> <span class="_Tgc"><b>Google Says SQL injection</b> is a code <b>injection</b> technique, used to attack data-driven applications, in which malicious <b>SQL</b> statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).</span><br /> <br /> <b>Link:- https://skytv.custhelp.com/app/answers/detail/a_id/1797/~/responsible-disclosure-guidelines</b><br /> <div class="separator" style="clear: both; text-align: center;"> <b><br /></b></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDBAaT_jaakUyocxbCKx64b3zcAKdVDwGPMcpm_4ta51J6cgY-wRxk5ObJUkj5togJ6FCAH4qylgb-2VKclwiA9ueQNMCwuvoI8AA05QPLLedq0mgIqQvhyphenhyphenisKK_CMI7AbVwhxk6PjZ04/s1600/skytv.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDBAaT_jaakUyocxbCKx64b3zcAKdVDwGPMcpm_4ta51J6cgY-wRxk5ObJUkj5togJ6FCAH4qylgb-2VKclwiA9ueQNMCwuvoI8AA05QPLLedq0mgIqQvhyphenhyphenisKK_CMI7AbVwhxk6PjZ04/s1600/skytv.JPG" width="400" /></a></b></div> <b> </b></div>

Acknowledged By Sky Tv (Hall Of Fame)

I Reported Sql Injection Bug To Sky Tv They Accept My Report And Provide Me Hall Of Fame. Google Says SQL injection is a code injection technique, used to attack data-driven applications, in which m…

Read more »

Thanks From Avira (Thanks Mail)

<div dir="ltr" style="text-align: left;" trbidi="on"> <br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <b>I Reported Sensitive Data Disclosure Bug To Avira They Accept My Report And Provide Me Thanks Email.</b><br /> <br /> <b>Link:- <a href="http://www.avira.com/">www.avira.com</a></b><br /> <br /> Google Says Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers. For many applications this may be limited to information such as passwords, but it can also include information such as credit card data, session tokens, or other authentication credentials.<br /> <br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4zdEUXuWvpNodzmzVlnOV8eohNtDmn6UexALGGgc-SzcQuDLJ2180ftOSiKwQiZHn_6-8H33464E6GggAFRr7UeepOADD1LdUDjaR4BMVjJ3XZ0MErPdF5yphoJ4_zel7wfvzCB7h1CM/s1600/B_xyDnZUYAA1y7o.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4zdEUXuWvpNodzmzVlnOV8eohNtDmn6UexALGGgc-SzcQuDLJ2180ftOSiKwQiZHn_6-8H33464E6GggAFRr7UeepOADD1LdUDjaR4BMVjJ3XZ0MErPdF5yphoJ4_zel7wfvzCB7h1CM/s1600/B_xyDnZUYAA1y7o.jpg" width="640" /></a></div> <br /> <br /> <b>  </b></div>

Thanks From Avira (Thanks Mail)

I Reported Sensitive Data Disclosure Bug To Avira They Accept My Report And Provide Me Thanks Email. Link:- www.avira.com Google Says Sensitive data exposure vulnerabilities can occur when an applica…

Read more »

Acknowledged By Microweber (Hall Of Fame)

<div dir="ltr" style="text-align: left;" trbidi="on"> <a href="https://www.blogger.com/blogger.g?blogID=7979801099101692827" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><br /> <b>I Reported Cross Site Request Forgery Bug To Microweber They Accept My Report And Provide Me Hall Of Fame.</b><br /> <br /> <br /> <b>Link:- <a href="https://microweber.com/list-of-contributors">https://microweber.com/list-of-contributors</a> </b><br /> <br /> <span class="_Tgc">Google Says Cross-Site Request Forgery (<b>CSRF</b>) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.</span><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHBAmUQ03fbnd9SxdihzESsNHhx9873NBe3VDhKRT3AjemImRJVzs_0WU-wZb6j1bQR5VDzheMoGnC9yhr_qa4P3Mq1Uh0XyODGPUBJ3uB1wbh_1f92tnYna0o9IyAUFMR_gYhDWzwGdg/s1600/micro.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHBAmUQ03fbnd9SxdihzESsNHhx9873NBe3VDhKRT3AjemImRJVzs_0WU-wZb6j1bQR5VDzheMoGnC9yhr_qa4P3Mq1Uh0XyODGPUBJ3uB1wbh_1f92tnYna0o9IyAUFMR_gYhDWzwGdg/s1600/micro.JPG" width="400" /></a></div> </div>

Acknowledged By Microweber (Hall Of Fame)

I Reported Cross Site Request Forgery Bug To Microweber They Accept My Report And Provide Me Hall Of Fame. Link:- https://microweber.com/list-of-contributors  Google Says Cross-Site Request Forgery (…

Read more »

Acknowledged By Moment.Me (Certificate)

<div dir="ltr" style="text-align: left;" trbidi="on"> <b>I Reported Cross Site Scripting Bug To Moment.me They Accept My Report And Provide Me Certificate :D</b><br /> <br /> <b><span class="_Tgc"><b>Google says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span> </b><br /> <b><br /></b> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXTAF5Wmqo5WcuIeZuHY24ZV_AR757-Va2FAQ8VurfZ-iTBzRNZieXD7QWcuF7XsSXepmTKGg93afIG04_Ss1UsE9iCiVwFJOiPJl-2AIxgOrMLiUbLzhdGqy40jyhdrK6xriTlZsRxU/s1600/Moment.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="395" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXTAF5Wmqo5WcuIeZuHY24ZV_AR757-Va2FAQ8VurfZ-iTBzRNZieXD7QWcuF7XsSXepmTKGg93afIG04_Ss1UsE9iCiVwFJOiPJl-2AIxgOrMLiUbLzhdGqy40jyhdrK6xriTlZsRxU/s1600/Moment.jpg" width="400" /></a></div> <b><br /></b></div>

Acknowledged By Moment.Me (Certificate)

I Reported Cross Site Scripting Bug To Moment.me They Accept My Report And Provide Me Certificate :D Google says Cross-site scripting (XSS) is a type of computer security vulnerability typically foun…

Read more »

Acknowledged By Eset (Certificate)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <b>I Reported Cross Site Scripting Bug To Eset They Accept My Report And Provide Me </b><b><b>Certificate</b>.</b><br /> <br /> <b><span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span> </b><br /> <div class="separator" style="clear: both; text-align: center;">   </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="363" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrQhazrzg7OCyKj3psH0xfnzaqqEnoqCB8JuXV0ZX-Q4JvLW3KSqZPSNcvtpuSfks5Irme7p0kEFtiFJa5Md7960ezkezA2_yXMBF7EXbNQSHCo-LgyDOV1VF6OprcnsACrWdxpxk4on4/s1600/eset.JPG" width="640" /></div> <br /></div>

Acknowledged By Eset (Certificate)

I Reported Cross Site Scripting Bug To Eset They Accept My Report And Provide Me Certificate. Google Says Cross-site scripting (XSS) is a type of computer security vulnerability typically found in We…

Read more »

Acknowledged By Sony (Hall Of Fame & T-Shirt)

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: left;"> <b>I Reported Cross Site Scripting Bug To Sony They Accept My Report And Provide Me Hall Of Fame And Sony T-shirt</b></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <b>Hall Of Fame Link:-</b> <a href="http://www.secure.sony.net/hallofthanks">www.secure.sony.net/hallofthanks </a></div> <div class="separator" style="clear: both; text-align: left;"> <br /></div> <div class="separator" style="clear: both; text-align: left;"> <span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span> </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRHnaXAZEsAX-XNChVUWZT0HvekgELKqsWvGhTZIinz6y_EOSEfOKVA_4ngISD1ZV9bC_WOHsAb_oLoNwT0glh0dHcRgy16b9KFaBLng26slbBzG8qvvo0N03z6XPwnIeRky4vIX2EAGM/s1600/10361988_1390940671222619_8037511795486537393_n.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;">          </a></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRHnaXAZEsAX-XNChVUWZT0HvekgELKqsWvGhTZIinz6y_EOSEfOKVA_4ngISD1ZV9bC_WOHsAb_oLoNwT0glh0dHcRgy16b9KFaBLng26slbBzG8qvvo0N03z6XPwnIeRky4vIX2EAGM/s1600/10361988_1390940671222619_8037511795486537393_n.jpg" width="400" /> </div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <br /> <br /> <br /> <br /></div>

Acknowledged By Sony (Hall Of Fame & T-Shirt)

I Reported Cross Site Scripting Bug To Sony They Accept My Report And Provide Me Hall Of Fame And Sony T-shirt Hall Of Fame Link:- www.secure.sony.net/hallofthanks  Google Says Cross-site scripting (…

Read more »

Acknowledged By Lavasoft (Certificate)

<div dir="ltr" style="text-align: left;" trbidi="on"> <b>I Reported Cross Site Scripting To LavaSoft They Accept My Report And Provide Me Acknowledged.</b><br /> <br /> <b><span class="_Tgc"><b>Google Says Cross</b>-<b>site scripting</b> (<b>XSS</b>) is a type of computer security vulnerability typically found in Web applications. <b>XSS</b> enables attackers to inject client-side <b>script</b> into Web pages viewed by other users. A <b>cross</b>-<b>site scripting</b> vulnerability may be used by attackers to bypass access controls such as the same-origin policy.</span> </b><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig1ci1vAuME2hS8Idsx4Yg6Z-POPJjkHslxUmG1Sg5TPWzuduT0CwTGUChzGInOCLFMTskWzed3ZdwtrKsn3ttrTqPHs-iTZGi50-lPb0zHPTI3fV-EUuH8jDloHE9aJtamP-1ukBd904/s1600/Lavasoft.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEig1ci1vAuME2hS8Idsx4Yg6Z-POPJjkHslxUmG1Sg5TPWzuduT0CwTGUChzGInOCLFMTskWzed3ZdwtrKsn3ttrTqPHs-iTZGi50-lPb0zHPTI3fV-EUuH8jDloHE9aJtamP-1ukBd904/s1600/Lavasoft.png" width="325" /></a></div> </div>

Acknowledged By Lavasoft (Certificate)

I Reported Cross Site Scripting To LavaSoft They Accept My Report And Provide Me Acknowledged. Google Says Cross-site scripting (XSS) is a type of computer security vulnerability typically found in W…

Read more »

Full Guide Of Cross Site Scripting Attack

<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: center;"><u><b>Hello guys so today i am going to teach you about cross site scripting attack </b></u></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVEBtJOm7WR788NbubPU3xMN40L2_Zcj_4Voh9Yy9OzTDMzIDxuXtJ9rgzvaN98jn-mVGgJEUs_FyJqM1uKrFPIegi28DUaH73-FniThqr6tvY7tWT7f-HxydBnjqOB_E48nb_hnPiG_Kb/s1600/Screenshot_1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVEBtJOm7WR788NbubPU3xMN40L2_Zcj_4Voh9Yy9OzTDMzIDxuXtJ9rgzvaN98jn-mVGgJEUs_FyJqM1uKrFPIegi28DUaH73-FniThqr6tvY7tWT7f-HxydBnjqOB_E48nb_hnPiG_Kb/s1600/Screenshot_1.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGn1NoDEK78hooJjYRuGfJjOIqhSbdeRGeFBg0VfiXIUbztEz3kjQ9kHwiJZTzOLzfIkmRcQDjW3zmDXsl29-RuJGhTgkmpjO8aDtaLicmPWCt5-KlkfZwaENju13sykhcVWTw-P3J5fw/s1600/ffffffffffffffffffffffffffffffff.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: left;"><b>So Guys what is Cross Site Scripting:- </b></div><div style="text-align: left;"><br /><span class="_Tgc"><b>In Easy Words Cross</b>-<b>site scripting</b> is also known as (<b>XSS</b>) is a type of security vulnerability found in Web applications<b>. </b>XSS enables attackers to inject malicious script into Web pages.</span></div><div style="text-align: left;"><br /></div><b>Where We Can Inject Our Scripts :- </b>For injecting our script we need inputs so here i am giving you some examples of inputs.<br /><br /><b>Search Box  </b><br /><b>Sign Up Form</b><br /><b>Login Form</b><br /><b>Contact Us Page</b><br /><br />So now i think you understand where we can inject our payloads and now i am giving you some best payloads which definitely works.just put any payload on this inputs and press enter if you got alert its mean there is a cross site scripting bug. <br /><br />'<script>alert('xss message')</script><br />"><script>alert('xss message')</script><br />>/"><script>alert('xss message')</script><br />"><script>alert(document.cookie)</script> <br />"><script>alert(document.cookie)</script>/><':<br />;<><script></script>/<script>alert('0')</script><br /><br />sometimes website have security like html entities which filter your payloads in special chars and words if website have security filters then you don't get any alert if you want to bypass it just drop you email on comment box i will send you my best ebook and private payloads which help you to bypass all type of filters.<br /><br />Next Time I will Tell you how to find xss bug on 404 error page .. <br /><br /><b>Thanks for reading...if you like my post then please share it .</b></div>

Full Guide Of Cross Site Scripting Attack

Hello guys so today i am going to teach you about cross site scripting attack So Guys what is Cross Site Scripting:- In Easy Words Cross-site scripting is also known as (XSS) is a type of security vul…

Read more »