These are some of my duplicate vulnerabilities found. I just thought of sharing with you. Recently I found two POST XSS in CloudFlare and unfortunately I was not the first to report.
I found the first issue in the โConfirm Key Generatorโ dialog box.
Letโs have a closer look at the URL.
/ajax/model-dialog.htm
It seems like an XMLHttpRequest object is used in the server side it accept our POST request. (more…)
Yes! I got mentioned in Apple ๐ http://support.apple.com/kb/HT1318
https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-frc3/t1.0-9/10264719_10203922652573307_5125318766079887390_n.jpg
For reporting a server side issue I got acknowledged ๐
https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-ash3/t1.0-9/10153727_10203936098589449_862185364377209482_n.jpg
For reporting a security misconfiguration in the server I got rewarded ๐ thank you very much ๐
https://scontent-b-sin.xx.fbcdn.net/hphotos-prn2/t1.0-9/10250107_10203922624332601_954716133927497901_n.jpg
https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-frc3/t1.0-9/10307239_10203922624292600_8569974772412153834_n.jpg
For reporting a server side issue I got acknowledged ๐
https://splashid.com/security.php
https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-frc1/t1.0-9/q74/s720x720/10255016_10203916964751115_7123992607935286279_n.jpg
Today I am releasing my first white paper based on the SQL injection in Insert, Update and Delete statements. Special thanks to Ryan Dewhurst for the review. So here you go ๐
http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-And-Delete.html
http://www.exploit-db.com/wp-content/themes/exploit/docs/33253.pdf
This month reported 2 issues related to the web app. Now in total 4 issues ๐ย http://technet.microsoft.com/en-us/security/cc308589.aspx
