Author: Osanda Malith Jayathissa

For reporting a issue in e-mail validation I got acknowledged. https://www.ribose.com/security/hall_of_fame

Update:

Thanks a lot for the gifts ~!

I was able to bypass their XSS filter and also found a issue with session cookies. For my responsible disclosure I got acknowledged.

For reporting a issue related to cookies I got acknowledged.  https://c2fo.com/about/security-response/

Recently I was able to bypass the XSS filter of Riskalayze login page. After a responsible disclosure I got acknowledged by them. http://riskalyze.com/security-response

For reporting a issue with HTTP methods my name got published in the About section under Security.

http://www.apachefriends.org/about.html

I usually don’t write about  XSS issues in websites but since this was a hard hunt I thought of writing a bit. The web application was okay with user input  but I did not give up. After some time I figured out that the “target” parameter in the login form was not properly sanitized and no CSRF tokens were used in the login process. Therefore I was able to build a successful POST XSS exploit. (more…)

For reporting a vulnerable version of running software my name got published in the acknowledgements section.

http://www.telekom.com/security/acknowledgements

I did a big research on the CyberGhost website and I was able to find 21 security issues. For responsibly disclosing them I received a nice letter of thanks 😉

(more…)

For reporting a vulnerability in the server my name got published in the acknowledgements section.

https://www.dropmyemail.com/security

I found 19 XSS vulnerabilities in this website. After a responsible disclosure I got my name in their Acknowledgements section.

https://metrics.librato.com/vulnerability