Yeah! I became a Charity hero in Bugcrowd.com for participating in a charity bounty which all the time and money was donated to Sclerosis Research Australia (MS) 🙂
I found 4 reflective XSS vulnerabilities bypassing filters under 4 domains.
https://bugcrowd.com/Osanda_Malith
This time I went on hunting on GetPocket.com website. Withing few minutes I was able to find a reflective self XSS in the form where we add items under 2 parameters. For reporting this issue my name got published in the Thanks section.
http://getpocket.com/security
This week I wanted to hunt a bug in Ifixit.com. Well I was little interested in the search bar field. So I taught of fuzzing from there. It had a good filter to filter user input. But to my surprise I ended by bypassing the filter 🙂
My name got published in the Thanks section 😉
http://www.ifixit.com/Info/Responsible_Disclosure#Section_2013
I am sorry that I cannot disclose my vector or any sensitive data from the website. This issue has been already verified and patched.
Hmm… wait a sec for my bypassing I should be rewarded right? So here we go , got a nice t-shirt, some stickers and a cool Ifixit toolkit 😉
Thank you guys. This was really impressive.
I got acknowledged for reporting a vulnerability and a information disclosure on the Puppet Labs main website.
https://puppetlabs.com/security/acknowledgments
I got rewarded with 3 months premium for reporting a server side issue and sensitive information disclosure in Vimeo.com.
Recently I got rewarded by Pager Duty for reporting a vulnerability in their server.
Thank you very much guys 😉
Heyyo these days I was sick and bored. So taught of taking some adventure in penetration testing. I’ve made a short video on rooting pWnOS. You can download it over here: http://pwnos.com/files/pWnOS_v2.0.7z
[youtube=http://www.youtube.com/watch?v=k1JHGfYackc&feature=youtu.be]
I have explained the complete penetration testing scenario which basically you can understand 🙂
Well as Nessus found out a vulnerability in port 22 which is in the SSH service I basically applied that exploit which is the Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit. Download the keys: http://exploit-db.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
This is localroot exploit I used: http://www.exploit-db.com/exploits/5092/
For reporting a XSS vulnerability and a HTML injection bug I got rewarded with a t-shirt, 3 pens and a key tag.
For the month of October again my name got published for reporting a sensitive data exposure and a vulnerability in Drupal.
http://www.nokia.com/global/security/acknowledgements/
