Recently I thought of hunting Hotgloo website. One of my friends referred me this website. It is a awesome site which provides you create wireframes for website and webproject. You should check it out if you are web developer. They have a responsible disclosure policy. You can have a lot at it over here.
(more…)
Recently a security researcher named “Danor Cohen – An7i” had found a buffer overflow vulnerability and he has written a nice exploit for Acunetix Web Vulnerability Scanner 8.0. As this exploit was an ascii based one I was interested in re-writing the exploit because my previous exploit was also an ascii based one. However with the emerging of bug bounties and responsible disclosure policies I’ve seen many people firing up web application security scanners against live hosts in which automated vulnerability assessments are not permitted at all. Well, by triggering this buffer overflow vulnerability we can have some fun owning the noobs 😉
When we submit a new website to be scanned by Acunetix it searches for html tags like <img src=”” >, <a href=””> to get the additional hosts from that website. So if we place an html tag in the page like (more…)
This is a tool I coded during my ‘awurudhu’ vacation in here. A powerful forensic utility for Google Chrome. I’ve researched the most important databases and improved the existing queries and wrote this tool. You can customize this tool as you wish. I hope you will love it 🙂
This is a small tool that can be used to investigate Skype profile data effectively. This is a open source tool written in Python 2.7. Hope to write a full forensic framework for many applications.
Small article:
http://resources.infosecinstitute.com/skypefreak-cross-platform-skype-forensic-tool/
Download the Tool:
http://osandamalith.github.io/SkypeFreak/
For the second time I got mentioned in Microsoft for the month of March 2014. I found a flash based open redirection vulnerability.
http://technet.microsoft.com/en-us/security/cc308589.aspx
I was able to find 3 DLL hijacking vulnerabilities in the Huawei Mobile Partner software and 10 XSS vulnerabilities in their website. I received a certificate of honor (PGP signed).
http://www.mediafire.com/view/lok7bmg6gs47nrc/Certificate%20of%20Honor.pdf
I found many web application security issues in the Sony Network and I got acknowledged in the hall of fame.
https://secure.sony.net/hallofthanks
I found a self XSS and got rewarded by SoundCloud 🙂
https://twitter.com/OsandaMalith/status/451157629591515136/photo/1
44 Retweets and 114 Favorites 🙂
Apparently I found another method to bypass 3rd degree profiles and I got a nice letter 🙂
Reported some issues related to the server side. Got a nice t-shirt and some sticker 🙂
