Uncategorized

Found DOM XSS in the index it self. For reporting it I got a nice certificate.

For the 5th Time in Nokia 🙂 http://www.nokia.com/global/security/acknowledgements/

For reporting many issues related to web applications I got acknowledged by Sbudget. https://www.sbudget.com/people.pl

Reported a issue related to session cookies. http://help.dribbble.com/customer/portal/articles/1436528-responsible-security-disclosure-policy

For reporting a issue in e-mail validation I got acknowledged. https://www.ribose.com/security/hall_of_fame

Update:

Thanks a lot for the gifts ~!

I was able to bypass their XSS filter and also found a issue with session cookies. For my responsible disclosure I got acknowledged.

For reporting a issue related to cookies I got acknowledged.  https://c2fo.com/about/security-response/

Recently I was able to bypass the XSS filter of Riskalayze login page. After a responsible disclosure I got acknowledged by them. http://riskalyze.com/security-response

For reporting a issue with HTTP methods my name got published in the About section under Security.

http://www.apachefriends.org/about.html

I usually don’t write about  XSS issues in websites but since this was a hard hunt I thought of writing a bit. The web application was okay with user input  but I did not give up. After some time I figured out that the “target” parameter in the login form was not properly sanitized and no CSRF tokens were used in the login process. Therefore I was able to build a successful POST XSS exploit. (more…)