For reporting a vulnerable version of running software my name got published in the acknowledgements section.
http://www.telekom.com/security/acknowledgements
Uncategorized
Acknowledged by Dropmyemail
For reporting a vulnerability in the server my name got published in the acknowledgements section.
https://www.dropmyemail.com/security
Share this:
Acknowledged by Librato
I found 19 XSS vulnerabilities in this website. After a responsible disclosure I got my name in their Acknowledgements section.
https://metrics.librato.com/vulnerability
Share this:
Bandizip Multiple Vulnerabilities
All these issues are patched in Bandizip 3.10 after a responsible disclosure done to the vendor.
Overview of Bandizip
Bandizip is a Lightweight, Fast and 100% free All-In-One Zip Archiver. It has a very fast Zip algorithm for compression & extraction with Fast Drag and Drop, High Speed Archiving, and Multi-core compression. It handles the most popular compression formats, including Zip, 7z, Rar, and so on.
Arbitrary DLL Injection Code Execution
Bandizip 3.09 and below version are affected with a DLL hijacking issue in which the application loads dwmapi.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 
You can clearly see dwmapi.dll is being searched by the application in the current directory as a result of loading it in an insecure manner.
Proof of Concept (more…)
Share this:
MyBB 1.6.12 POST XSS 0day
This is a weird bug I found in MyBB. I fuzzed the input of the search.php file. This was my input given.
alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
MyBB throws out a SQL error:
[code language=”sql”]
SELECT t.tid, t.firstpost
FROM mybb_threads t
WHERE 1=1 AND t.closed NOT LIKE ‘moved|%’
AND ( LOWER(t.subject) LIKE ‘%<foo> <h1> <script> alert (bar) () ; //%’ LOWER(t.subject)
LIKE ‘%> < prompt \x41 \%42 constructor onload%’)
[/code]
Share this:
My Joomla XSS 0days
Last October 2013 I found some XSS vulnerabilities in Joomla! 3.1.2. Anyhow the affected versions were Joomla! version 2.5.14 and earlier 2.5.x versions and version 3.1.5 and earlier 3.0.x
versions. Actually all these XSS vulnerabilities existed on fields where we can insert links starting with http://. I first did a simple fuzz to test the output.
<foo> </bar> '" > <> ; () //
What I noticed was that it does filter out tags but still we can take advantage of these non-filtered characters. Of course we can use event handlers in JavaScript to trigger XSS.
‘; ()//"
Persistent XSS in com_contact
To reproduce this issue follow these steps.
- Click components -> Contacts-> Contacts. This is the URL: http://localhost/Joomla_3.1.5/administrator/index.php?option=com_contact (more…)
Share this:
Rewarded by Segment.io
For the vulnerable server I reported in Segment.io I received a awesome t-shirt and nice letter.
This letter was hand written and is very beautiful 🙂
Share this:
Acknowledged by Twitter
Finally my name got published on twitter! I reported 2 issues. A logical issue in tweet cards with Fraph and a old vulnerable server hosted by twitter. For reporting them my name got published 🙂
https://about.twitter.com/company/security
Share this:
Rewarded by Campaign Monitor
http://www.mediafire.com/view/yyx0dt71p26cygg/Osanda_-_thank_you_letter.pdf
I found a valid CSRF issue and got rewarded in this manner.
Thank you very much guys! 🙂
