Uncategorized

1337day XSS!

Inj3ct0r

1337day had a reflective XSS bug and a HTML injection vulnerability. Anyhow according to my research done this was a browser dependent XSS meaning this could be only exploited in the Microsoft Internet Explorer browsers ย only. By the way I also got mentioned in a blog :ย http://thehackersbay.org/2013/12/1337day-a-popular-exploit-database-has-been-affected-by-a-xss/

hash_pub pub

Reward was 10 gold. Thanks to r0073r ๐Ÿ™‚

Charity Hero!

Yeah! I became a Charity hero in Bugcrowd.com for participating in a charity bounty which all the time and money was donated toย Sclerosis Research Australia (MS) ๐Ÿ™‚

I found 4 reflective XSS vulnerabilities bypassing filters under 4 domains.

charity

 

https://bugcrowd.com/Osanda_Malith

Acknowledged By Pocket

This time I went on hunting on GetPocket.com website. Withing few minutes I was able to find a reflective self XSS in the form where we add items under 2 parameters. For reporting this issue my name got published in the Thanks section.

http://getpocket.com/security

Untitled

Acknowledged by Ifixit

This week I wanted to hunt a bug in Ifixit.com. Well I was little interested in the search bar field. So I taught of fuzzing from there. It had a good filter to filter user input. But to my surprise I ended by bypassing the filter ๐Ÿ™‚

My name got published in the Thanks section ๐Ÿ˜‰

http://www.ifixit.com/Info/Responsible_Disclosure#Section_2013

hof

I am sorry that I cannot disclose my vector or any sensitive data from the website. This issue has been already verified and patched.

pub

 

Hmm… wait a sec for my bypassing I should be rewarded right? So here we go , got a nice t-shirt, some stickers and a cool Ifixit toolkit ๐Ÿ˜‰

1492480_10202892524020737_1989531121_o

Thank you guys. This was really impressive.