Uncategorized

I noticed a new responsible disclosure by Bitwall.io to my surprise their server too had a public poc exploit 😀

After reporting my twitter handle got published.

A sub domain of the Magix server had a public poc. So after responsibly reporting them my name got published 😉

http://research.magix.com/

1337day had a reflective XSS bug and a HTML injection vulnerability. Anyhow according to my research done this was a browser dependent XSS meaning this could be only exploited in the Microsoft Internet Explorer browsers  only. By the way I also got mentioned in a blog : http://thehackersbay.org/2013/12/1337day-a-popular-exploit-database-has-been-affected-by-a-xss/

Reward was 10 gold. Thanks to r0073r 🙂

http://shaukk.com/developers.php

Yeah! I became a Charity hero in Bugcrowd.com for participating in a charity bounty which all the time and money was donated to Sclerosis Research Australia (MS) 🙂

I found 4 reflective XSS vulnerabilities bypassing filters under 4 domains.

https://bugcrowd.com/Osanda_Malith

This time I went on hunting on GetPocket.com website. Withing few minutes I was able to find a reflective self XSS in the form where we add items under 2 parameters. For reporting this issue my name got published in the Thanks section.

http://getpocket.com/security

This week I wanted to hunt a bug in Ifixit.com. Well I was little interested in the search bar field. So I taught of fuzzing from there. It had a good filter to filter user input. But to my surprise I ended by bypassing the filter 🙂

My name got published in the Thanks section 😉

http://www.ifixit.com/Info/Responsible_Disclosure#Section_2013

I am sorry that I cannot disclose my vector or any sensitive data from the website. This issue has been already verified and patched.

Hmm… wait a sec for my bypassing I should be rewarded right? So here we go , got a nice t-shirt, some stickers and a cool Ifixit toolkit 😉

Thank you guys. This was really impressive.

I got acknowledged for reporting a vulnerability and a information disclosure on the Puppet Labs main website.

https://puppetlabs.com/security/acknowledgments

I got rewarded with 3 months premium for reporting a server side issue and sensitive information disclosure in Vimeo.com.

Recently I got rewarded by Pager Duty for reporting a vulnerability in their server.

Thank you very much guys 😉