1337day had a reflective XSS bug and a HTML injection vulnerability. Anyhow according to my research done this was a browser dependent XSS meaning this could be only exploited in the Microsoft Internet Explorer browsers only. By the way I also got mentioned in a blog : http://thehackersbay.org/2013/12/1337day-a-popular-exploit-database-has-been-affected-by-a-xss/
Reward was 10 gold. Thanks to r0073r 🙂
http://shaukk.com/developers.php
Yeah! I became a Charity hero in Bugcrowd.com for participating in a charity bounty which all the time and money was donated to Sclerosis Research Australia (MS) 🙂
I found 4 reflective XSS vulnerabilities bypassing filters under 4 domains.
https://bugcrowd.com/Osanda_Malith
This time I went on hunting on GetPocket.com website. Withing few minutes I was able to find a reflective self XSS in the form where we add items under 2 parameters. For reporting this issue my name got published in the Thanks section.
http://getpocket.com/security
This week I wanted to hunt a bug in Ifixit.com. Well I was little interested in the search bar field. So I taught of fuzzing from there. It had a good filter to filter user input. But to my surprise I ended by bypassing the filter 🙂
My name got published in the Thanks section 😉
http://www.ifixit.com/Info/Responsible_Disclosure#Section_2013
I am sorry that I cannot disclose my vector or any sensitive data from the website. This issue has been already verified and patched.
Hmm… wait a sec for my bypassing I should be rewarded right? So here we go , got a nice t-shirt, some stickers and a cool Ifixit toolkit 😉
Thank you guys. This was really impressive.
I got acknowledged for reporting a vulnerability and a information disclosure on the Puppet Labs main website.
https://puppetlabs.com/security/acknowledgments
I got rewarded with 3 months premium for reporting a server side issue and sensitive information disclosure in Vimeo.com.
Recently I got rewarded by Pager Duty for reporting a vulnerability in their server.
Thank you very much guys 😉
Heyyo these days I was sick and bored. So taught of taking some adventure in penetration testing. I’ve made a short video on rooting pWnOS. You can download it over here: http://pwnos.com/files/pWnOS_v2.0.7z
[youtube=http://www.youtube.com/watch?v=k1JHGfYackc&feature=youtu.be]
I have explained the complete penetration testing scenario which basically you can understand 🙂
Well as Nessus found out a vulnerability in port 22 which is in the SSH service I basically applied that exploit which is the Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit. Download the keys: http://exploit-db.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
This is localroot exploit I used: http://www.exploit-db.com/exploits/5092/
