Uncategorized

Acknowledged and Rewarded by Zendesk

I really wanted to get my name in the Zendesk website. At first when I saw the number of security researchers I got amazed and taught I would never be able to find anything. But I didn’t give up. I was able to find DOM XSS in the main website 🙂 I did not test their interface even just read all their arguments clearly and was able to find a poor sanitation in the JavaScript code.

Read more about their policy: http://www.zendesk.com/company/responsible-disclosure-policy

Zendesk swag is still on the way 😉 Thank you guys very much ! <3

croped

update:  On 16th of October I received the Zendesk swag. 😉

size

Acknowledged by Attack-Secure

images

Attack-secure is a leading real world penetration testing course provider. They have a special White Hat program for reporting vulnerabilities.  So I was able find a security issue related to a plugin used by the server. Also got rewarded by their penetration testing course Samurai Skills. Read more info on:

http://attack-secure.com/whitehat
attacksecure

Thank you very much for the Thanks and the reward! 🙂

For the Third Time in Nokia Hall of Fame

This time I found a vulnerable version of Apache in the HTTP header of a sub-domain in Nokia.com For this my name got published for the third time 🙂

http://www.nokia.com/global/security/acknowledgements/

 

nokia3rd

 

Special Thanks to the Nokia Incident Response Team 🙂

Acknowledged by MailChimp

I was able to identify a sensitive data exposure in the MailChimp website. My name got listed as a acknowledgement.

Capture

http://mailchimp.com/about/security-response/

Thank you MailChimp security team 🙂

An Interview from BugCrowd

Last week I got a email from Olivia Maree for an interview from the BugCrowd blog. So you can find the questions and the answers in here:

http://blog.bugcrowd.com/osanda-malith-jayathissa-osandamalith/

Special Thanks to Olivia for giving me this opportunity. Greetings to all to my true friends 😉

Acknowledged by Nokia Solutions and Networks

I was acknowledged by Nokia Solutions and Networks for reporting 3 flash based XSS and 2 content spoofing vulnerabilities.
 Image
I wish I had the screenshot of the flash XSS bugs but unfortunately I have forgotten to get a screenshot.  Once again the first Sri Lankan to be mentioned.  Anyway Thank you guys 🙂

Thanks from hacker Accedemy

Recently I was able to find multiple vulnerabilities in their blog and the website. So I made a responsible disclosure to Brad Geesaman. Well he thanked me via twitter 🙂

Image

https://twitter.com/hackeracademy/status/378854979458838528

Thank you guys 🙂