Sunday 1 December 2013

Facebook Brute Force Attack Vulnerability





Welcome back all l33ts :-)

Today i am going to show you that how i got Brute Force Attack Vulnerability in Facebook "Facebook Brute Force" Attack Vulnerability ( Reported On 11-4-2013 ) 

first we have to know that what is Brute force attack vulnerability 

According to OWASP  

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your web site requires user authentication, you are a good target for a brute-force attack etc. :-)

So lets move to the interesting part

Wednesday 27 November 2013

"Sourceforge Brute Force" Attack Vulnerability ,Sourceforge Brute Force



                                         Sourceforge Brute Force Attack Vulnerability

I want to share my finding "Sourceforge Brute Force" Attack Sourceforge.com which I have reported to Source Forge Security Team on 25th October 2013



While downloading a project i think that i should test the log in panel for brute force attack vulnerability On - https://sourceforge.net/account/login.php


After some analysis i have found that the there was no protection of login attempts or you can say Brute force attack ..


So i test the source forge log in panel i found something interesting.In my test i have tested 100 something attempts with my account bhati.contact@gmail.com

Saturday 16 November 2013

Net Protector XSS Content Spoofing Antivirus .Net Protector Anti VirusXSS And Content Spoofing Vulnerability



 Net Protector Anti Virus XSS And Content Spoofing Vulnerability ( Net Protector XSS Content Spoofing Antivirus)

No 1 Anti Virus In India "Net Protector Anti Virus XSS And Content Spoofing Vulnerability" ( Lol ) 




Hello all this post is about "Net Protector Anti Virus XSS And Content Spoofing Vulnerability"


while searching looking into site i had found that on the the network manager log in page

Net protector is using a parameter called "txtMsg="


Wednesday 24 April 2013

Symantec CSRF Bypass Vulnerability


Symantec CSRF Vulnerability
Hello friends here i came with another vulnerability article

Symantec Antivirus Well Known Anti Virus Official Website Vulnerable To CSRF Vulnerability...

First i go to symantec customer log in page and created my own test accounting for testing....I Switch to Live Http Headers , and then i suck , Why !! there is a CSRF Tokens called "Nonce"


Time Now XSS , Vulnerability




"Time Now XSS" Vulnerability A Cute XSS Which I Have Found



Hello friends here today we will see "Time Now XSS Vulnerability"Times Now Tv & Shiksha Official Website


i will dont waste your time much more


I will come to directly to the point

Tuesday 23 April 2013

Rediffmail Clickjacking


Rediffmail Vulnerable To Click Jacking Vulnerability ( Rediffmail Clickjacking )


Hello friends

Today i will show you how i find click jacking in Rediffmail.com

First if you dont know about click jacking then Click Here To Know About It

First i try to load rediffmail in i frama as concept of click jacking..


I forget to take this screen shot so i am skipping this step