Sunday 1 December 2013

Facebook Brute Force Attack Vulnerability

Welcome back all l33ts :-)

Today i am going to show you that how i got Brute Force Attack Vulnerability in Facebook "Facebook Brute Force" Attack Vulnerability ( Reported On 11-4-2013 ) 

first we have to know that what is Brute force attack vulnerability 

According to OWASP  

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your web site requires user authentication, you are a good target for a brute-force attack etc. :-)

So lets move to the interesting part

Wednesday 27 November 2013

"Sourceforge Brute Force" Attack Vulnerability ,Sourceforge Brute Force

                                         Sourceforge Brute Force Attack Vulnerability

I want to share my finding "Sourceforge Brute Force" Attack which I have reported to Source Forge Security Team on 25th October 2013

While downloading a project i think that i should test the log in panel for brute force attack vulnerability On -

After some analysis i have found that the there was no protection of login attempts or you can say Brute force attack ..

So i test the source forge log in panel i found something interesting.In my test i have tested 100 something attempts with my account

Saturday 16 November 2013

Net Protector XSS Content Spoofing Antivirus .Net Protector Anti VirusXSS And Content Spoofing Vulnerability

 Net Protector Anti Virus XSS And Content Spoofing Vulnerability ( Net Protector XSS Content Spoofing Antivirus)

No 1 Anti Virus In India "Net Protector Anti Virus XSS And Content Spoofing Vulnerability" ( Lol ) 

Hello all this post is about "Net Protector Anti Virus XSS And Content Spoofing Vulnerability"

while searching looking into site i had found that on the the network manager log in page

Net protector is using a parameter called "txtMsg="

Wednesday 24 April 2013

Symantec CSRF Bypass Vulnerability

Symantec CSRF Vulnerability
Hello friends here i came with another vulnerability article

Symantec Antivirus Well Known Anti Virus Official Website Vulnerable To CSRF Vulnerability...

First i go to symantec customer log in page and created my own test accounting for testing....I Switch to Live Http Headers , and then i suck , Why !! there is a CSRF Tokens called "Nonce"

Time Now XSS , Vulnerability

"Time Now XSS" Vulnerability A Cute XSS Which I Have Found

Hello friends here today we will see "Time Now XSS Vulnerability"Times Now Tv & Shiksha Official Website

i will dont waste your time much more

I will come to directly to the point

Tuesday 23 April 2013

Rediffmail Clickjacking

Rediffmail Vulnerable To Click Jacking Vulnerability ( Rediffmail Clickjacking )

Hello friends

Today i will show you how i find click jacking in

First if you dont know about click jacking then Click Here To Know About It

First i try to load rediffmail in i frama as concept of click jacking..

I forget to take this screen shot so i am skipping this step