Sunday 9 November 2014

X3 CMS XSS And CSRF "CVE-2014-8771 , CVE-2014-8772"


Hello all friends , today i am disclosing the issue which i found in X3CMS ( 0.5.1 & 0.5.1.1 )

So Here Is The X3 CMS XSS And CSRF



There were two vulnerabilities ,

    1.) CSRF
    2.) Reflected XSS [POST]

There were a xss in X3CMS ( 0.5.1 & 0.5.1.1 ) on "search" parameter which only exploitable by an authenticated user ( Post XSS ) ,

Sunday 2 November 2014

Modx XSS And CSRF Bypass "CVE-2014-8773 , CVE-2014-8774 , CVE-2014-8775"


Modx XSS And CSRF Bypass


Hello all Bro`s :) ;) , Leets and learners , Hope you all are well and enjoying your bounties as well as ;)

Today we will see how i got Modx XSS And CSRF Bypass ( Modx CSRF + XSS = A Perfect Disaster  ) ;)

Attacker Scenario Is Inspired From Symantec CSRF

So What Is Modx

MODX is the web content management system (CMS) that gives you complete control over your site and content, with the flexibility and scalability

Sunday 26 October 2014

Linkedin Clickjacking




Hello All , Hope you all are well , Today i will show you Linkedin Clickjacking vulnerability which i was found in almost 1 year before ,

Be frank side at the starting of my carrier in information security i liked Clickjacking Vulnerability very much , because its easy to find and exploiting for any attacker,

One day i was searching for some common bugs in linkedin and suddenly i found that one of their share page "https://www.linkedin.com/shareArticle?"  which used for Sharing Cross Domain Content you users profile is vulnerable to Click Jacking , at that time i was able to load that page in an iframe as you can see the POC

Monday 20 October 2014

Google XSS Vulnerability



Hello friends today i will show you how i Got Google XSS Vulnerability ,When i searching in google support section i think may be i should try to finding xss here ,Then i start trying ,First as usual i put my name in search box " bhati "



 Google XSS Vulnerability

And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss

Exposed Session Variables-Exploitation



Hello all folks and dear friends this post is specially dedicated to learners and also if you dont know about this vulnerability or can say exploitation And if you already know about it , then you can Re-Read it again , Reading is this is absolutely free =D ;) sorry for the Bad joke

=============================================================================================
Today we will talk about the Exposed Session Variables-Exploitation and how we can exploit the same in real attack scenario !

Sunday 5 October 2014

Heroku XSS

Hello all folks _/_  Bhai Jis , Bhaiya Jis, i was quite busy in my office work and etc , thats why i was unable to write some good stuffs

Well , Today we will talk about Heroku XSS ,

Lets come to the point , First i want to tell you that  , while testing Heroku i was thinking that i cant find something interesting , because many researchers have already discovered many things , So The Chance For A Valid Bug Is Quite Low =D

==========================================================================================

Wednesday 25 June 2014

Wordfence Firewall Plugin XSS "CVE-2014-4664"



"Wordfence Firewall Plugin XSS"  "CVE-2014-4664"


Hello All Friends , Its a long time gone that i talk or post about XSS Vulnerability , My last post about XSS was Google XSS Which i was found in last year @ starting of my carrier

So lets come to post

Today we will see that how i got "Word Press Firewall Plugin Wordfence  XSS"

Monday 23 June 2014

Referrer CSRF Bypass ( Not Effective But Alternative )




Referrer CSRF Bypass ( Not Effective But Alternative )


=============================================


Hello all friends we are meeting again in very short time ;-)

Today we will see how we can bypass the Referrer CSRF Bypass

By using Chained Vulnerability..


So Lets Begin

Monday 7 April 2014

Google CSRF Feedburner , CSRF , Google , Hacking , Bug Bounty ,Vulnerability




Google CSRF Feedburner

Google CSRF Feedburner

Hello all . here so much days passed i dint any write anything about web app security
So today i am going to share you a finding with you of "Google CSRF Feedburner"

So here we go ! ;-) & sorry for the grammar mistakes :p
==========================================================

Sunday 16 February 2014

Facebook User Enumeration Vulnerability By Bypassing Brute ForceProtection




                                    Facebook User Enumeration



Hello all readers today i am going to show you that how i got user enumeration vulnerability in facebook "Facebook User Enumeration" Vulnerability
==============================

Bug Status - Reported On 3-5-2013

They said that rate limit is working according to their settings , but they reward me for co-coordinating with them about this report

Reward - $1000