Sunday 26 October 2014

Linkedin Clickjacking

Hello All , Hope you all are well , Today i will show you Linkedin Clickjacking vulnerability which i was found in almost 1 year before ,

Be frank side at the starting of my carrier in information security i liked Clickjacking Vulnerability very much , because its easy to find and exploiting for any attacker,

One day i was searching for some common bugs in linkedin and suddenly i found that one of their share page ""  which used for Sharing Cross Domain Content you users profile is vulnerable to Click Jacking , at that time i was able to load that page in an iframe as you can see the POC

Monday 20 October 2014

Google XSS Vulnerability

Hello friends today i will show you how i Got Google XSS Vulnerability ,When i searching in google support section i think may be i should try to finding xss here ,Then i start trying ,First as usual i put my name in search box " bhati "

 Google XSS Vulnerability

And found that is reflecting back in the source code properly , So i decided to try my luck , i was hoping for the best for this xss

Exposed Session Variables-Exploitation

Hello all folks and dear friends this post is specially dedicated to learners and also if you dont know about this vulnerability or can say exploitation And if you already know about it , then you can Re-Read it again , Reading is this is absolutely free =D ;) sorry for the Bad joke

Today we will talk about the Exposed Session Variables-Exploitation and how we can exploit the same in real attack scenario !

Sunday 5 October 2014

Heroku XSS

Hello all folks _/_  Bhai Jis , Bhaiya Jis, i was quite busy in my office work and etc , thats why i was unable to write some good stuffs

Well , Today we will talk about Heroku XSS ,

Lets come to the point , First i want to tell you that  , while testing Heroku i was thinking that i cant find something interesting , because many researchers have already discovered many things , So The Chance For A Valid Bug Is Quite Low =D