Sending user controlled inputs to jQuery functions may lead to critical XSS

Hey all , Its been some time I am trying to learn the security vulnerabilities related to Javascript .jQuery is one of the most widely used library of javascript . We find it embedded it most of the web pages we see these days. During the learning phase I found a very good post regarding jquery functions that allow HTML Injection . Following is the link to that post:
https://code.google.com/p/domxsswiki/wiki/jQuery Its written by the developer of popular JS Ana ....


Youtube XSS Vulnerability [Stored -> Self Executed]

Bug Type: Stored XSS Vulnerability | Self Executed
Vulnerable parameter: Playlist Name
Status : Fixed

Detailed WriteUp: Hey all :) , Last month i reported a Stored XSS vulnerability to Google which was in youtube playlist module. The playlist name was not being sanitized properly which caused js code to be executed in few parts of site

Reproduction Steps :
1. Create ....


Phishing Next Level: The undetectable way : How to be safe

Aim : To help you understand how your confidential details can be stolen with this new undetectable technique of phishing and how to be safe from it.

Being secure on the internet is one of the important issue these days. Companies are spending millions of dollars on making their web services more secure, Still, hundreds of vulnerabilities are discovered and exploited daily. This new met ....


Facebook HHVM Insecure File Caching via cached.php |

Bug Type: Insecure Caching caused Local File Inclusion from down directories
Script Url: http://hhvm.com/
Buggy File: Cached.php
Status : Fixed

Detailed WriteUp: Hey all :) , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com
So followin ....


DOM Based XSS found at Nokia OVI Store Homepage

Vulnerability Type: Cross Site Scripting
Vulnerable Domain: http://store.ovi.com/
Status : Fixed

Detailed Writeup : Last year , i reported a critical DOM Based Cross Site Scrtiping Vulnerability on the hompeage of nokia Ovi Store http://store.ovi.com/ . The website uses CORS (Cross Origin Resource Sharing) mechanism to load the content in a particular a ....