Google Webmaster Markup Helper Framed Application XSS

Bug Type: Stored XSS Vulnerability
Browser: Internet Explorer 7 or less
Vulnerable Module: Markup Helper :
Status :Wont Fix .

Detailed WriteUp: Hey all :) Back in December 2014 I reported a Cross Site Scripting vulnerability to Google Security . Google webmaster has a module of Structured Data Markup Helper which takes a website URL as a input and render it afte ....

Sending user controlled inputs to jQuery functions may lead to critical XSS

Hey all , Its been some time I am trying to learn the security vulnerabilities related to Javascript .jQuery is one of the most widely used library of javascript . We find it embedded it most of the web pages we see these days. During the learning phase I found a very good post regarding jquery functions that allow HTML Injection . Following is the link to that post: Its written by the developer of popular JS Ana ....

Youtube XSS Vulnerability [Stored -> Self Executed]

Bug Type: Stored XSS Vulnerability | Self Executed
Vulnerable parameter: Playlist Name
Status : Fixed

Detailed WriteUp: Hey all :) , Last month i reported a Stored XSS vulnerability to Google which was in youtube playlist module. The playlist name was not being sanitized properly which caused js code to be executed in few parts of site

Reproduction Steps :
1. Create ....

Phishing Next Level: The undetectable way : How to be safe

Aim : To help you understand how your confidential details can be stolen with this new undetectable technique of phishing and how to be safe from it.

Being secure on the internet is one of the important issue these days. Companies are spending millions of dollars on making their web services more secure, Still, hundreds of vulnerabilities are discovered and exploited daily. This new met ....

Facebook HHVM Insecure File Caching via cached.php |

Bug Type: Insecure Caching caused Local File Inclusion from down directories
Script Url:
Buggy File: Cached.php
Status : Fixed

Detailed WriteUp: Hey all :) , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link :
So followin ....