Blog

Exploiting the end user | XSS via svg files

As i am proceeding with my masters study(M.Tech) in computer science , the broad research topic i will be researching upon is Web Application Security . Under that broad area the specific research i have selected is , What are the various ways to exploit the end user means the client side . So i will be focussing on exploiting via daily life objects of…

Read More

Youtube Editor XSS Vulnerability

Bug Type: Stored | DOM Based and Self Executed XSS Vulnerability Browser: Chrome, Mozilla , IE etc Vulnerable Module: Youtube Editor : https://www.youtube.com/editor Status :Fixed . Detailed WriteUp: Hey all 🙂 I sent this XSS vulnerability report to Google in October last year. The vulnerability existed in the Youtube Video Editor Module. When you go to the images tab on this editor page.There is a feature to upload…

Read More

Google Webmaster Markup Helper Framed Application XSS

Bug Type: Stored XSS Vulnerability Browser: Internet Explorer 7 or less Vulnerable Module: Markup Helper : https://www.google.com/webmasters/markup-helper/ Status :Wont Fix . Detailed WriteUp: Hey all 🙂 Back in December 2014 I reported a Cross Site Scripting vulnerability to Google Security . Google webmaster has a module of Structured Data Markup Helper which takes a website URL as a input and render it after blacklisting all the javascript calls…

Read More

Sending user controlled inputs to jQuery functions may lead to critical XSS

Hey all , Its been some time I am trying to learn the security vulnerabilities related to Javascript .jQuery is one of the most widely used library of javascript . We find it embedded it most of the web pages we see these days. During the learning phase I found a very good post regarding jquery functions that allow HTML Injection . Following is the…

Read More

Youtube XSS Vulnerability [Stored -> Self Executed]

Bug Type: Stored XSS Vulnerability | Self Executed Vulnerable parameter: Playlist Name Status : Fixed Detailed WriteUp: Hey all 🙂 , Last month i reported a Stored XSS vulnerability to Google which was in youtube playlist module. The playlist name was not being sanitized properly which caused js code to be executed in few parts of site Reproduction Steps : 1. Create a playlist name [ t” onmouseover=alert(/xss/);…

Read More

Phishing Next Level: The undetectable way : How to be safe

Aim : To help you understand how your confidential details can be stolen with this new undetectable technique of phishing and how to be safe from it. Being secure on the internet is one of the important issue these days. Companies are spending millions of dollars on making their web services more secure, Still, hundreds of vulnerabilities are discovered and exploited daily. This new method of…

Read More

Facebook HHVM Insecure File Caching via cached.php

Bug Type: Insecure Caching caused Local File Inclusion from down directories Script Url: http://hhvm.com/ Buggy File: Cached.php Status : Fixed Detailed WriteUp: Hey all 🙂 , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com So following are details : Below is the extracted…

Read More

DOM Based XSS found at Nokia OVI Store Homepage

Vulnerability Type: Cross Site Scripting Vulnerable Domain: http://store.ovi.com/ Status : Fixed Detailed Writeup : Last year , i reported a critical DOM Based Cross Site Scrtiping Vulnerability on the hompeage of nokia Ovi Store http://store.ovi.com/ . The website uses CORS (Cross Origin Resource Sharing)mechanism to load the content in a particular area(div) of the page via XMLHttpRequests . So lets look on one of the url : The location…

Read More