Facebook HHVM Insecure File Caching via cached.php

Bug Type: Insecure Caching caused Local File Inclusion from down directories Script Url: Buggy File: Cached.php Status : Fixed Detailed WriteUp: Hey all 🙂 , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : So following are details : Below is the extracted…

Read More

DOM Based XSS found at Nokia OVI Store Homepage

Vulnerability Type: Cross Site Scripting Vulnerable Domain: Status : Fixed Detailed Writeup : Last year , i reported a critical DOM Based Cross Site Scrtiping Vulnerability on the hompeage of nokia Ovi Store . The website uses CORS (Cross Origin Resource Sharing)mechanism to load the content in a particular area(div) of the page via XMLHttpRequests . So lets look on one of the url : [pastacode lang=”markup”…

Read More