Blog

How about leaving your home? Forever

The title of the post is bit scary to read but what if it happens ? On November 25th i got married to Sonia(My Wife). It was a arrange marriage. We know each other since January 2018. . Throughout 2018 we have been talking, understanding each other and luckily we became good friends. Guess what ?? She is also into computers 🙂 . Throughout her…

Read More

Thank You Google VRP

Hey Everyone 🙂 , I really hope you are doing good . This post is about Google VRP. Before starting to write anything , I would like to thank Google for starting its Vulnerability Reward Program (VRP) and another thanks to Google Security Team for being so nice and responsible. Last year , I met Google Security Team during NullCon Conference at Goa . It…

Read More

Exploiting Clickjacking Vulnerability | Google

Bug Type: Clickjacking Vulnerability Browser: Android Browser Vulnerable Module: Google Talkgadget / Hangouts Url : https://talkgadget.google.com Vulnerable Browser/users: Android < 4.4 Status :Fixed . Hello world 🙂 , I really hope you guys are doing great . Its been a long time , i could not post stuff . This post is about a clickjacking vulnerablity i found in one of the google service , that is Google Hangouts .It…

Read More

Exploiting the end user | XSS via svg files

As i am proceeding with my masters study(M.Tech) in computer science , the broad research topic i will be researching upon is Web Application Security . Under that broad area the specific research i have selected is , What are the various ways to exploit the end user means the client side . So i will be focussing on exploiting via daily life objects of…

Read More

Youtube Editor XSS Vulnerability

Bug Type: Stored | DOM Based and Self Executed XSS Vulnerability Browser: Chrome, Mozilla , IE etc Vulnerable Module: Youtube Editor : https://www.youtube.com/editor Status :Fixed . Detailed WriteUp: Hey all 🙂 I sent this XSS vulnerability report to Google in October last year. The vulnerability existed in the Youtube Video Editor Module. When you go to the images tab on this editor page.There is a feature to upload…

Read More

Google Webmaster Markup Helper Framed Application XSS

Bug Type: Stored XSS Vulnerability Browser: Internet Explorer 7 or less Vulnerable Module: Markup Helper : https://www.google.com/webmasters/markup-helper/ Status :Wont Fix . Detailed WriteUp: Hey all 🙂 Back in December 2014 I reported a Cross Site Scripting vulnerability to Google Security . Google webmaster has a module of Structured Data Markup Helper which takes a website URL as a input and render it after blacklisting all the javascript calls…

Read More

Sending user controlled inputs to jQuery functions may lead to critical XSS

Hey all , Its been some time I am trying to learn the security vulnerabilities related to Javascript .jQuery is one of the most widely used library of javascript . We find it embedded it most of the web pages we see these days. During the learning phase I found a very good post regarding jquery functions that allow HTML Injection . Following is the…

Read More

Youtube XSS Vulnerability [Stored -> Self Executed]

Bug Type: Stored XSS Vulnerability | Self Executed Vulnerable parameter: Playlist Name Status : Fixed Detailed WriteUp: Hey all 🙂 , Last month i reported a Stored XSS vulnerability to Google which was in youtube playlist module. The playlist name was not being sanitized properly which caused js code to be executed in few parts of site Reproduction Steps : 1. Create a playlist name [ t” onmouseover=alert(/xss/);…

Read More

Phishing Next Level: The undetectable way : How to be safe

Aim : To help you understand how your confidential details can be stolen with this new undetectable technique of phishing and how to be safe from it. Being secure on the internet is one of the important issue these days. Companies are spending millions of dollars on making their web services more secure, Still, hundreds of vulnerabilities are discovered and exploited daily. This new method of…

Read More