Blog

Facebook HHVM Insecure File Caching via cached.php

Bug Type: Insecure Caching caused Local File Inclusion from down directories Script Url: http://hhvm.com/ Buggy File: Cached.php Status : Fixed Detailed WriteUp: Hey all 🙂 , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com So following are details : Below is the extracted…

Read More

DOM Based XSS found at Nokia OVI Store Homepage

Vulnerability Type: Cross Site Scripting Vulnerable Domain: http://store.ovi.com/ Status : Fixed Detailed Writeup : Last year , i reported a critical DOM Based Cross Site Scrtiping Vulnerability on the hompeage of nokia Ovi Store http://store.ovi.com/ . The website uses CORS (Cross Origin Resource Sharing)mechanism to load the content in a particular area(div) of the page via XMLHttpRequests . So lets look on one of the url : The location…

Read More