View RSS Feed

prakhar

  1. Twitter Translation Center CSRF (Change Badge and Notification Settings)

    On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter Translation Center.

    While checking the service I landed up on the "Accounts Settings" page which looked like this.


    Name:  settings.jpg
Views: 2868
Size:  30.0 KB

    So we've two options here, first one toggles the Twitter Badge setting on Twitter.com and second one toggles the badge related notification.

    POST request ...

    Updated 10-20-2012 at 12:20 PM by prakhar

    Categories
    Uncategorized
  2. Symantec.com subdomains Multiple XSS Vulnerabilities

    Around half dozen XSS vulnerabilities were found on three subdomains of Symantec Corp. by me

    http://clientui-kb.symantec.com
    http://sfdoccentral.symantec.com
    http://engweb.symantec.com





    Name:  cl.jpg
Views: 2589
Size:  96.4 KB




    Name:  sd.jpg
Views: 2440
Size:  60.3 KB





    Name:  en.jpg
Views: 2422
Size:  69.0 KB



    All the reported vulnerabilities have ...
    Categories
    Uncategorized