View RSS Feed


Entries with no category

  1. Twitter Translation Center CSRF (Change Badge and Notification Settings)

    On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on which is the Twitter Translation Center.

    While checking the service I landed up on the "Accounts Settings" page which looked like this.

    Name:  settings.jpg
Views: 9233
Size:  30.0 KB

    So we've two options here, first one toggles the Twitter Badge setting on and second one toggles the badge related notification.

    POST request ...

    Updated 10-20-2012 at 11:20 AM by prakhar

  2. subdomains Multiple XSS Vulnerabilities

    Around half dozen XSS vulnerabilities were found on three subdomains of Symantec Corp. by me

    Name:  cl.jpg
Views: 8010
Size:  96.4 KB

    Name:  sd.jpg
Views: 7770
Size:  60.3 KB

    Name:  en.jpg
Views: 7730
Size:  69.0 KB

    All the reported vulnerabilities have ...