• "vinnu"'s Avatar
    11-07-2017, 12:39 AM
    "vinnu" replied to a thread Hi all. in Introduce Your Self
    Namaste Welcome to G4H. We all have learnt by discussing the stuff with each other and we hope that you'll also be doing so. This way we flourish...
    1 replies | 1190 view(s)
  • "vinnu"'s Avatar
    10-31-2017, 12:20 PM
    "vinnu" replied to a thread SecurityFlaw in Introduce Your Self
    Namaste Make debugger a friend if you wnat to proceed in RE field. There are many, you can check any like ollydbg, immunity, xdbg, gdb, vc6++,...
    2 replies | 993 view(s)
  • "vinnu"'s Avatar
    10-31-2017, 12:11 PM
    "vinnu" replied to a thread greetz in Introduce Your Self
    Hello Sam You are most welcome here. We all learn by sharing and discussing stuff here. Hope you'll do same and flourish yourself and other's as...
    3 replies | 3221 view(s)
  • "vinnu"'s Avatar
    10-31-2017, 12:07 PM
    Hello Prateek Debugger's documentation is the best resource always. you can try it in Help menu or sometime you can find it within installation...
    1 replies | 2646 view(s)
No More Results
About ajaysinghnegi

Basic Information

About ajaysinghnegi
Biography:
A Information Security Learner & Researcher
Location:
Universe
Interests:
Pen Testing,Exploit Dev,Reverse Engg,Malware Analysis, Forensics, Zero Day Dev, Ethical Hacking
Occupation:
Information Security Researcher

Contact


This Page
http://garage4hackers.com/member.php?u=54&s=fec4e484404ab60eeb142e9f905b88b3
Instant Messaging

Send an Instant Message to ajaysinghnegi Using...

Statistics


Total Posts
Total Posts
181
Posts Per Day
0.07
General Information
Last Activity
07-18-2017 11:34 AM
Join Date
07-13-2010
Referrals
8

11 Friends

  1. "vinnu" "vinnu" is offline

    Security Researcher

    "vinnu"
  2. amolnaik4 amolnaik4 is offline

    Web Security Consultant

    amolnaik4
  3. anandtiwarics anandtiwarics is offline

    Garage Newcomer

    anandtiwarics
  4. AnArKI AnArKI is offline

    Infosec Enthusiast

    AnArKI
  5. babloo babloo is offline

    Garage Newcomer

    • Send a message via Skype™ to babloo
    babloo
  6. fb1h2s fb1h2s is offline

    Security Researcher

    fb1h2s
  7. prashant_uniyal prashant_uniyal is offline

    Security Analyst

    prashant_uniyal
  8. Punter Punter is offline

    Administrator

    Punter
  9. swatantra swatantra is offline

    Garage Newcomer

    swatantra
Showing Friends 1 to 9 of 11
Page 1 of 2 12 LastLast
View ajaysinghnegi's Blog

Recent Entries

Microsofts IIS.net Anti-CSRF Token Bypass

by ajaysinghnegi on 04-20-2014 at 04:32 PM
[B]Microsoft's IIS.net CSRF Vulnerability[/B]

I want to share my another finding on Microsoft IIS.net which I have reported to them in August 2013.


While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers

Read More

Updated 04-21-2014 at 12:12 PM by 41.w4r10r

Categories
Uncategorized

Microsofts Asp.net Anti-CSRF Token Bypass

by ajaysinghnegi on 04-20-2014 at 04:21 PM
[B]Microsoft's Asp.net CSRF Vulnerability[/B]

I want to share one of my finding on Microsoft Asp.net which I have reported to them in April 2013.

While researching and working on bug bounties I have found that we can bypass Anti-CSRF token validation even when it is getting validated on the server-side and can execute CSRF. And after that using the CSRF we can compromise the victims account by change email id of any users account on that site to the attackers email

Read More

Updated 04-21-2014 at 12:48 PM by 41.w4r10r

Categories
Uncategorized

Twitter Follow Retweet and Tweet Favourite CSRF Vulnerabilities

by ajaysinghnegi on 04-14-2014 at 02:16 PM
[B]How we were able to find Twitter Follow Retweet and [/B][B][B]Tweet Favourite[/B] CSRF[/B]


[LEFT]We want to share 3 of our findings on Twitter which me and my friend Krutarth have reported to them on March 2014.My good friend @KrutarthShukla was testing Twitter and he was trying deeply to find something on it. And finally he got a Follow CSRF and after sometime later I also got Reweet & Tweet Favourite CSRF. So, we found 3 CSRF vulnerabilities on Twitter.
[/LEFT]

Read More

Updated 04-15-2014 at 05:15 PM by ajaysinghnegi

Categories
Uncategorized

Account Takeover Using Password Reset Vulnerability

by ajaysinghnegi on 03-07-2014 at 03:47 PM
[LEFT][B]Account Takeover Using Password Reset Functionality[/B]
[/LEFT]
While researching and working on bug bounties I have found that by using Password Reset Functionality, Token & Link we can Takeover all the users account of a website if that site is vulnerable to this type of attack.


Using this vulnerability the attacker can modify the email md5 hash to any victims email md5 hash to change their password and in this way he can also reset all passwords

Read More

Categories
Uncategorized

How I was able to Read & Download Paypals X.com Users Private Email Attachments

by ajaysinghnegi on 03-07-2014 at 01:35 PM
[B][LEFT]Paypals X.com Failure to Restrict Url Access Vulnerability
[/LEFT]
[/B]
[LEFT]I want to share one of my finding on Paypals X.com which I have reported to them in 3 January 2013.

[/LEFT]
I have found that Paypal X.com following Url [URL]https://www.x.com/sites/default/files/failure_to_restrict_url_vul_for_any_attachments.txt[/URL] was vulnerable to Failure to Restrict Url Access Vulnerability as the email Attachments Url can be accessed without Login

Read More

Updated 03-07-2014 at 03:28 PM by ajaysinghnegi

Categories
Uncategorized