Search:

Hey!


Just wanted to write a small post on the G4H XSS Challenge CTF for November. My solution was for older browsers (as I didn't manage to solve it for latest ones).

Here's my solution:
...

I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year.

Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook Ads...

What if the web application rejects empty or blank referrers and X-FRAME-OPTIONS is set to DENY ?

Congratulations everyone! Great and neat efforts :)

Hi Parveen, welcome to Garage! Learn and Share :)

Thanks everyone!

There are tons of references to various files from a single file, like a single function takes data, structures from different files (includes etc), I've to jump-back-and-forth...

Hi guys I need to know the 'how-tos' for PHP code auditing manually. Any semi-automated tools, frameworks, tutorials and personal experience of code auditing would be helpful. Thanks :)

Hello guys, finally the website site is up and running, like Vivek Ramachandran would say - Hello SecurityTube..Err...Garage4Hackers (no-offense :) )

I will share my finding about a CSRF that I...

Ah, if it's disabled then I don't think there is a way out -_-

Listen, on what basis companies should hire you?

You don't have any security-related certification CEH/OSCP (personally OSCP is much much better than CEH).

B.Tech is not important AFAIK for...

I think this would do the trick.


FCKEditor ASP Version 2.6.8 File Upload Protection Bypass

I want to share details behind a Flash-based XSS at our Garage4Hackers Forum that I found and has been patched.

Last day, I was uploading a pic for a post here and for some strange reason it was...

I've an answer for your query:


630

Welcome Sunny to the forum, learn and share :)

I want to share the details behind a DOM-based XSS which I found on Rediff Blogs. At first glance it looks unexploitable as the source of XSS is a cookie, which then lands in an innerHTML sink.So for...

Perfectly done! Awesome findings man :)

You can't charge them to be honest, first of all you were not authorized to test their website/network, they can even throw you in Jail.

Better report them the issue and let them handle the issue...

I want to share the details of a redirection flaw, which I found on Quora, an extremely popular Q/A website, possessing Alexa rank of around 800 worldwide and how someone can exploit the issue to...

My write-up of a Flash XSS in Summify.com (via ZeroClipboard plugin):


http://blog.prakharprasad.com/2013/05/twitter-whitehat-vulnerability-for-2013.html

Hey Sandeep,

Here's the POC I sent to Google a while back, should be fixed.

<html>
<head></head>
<body onload=document.getElementById('csrf').submit()>
<form id='csrf'...

Hello All,

Here are POCs for two issues I found in different Google products back in late 2012.





Google Website Translator (Add Editor) CSRF

You can view the page at http://www.garage4hackers.com/content.php?r=150-File-Uploading-Issue-in-BillMeLater.com-paypal-worth-5000

I want to share my finding on a recent issue I found in a subdomain of BillMeLater.com (a Paypal service).


On 1st March, during my regular course of bug hunting in Paypal services, I found a...

You can view the page at http://www.garage4hackers.com/content.php?r=147-Facebook-Mobile-Open-Redirection-Vulnerability

Sometime back, I found an open redirect vulnerability in Facebook mobile site (http://m.facebook.com)

According to OWASP:



So typically what happens in Facebook is that whenever you try to...