Search:

Type: Posts; User: prakhar

Page 1 of 2 1 2

Search: Search took 0.05 seconds.

  1. Replies
    0
    Views
    4,277

    Garage4Hackers Nov XSS CTF 2014 Write-up

    Hey!


    Just wanted to write a small post on the G4H XSS Challenge CTF for November. My solution was for older browsers (as I didn't manage to solve it for latest ones).

    Here's my solution:
    ...
  2. Facebook Custom Audiences OAuth 2.0 Redirect URI Bypass

    I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year.

    Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook Ads...
  3. What if the web application rejects empty or...

    What if the web application rejects empty or blank referrers and X-FRAME-OPTIONS is set to DENY ?
  4. Congratulations everyone! Great and neat efforts...

    Congratulations everyone! Great and neat efforts :)
  5. Replies
    1
    Views
    2,022

    Hi Parveen, welcome to Garage! Learn and Share :)

    Hi Parveen, welcome to Garage! Learn and Share :)
  6. Replies
    5
    Views
    4,884

    Thanks everyone! There are tons of references...

    Thanks everyone!

    There are tons of references to various files from a single file, like a single function takes data, structures from different files (includes etc), I've to jump-back-and-forth...
  7. Replies
    5
    Views
    4,884

    PHP Code Auditing HELP!

    Hi guys I need to know the 'how-tos' for PHP code auditing manually. Any semi-automated tools, frameworks, tutorials and personal experience of code auditing would be helpful. Thanks :)
  8. Replies
    1
    Views
    4,791

    PayPal CSRF: Change Primary Phone Number

    Hello guys, finally the website site is up and running, like Vivek Ramachandran would say - Hello SecurityTube..Err...Garage4Hackers (no-offense :) )

    I will share my finding about a CSRF that I...
  9. Replies
    7
    Views
    7,191

    Ah, if it's disabled then I don't think there is...

    Ah, if it's disabled then I don't think there is a way out -_-
  10. Replies
    13
    Views
    11,995

    Listen, on what basis companies should hire you? ...

    Listen, on what basis companies should hire you?

    You don't have any security-related certification CEH/OSCP (personally OSCP is much much better than CEH).

    B.Tech is not important AFAIK for...
  11. Replies
    7
    Views
    7,191

    I think this would do the trick. FCKEditor...

    I think this would do the trick.


    FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
  12. Replies
    2
    Views
    5,559

    Houston, we have an XSS at Garage

    I want to share details behind a Flash-based XSS at our Garage4Hackers Forum that I found and has been patched.

    Last day, I was uploading a pic for a post here and for some strange reason it was...
  13. I've an answer for your query: 630

    I've an answer for your query:


    630
  14. Replies
    5
    Views
    2,705

    Welcome Sunny to the forum, learn and share :)

    Welcome Sunny to the forum, learn and share :)
  15. Triggering an unexploitable DOM-based XSS in Rediff Blogs automagically

    I want to share the details behind a DOM-based XSS which I found on Rediff Blogs. At first glance it looks unexploitable as the source of XSS is a cookie, which then lands in an innerHTML sink.So for...
  16. Perfectly done! Awesome findings man :)

    Perfectly done! Awesome findings man :)
  17. You can't charge them to be honest, first of all...

    You can't charge them to be honest, first of all you were not authorized to test their website/network, they can even throw you in Jail.

    Better report them the issue and let them handle the issue...
  18. Pwning Facebook accounts, taking a little help from Quora

    I want to share the details of a redirection flaw, which I found on Quora, an extremely popular Q/A website, possessing Alexa rank of around 800 worldwide and how someone can exploit the issue to...
  19. Flash XSS in Summify.com (Twitter acquisition)

    My write-up of a Flash XSS in Summify.com (via ZeroClipboard plugin):


    http://blog.prakharprasad.com/2013/05/twitter-whitehat-vulnerability-for-2013.html
  20. Hey Sandeep, Here's the POC I sent to Google a...

    Hey Sandeep,

    Here's the POC I sent to Google a while back, should be fixed.

    <html>
    <head></head>
    <body onload=document.getElementById('csrf').submit()>
    <form id='csrf'...
  21. Google Website Translator (Add Editor) CSRF and Google Tasks (Add Task) Clickjacking

    Hello All,

    Here are POCs for two issues I found in different Google products back in late 2012.





    Google Website Translator (Add Editor) CSRF
  22. Article: File Uploading Issue in BillMeLater.com- paypal worth $5000

    You can view the page at http://www.garage4hackers.com/content.php?r=150-File-Uploading-Issue-in-BillMeLater.com-paypal-worth-5000
  23. File Uploading Issue in BillMeLater.com worth $5000

    I want to share my finding on a recent issue I found in a subdomain of BillMeLater.com (a Paypal service).


    On 1st March, during my regular course of bug hunting in Paypal services, I found a...
  24. Article: Facebook Mobile Open Redirection Vulnerability

    You can view the page at http://www.garage4hackers.com/content.php?r=147-Facebook-Mobile-Open-Redirection-Vulnerability
  25. Facebook Mobile Open Redirection Vulnerability

    Sometime back, I found an open redirect vulnerability in Facebook mobile site (http://m.facebook.com)

    According to OWASP:



    So typically what happens in Facebook is that whenever you try to...
Results 1 to 25 of 47
Page 1 of 2 1 2