Wednesday, February 19, 2014

Cross-Site Scripting on WikiLeaks

I have reported a Cross-Site Scripting issue on WikiLeaks new search engine. They have fixed the vulnerability, but they did not contact me back.




UPDATE: Read this article for more info :
http://news.softpedia.com/news/XSS-Vulnerability-Found-in-WikiLeaks-Internal-Search-Engine-428166.shtml
Thanks Softpedia!!

Thursday, February 13, 2014

PHP Code Execution on BugCrowd

I have identified a PHP Code Execution Vulnerability on BugCrowd. Bugcrowd is the premier marketplace for security testing on web, mobile, source code and client-side applications. They have over 6700 security researchers. Bugcrowd runs bug bounty programs for companies. Finding a vulnerability like that in their website is an important achievement.

Thursday, February 6, 2014

Open Redirector on Google.com

I have found an Open Redirector  Vulnerability on google.com . I have reported it immediately. Their security team says :







To demonstrate the impact of the vulnerability, I have made this video :



SQL Injection, Cross-site Scripting, Full Path Disclore on the website of the University of Calgary

I have reported multiple critical vulnerabilities ( such as SQL Injection, Cross-site Scripting, Full Path Disclore ) to the IT support Center of the University of Calgary. They have fixed the issue, but they did not contact me back. Although they have not contacting me back, I am glad that they have fully patched the issues that I have reported.


Acknowledged By Oracle


I have got acknowledged by Oracle for finding a Cross-Site Scripting Vulnerability.