Wednesday, February 19, 2014

Cross-Site Scripting on WikiLeaks

I have reported a Cross-Site Scripting issue on WikiLeaks new search engine. They have fixed the vulnerability, but they did not contact me back.

UPDATE: Read this article for more info :
Thanks Softpedia!!

Thursday, February 13, 2014

PHP Code Execution on BugCrowd

I have identified a PHP Code Execution Vulnerability on BugCrowd. Bugcrowd is the premier marketplace for security testing on web, mobile, source code and client-side applications. They have over 6700 security researchers. Bugcrowd runs bug bounty programs for companies. Finding a vulnerability like that in their website is an important achievement.

Thursday, February 6, 2014

Open Redirector on

I have found an Open Redirector  Vulnerability on . I have reported it immediately. Their security team says :

To demonstrate the impact of the vulnerability, I have made this video :

SQL Injection, Cross-site Scripting, Full Path Disclore on the website of the University of Calgary

I have reported multiple critical vulnerabilities ( such as SQL Injection, Cross-site Scripting, Full Path Disclore ) to the IT support Center of the University of Calgary. They have fixed the issue, but they did not contact me back. Although they have not contacting me back, I am glad that they have fully patched the issues that I have reported.

Acknowledged By Oracle

I have got acknowledged by Oracle for finding a Cross-Site Scripting Vulnerability.