XSS Vulnerable Elance.com

21:26 Posted by Ali Hassan Ghori
Elance.com was Vulnerable for XSS , not entire domain but some pages may be Vulnerable in a past few months .

An Independent Security Researcher "Ali Hasan Ghauri (AHPT)" has discovered bug on a big website for online jobs (Elance.com) . He Report this issue to the security team of Elance then Security Team have fix this issue .

The Vulnerability Fixed On Jan/15/2013

An Independent Security Researcher "Ali Hasan Ghauri" has discovered a Cross-Site Scripting Vulnerability on us.acer.com/

11:53 Posted by Ali Hassan Ghori

An Independent Security Researcher "Ali Hasan Ghauri" has discovered a Cross-Site Scripting Vulnerability on us.acer.com/ .
General Information
Established in 1976 with US$25,000 in capital and 11 employees, Acer today focuses on marketing its brand-name IT products around the globe. Wielding a profitable and sustainable Channel Business Model (CBM) Acer has been able to achieve sustainable growth worldwide. The model offers flexibility to adapt to changing global IT market trends, and involves collaborating with the industry's top-tier partners and suppliers. We expect the foundation of the CBM shall enable Acer to reach further success, minimize operating expense and enhance profitability.

The Vulnerability was Fixed on Jan/11/2013

XSS Vulnerability has discovered By Ali Hasan Ghauri (AHPT) on Hamariweb.com

07:43 Posted by Ali Hassan Ghori
A Non-Persistent XSS Vulnerability has discovered By Ali Hasan Ghauri (AHPT) on Hamariweb.com ,
Hamariweb.com is just a dedicated effort to fulfill the needs of our internet population. Hamariweb.com is becoming the most favorite web portal of all age groups.
Hamariweb.com is ranked #3,428 in the world, a low rank means that this website is very popular. Its majority users come from Pakistan and is ranked #26 in Pakistan. It has 202,018 visitors per day, and has 1,131,303 pageviews per day.

The Vulnerability is currently Fixed now.

Vulnerability Found On phonecopy.com

20:47 Posted by Ali Hassan Ghori
Phonecopy.com is 7 Years, 10 Months, 3 Days old. It is ranked #167,888 on the world wide web, the lower the rank, the popular the website is . Value of it to be upwards of $83 USD.

Phonecopy.com project is currently developed and operated as part of the "Invention Lab" research and development center at e-FRACTAL.
"Invention Lab" is a research and development center with an independent budget. In other words, each successful project brings us the funds that we use to reinvest and support newly emerging projects and ideas. The aim is to support innovative and creative projects implemented at e-FRACTAL, which ensures direct financial support as well as administrative, technical and technological operative and related logistics.

So , I Found Vulnerability On Phonecopy.com ....

It was Fixed On  Jan/07/2013

Vulnerability Found On Oarsa.org

20:23 Posted by Ali Hassan Ghori
Oarsa.org is 11 Years, 13 Days old. It is ranked #3,464,478 on the world wide web, the lower the rank, the popular the website is. The website is estimated to earn at least $2 USD per day from advertising revenues and we value it to be upwards of $1,839 USD.

oarsa.org was founded by Ed Paff  in the early months of 2000 after he found it hard to get O.A.R. setlists and live recording track lists. The site was originally run from free hosting services with addresses like oarsa.homestead.com. Naturally, the site was continuously growing and eventually it got too big for free hosting services, so for quite some time it would be hosted from Ed's personal computer. The oarsa.org domain name was launched on June 27, 2001 as an easier way to access the site. 

So , I found Vulnerability on Oarsa.org ...

It was Fixed On Jan/14/2013

Vulnerability Found On Resellerratings.com

03:13 Posted by Ali Hassan Ghori
Resellerratings.com is thirteen Years, 9 Months, twenty one Days previous. it's graded #9,043 on the globe wide internet, the lower the rank, the popular the web site is. the web site is calculable to earn a minimum of $341 USD per day from advertising revenues and that we price it to be upwards of $249,119 USD. we've got found the typical page load time to be three.056574 seconds. This website features a PageRank of 6/10 , it gets a complete of 158,931 distinctive guests per day that manufacture a complete of 460,901 pageviews. This web site is listed in Yahoo Directory

I found Vulnerability On  Resellerratings.com (Been There , Bought That)

It was fixed on Jan/13/2013

Vulnerability Found On Thestar.com.my

02:33 Posted by Ali Hassan Ghori
Thestar.com.my is ranked #3,708 on the world wide web, the lower the rank, the popular the website is. The website is estimated to earn at least $978 USD per day from advertising revenues and we value it to be upwards of $714,286 USD. We have found the average page load time to be 2.777365 seconds. This site has a PageRank of 7/10 , it gets a total of 267,294 unique visitors per day which produce a total of 775,152 pageviews. This website is listed in Yahoo Directory

So , i found XSS Vulnerability on Thestar.com.my

It was fixed on Jan/14/2013

Vulnerability Found On Winability.com

20:25 Posted by Ali Hassan Ghori
I found Vulnerability on winability.com , It has atiny low package company, specializing in developing and commercial enterprise helpful Windows utilities and security package. it's initial product was released in August 1993, and It initial electronic computer was up and running within the middle of 1994. Yes, he were on-line before Google, Yahoo, Hotmail or MSN even existed!

The Vulnerability was fixed on Jan/09/2013

Vulnerability Found on braintreepayments.com/

11:46 Posted by Ali Hassan Ghori
Braintree is constructed to be the sole payment platform merchants can ever would like. From startups to heavyweights, and each business between, Braintree adapts.
It processed more than 1.5 million
ransactions in an exceedingly single day for one among our shoppers, with no disruption to them or the thousands of different merchants running that day.

So , An independent Security Researcher "Ali Hasan Ghauri" has found a Reflected XSS Vulnerability on BrainTreePayments.com ,
The Vulnerability was Fixed On  Jan/05/2013

Vulnerability Found on Braintreepayments.com

12:12 Posted by Ali Hassan Ghori
Cross Site scripting holes are gaining popularity among hackers as straightforward holes to find in giant websites. Websites from fbi.gov, CNN.com, Time.com, Ebay, Yahoo, Apple pc, Microsoft, Zdnet, Wired, and Newsbytes have all had one type or another of XSS bugs.

XSS holes can allow Javascript insertion, which can give restricted execution. If associate attacker were to take advantage of a browser flaw (browser hole) it might then be doable to execute commands on the client's facet. If command execution were possible it would solely be possible on the client side. In easy terms XSS holes can be used to facilitate exploit other holes that may exist in your browser.

So, today i found Non-Persistent  XSS Vulnerability on braintreepayments.com ,

It was fixed on Jan/05/2013 

Must Read If You really need to become a real hacker:-

00:40 Posted by Ali Hassan Ghori

(-1-) Never trust sites that raise you for cash reciprocally of Hacking Softwares or United Nations agency claim to Hack Email Id’s reciprocally of cash. All such things square measure Scam . Nothing Works.

(-2-) There's NO DIRECT software system to Hack Facebook , Google , Yahoo or the other massive web site. All the thusftwares that claim to try to to so square measure scam. they're simply meant to require your cash and in worse cases, those softwares have trojans or keyloggers in them. As a result your account gets hacked attempting to hack others.

(-3-) Never EVER use the keyloggers or trojans you discover as software system on web. Hackers don't seem to be fools. They compile keyloggers and trojans nearly with any such software system and once you install them , you're already hacked before even attempting to hack others.

(-4-) You're ne'er about to be an honest hacker while not the information of programming and scripting languages. once you square measure about to use solely prepared created software systems and would rely on them for hacking something then your practicality would be restricted upto the practicality of the software. once you don't seem to be about to use your brain , simply doing the copy paste factor, then however are you able to even consider being an honest hacker.

(-5-) If you're an honest Hacker, you already become an honest computer programmer , an honest script author , an honest net developer and a superb security skilled. Well any smart Hacker will/should have smart information of varied aspects and programming languages. to try to to XSS (Cross web site Scripting ) , PHP INJECTION , SQL INJECTION , PHISHING , FOOTPRINTING etc… you may got to be smart at programing and scripting. And once you grasp the assorted loop holes , vulnerabilities and security tips, you already become a pc Security skilled.

Bug Bounty Programs

07:55 Posted by Ali Hassan Ghori
List of Bug Bounty Programs
Bug Bounty Program a well known topic is on the heat these days, known companies like: google, Facebook, Mozilla are paying for finding a vulnerabilities on their web servers, products, services or some associated applications. Here is a list for all the Security Researchers and Bug Hunters to target all the best :)

Bug Bounty Websites for Web Application Vulnerability













Bug Bounty Websites for Products Vulnerability


Google Chrome

Zero Day Initiative


Artifex Software

Hex Rays



Hall of Fame & Responsible Disclosure Websites(No Bounties)



















37 Signals






Constant Contact




Team Unify












Engine Yard










Scorpion Soft





Nokia Siemens

Sound Cloud






Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

09:45 Posted by Ali Hassan Ghori
Hi friends, last time, i explained what is XSS and how an attacker can inject malicious script in your site. As i promised earlier, i am writing this advanced XSS tutorial for you(still more articles will come)


Sometimes, website owner use XSS filters(WAF) to protect against XSS vulnerability.
For eg: if you put the <scirpt>alert("hi")</script> , the Filter will escape the "(quote) character , so the script will become

<script>alert(>xss detected<)</script>
Now this script won't work. Likewise Filters use different type of filtering method to give protection against the XSS.  In this case, we can use some tricks to bypass the filter.  Here i am going to cover that only.

1.Bypassing magic_quotes_gpc

The magic_quotes_gpc=ON is a PHP setting(configured in PHP.ini File) , it escapes the every ' (single-quote), " (double quote) and \  with a backslash automatically.
For Eg:
<scirpt>alert("hi");</script> will be filtered as <script>alert(\hi\)</script>.so the script won't work now.

This is well known filtering method, but we can easily bypass this filter by using ASCII characters instead.
For Eg:  alert("hi"); can be converted to
String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)
so the script will become <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>.  In this case there is no "(quotes) or '(single quotes) or / so the filter can't filter this thing.  Yes, it will successfully run the script.
String.fromCharCode() is a javascript function that converts ASCII value to Characters.

How to convert to ASCII values?

There are some online sites that converts to ASCII character. But i suggest you to use Hackbar Mozilla addon .

After installing hackbar add on ,press F9.  It will open the small box above the url bar. click the XSS->String.fromCharCode()

Now it will popup small window. enter the code for instance alert("Hi").  click ok button.  Now we got the output.

copy the code into the <script></script> inside and insert in the vulnerable sites

For eg: 
hxxp://vulnerable-site/search?q=<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>

2.HEX Encoding

we can encode our whole script into HEX code so that it can't be filtered.
For example:  <script>alert("Hi");</script> can be convert to HEX as:
Now put the code in the vulnerable site request.
For ex:
 Converting to HEX:
This site will convert to hex code: http://centricle.com/tools/ascii-hex/

3.Bypassing using Obfuscation

Some website admin put the script,alert in restricted word list.  so whenever you input this keywords, the filter will remove it and will give error message like "you are not allowed to search this". This can bypassed by changing the case of the keywords(namely Obfuscation). 
For eg:

This bypass technique rarely works but giving trial is worth.

4. Closing Tag

Sometimes putting "> at the beginning of the code will work.


This will end the previous opened tag and open our script tag.

From above article, it is clear that XSS filters alone not going to protect a site from the XSS attacks. If you really want to make your site more secure, then ask PenTesters to test your application or test yourself.

Also there are lot of different filter bypassing technique, i just covered some useful techniques for you.

This article is intended for educational purpose only.

Cross Site Scripting(XSS) Complete Tutorial for Beginners~ Web Application Vulnerability

09:39 Posted by Ali Hassan Ghori
What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.  
Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.It will be easy to understand XSS , if you have the following prerequisite:

  • Strong Knowledge in HTML,javascript(Reference).
  • Basic Knowledge in HTTP client-Server Architecure(Reference)
  • [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability.

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.

Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field.
View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.

Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?
  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement
  • Denial of Service attacks(Dos)
This article is intended for educational purpose only.

View Full Article : breakthesecurity.com

How to Identify and Avoid Phishing Scams

09:06 Posted by Ali Hassan Ghori
Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworthy person or organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victim and hence, phishing can be very effective.
With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.
Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips to identify various phishing techniques and stay away from it:

Identifying a Phishing Scam:

  1. Beware of emails that demand for an urgent response from your side. Some of the examples are:
    • You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanent suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed web page (similar to your bank website) and enter your login details over there.
    • In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
  2. Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.
  3. When you click on the links contained in a phishing email, you will most likely be taken to a spoofed web page with official logos and information that looks exactly same as that of the original web pages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there.
    Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead ofpaypal.com, a phishing website may use different addresses such as:
    • papyal.com
    • paypal.org
    • verify-paypal.com
    • xyz.com/paypal/verify-account/

Tips to Avoid Being a Victim of Phishing:

  1. Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.
  2. Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.
  3. Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as passwords, account numbers or credit card details. You will see a lock icon Picture of the Lock icon in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.
    HTTPS Address Bar
    In most cases, unlike a legitimate website, a phishing website or a spoofed web page will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the web page before entering any of your personal information.
  4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.
  5. Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:
I hope the information presented in this article will help you detect and avoid various phishing scams that are waiting to rip off innocent Internet users. If you’ve anything to say, please pass your comments.