Ali Hasan Ghauri found XSS Vulnerability on Amazon

Ali Hasan Ghauri Reported To Amazon Security Team that Amazon is Vulnerable for XSS Attacks .

Amazon Give Great Response & fix the Vulnerability Very Soon & sent me Ninja Coder Cards .

Any Way i appreciate Amazon Security Team for Great & fast Response .

Read More

ChinaBuye Gives " Ali Hasan Ghauri "(AHPT) 500 Points For reporting Some Bugs .

China Buye Gives Me 500 Points For reporting Some Bugs .

i can buy Redeem Things with this Points .

I already bought a Watch at 251 Points !!! Waiting for receiving .

My remaining Points is 249 , !!! I enjoying !!!

Now it's Your turn . Keep Trying for finding bugs on http://www.chinabuye.com/ .

 

 

Read More

BrainTree Payments sent a Awesome T-shirt to Pakistani Youngest Secuirty Researcher " Ali Hasan Ghauri "

Finally , I received a Awesome & Beautiful T-shirt from BrainTree Payments for finding a bug .‏

 

 

Read More

CNet & Filehippo Both Are Free Softwares providing Websites is Vulnerable For XSS Attacks

A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Cnet.com main site. Vulnerability still exists

 

Security Researcher Ali Hasan Ghauri  Said that In December 2012, the Cnet & Also FIlehippo entire domain was vulnerable and reported XSS flaw to Cnet team & Filehippo team but did not get any response from the Both Sites , so i decided to make it public.

Read More

Microsoft Certification Free For Students , Limited Time Offer !

College student, high school student, any kind of student – sooner or later you will be entering the scary job market. how will you differentiate yourself from the rest off the recent graduates? One way to boost the attention your resume gets is by getting industry certifications like the ones Microsoft offers. For a limited time, you can get a FREE Microsoft Certification Exam voucher code for select exams to help you get started. Microsoft Certification is designed to validate your IT skills and shows potential employers that you are motivated and focused on your career. It says you go beyond the requirements of your course work.

Like new jobs, these vouchers are in limited supply so don’t wait! Visit www.dreamspark.com today!

Read More

List of Google's tools

Many free tools are available to webmasters, programmers and Net surfers by Google.
The more impressive is Earth that allow to travel a virtual representation of the World.
Download a software to be linked to a geographic database made of photos and 3D images built with Building Maker.
The product has been bought by Google in 2004 and made free.Here is the complete list of all the tool offered for free by Google.

Tools for webmasters

• Ad Planner. How to know the traffic of a website.
• Adsense and Adwords. Adding advertisements on his site, or promoting his site.
• Analytics
  Service of online statistics, it shows the number of visitors, their geographical origin or nature (engine, direct connection).
  Requires the inclusion of a JavaScript code into pages.
  Analytics may be enhanced with Application Gallery, plugins to expand the statistics tool.
• Goo.gl. Site to redirect shortened web adresses.
• How to Gomo. To help webmasters to get their site in the world of mobile, this online tool provides advice and services as the mobilometer to show how your site is viewed on a mobile.
• Insight for search. Geographical sharing and evolution of keyword queries.
• Keywords external. Keyword generator.
• Knol
  Web pages hosting.
• Let me found that. Instead of putting a link on a page or a search query, this special tool can use queries directly.
• Public DNS.
  A free DNS resolution service for dedicated servers.
• reCaptcha.
  Anti-bots service with plugins for numerous CMS.
• Scribe. It's a bookmarklet that adds Google Suggest feature to text fields in a form on any web page.
• Trends. Comparing the evolution of queries.
• Toolbar. For Firefox or IE, gives access to several services and displays the PageRank.
• Webmaster tools
  To help webmasters, tools of control over their site(s).
  Only way to know the number of backlinks and which sites have given them.
  Statistical Tools on keywords, and quality tests.

Web design

• Browser Size
  From data got by the search engine, browser size uses the statistics of the screen size of your visitors to indicates that users can not see without scrolling the page ...
• Experiments
  To end the quarrels of authors of browsers each boasting a gear its product, Google created in 2009 a site where you can run JavaScript across browsers to compare their speed.
• Font API.
  Add pretty fonts to you web pages, compatible with most browsers, loaded dynamically on a Google's site.
• Living Story
  Based on Wordpress, it is a plugin and a theme that presents information in a new way. It brings together all information about an event dynamically on a single page.
• Skipfish
  Security test scanner for web applications, it supports several frameworks.
• Web Elements
  This site offers elements provided by Google to be added to your own site: Calendar, Conversation, Custom Search, Maps, News, Presentations, Speadsheet, Youtube News.
  Example: How to add a map to your site.
• Web security
  Online university to learn security issues on websites.

Programming

• Apps Script. APIs to use and control various Google services such as Docs, Calendar, etc.
• BigQuery. Online service with a graphical interface to search large amounts of data in the Google cloud. It works with a SQL database such as BigTable.
• Closure. JavaScript optimiser.
• Dart. Programming language to replace JavaScript.
• Gears. Library to turn websites offline.
• Go. System language and its compiler.
• Google Web Toolkit. Framework to build Web application in Java to be converted to JavaScript.
• Predict API. An API that predicts what will happen based on historic of events.
• Protocol Buffers. File format to replace XML, with its compiler.
• RE2. Regular expressions, C++ parser.
• Refine. Data processing tool, allowing the conversion of format, linkage with other databases, analysis.
• Snappy. Compression tool on the server, faster than gzip.
• Traceur. JavaScript to JavaScript compiler, in webpages. It adds new functions that are translated into standard JavaScript. The compiler itself is written in JavaScript.

Graphics and charts

• Building Maker. A complement to Earth.
• Chart Tools. To build statistical graphs, two types of services: URL of a Google server to which you pass data in parameters, and the JavaScript API to create yourself bar or pie chart that can be interactive.
• Earth.
  Download a software to be linked to a geographic database made of photos and 3D images built with Sketchup.
  The product has been bought by Google in 2004 and made free.
• Maps
  Worldwide mapping service on which you move with the mouse.
  Webmasters can integrate a Web service through the API to associate an address to its geographical position on a map.
• WebP (weppy).
  Graphic image format competitor to jpeg , using a RIFF container and a VP8 methodology.

Social networks and communications

• Drive. Online storage, file sharing and collaborative work. An app to download to access the service. Free up to 5 GB.
• Etherpad. Web-based realtime collaborative document editor.
• Gmail
  Hosting of email addresses set up in 2004 and opened to the public in 2006.
  It offers many features such as chat, filtering, off-line.
• Moderator
  Established in 2008, Moderator is a question and answer service where users vote for the questions to bring them forward and have more chance to get an answer.
  It is used by Google to communicate with webmasters.
• Reader
  RSS aggregator created in 2005. Users have a journal online (or offline), composed of feeds from various sites.
  To add feeds they are assisted by a specialized search engine.
• Voice. Connect phone calls to GMail and gives a control on them.

Mobiles

• Android. OS for mobile devices.
• Gizmo 5. Phone calls at no cost, from a mobile or computer, makes use of Google Voice. Bought in November 2009.
• Quick Office. Productivité suite for Android and iOS aquired in June 2012.

General purpose tools

• Alert
  Receive an email when an article is published on a topic that you defined by keywords.
• Baraza.
  Question/Answer service for Africans. A system of awarding points is used to moderate the service, which is linked to Google accounts.
• Body browser.
  Interactive anatomy software, the "Browser of the body" is running really on WebGL currently operational in Firefox 4.
• Calendar. Online tool to organize schedule and share infos with other.
• Chrome browser
  Google's browser is another component of the development strategy of online applications.
  It is specially designed to operate them in the best condition and has a fast JavaScript compiler.
• Chrome OS. Operating system for netbooks and Web applications.
• Crypted search. Version of the search engine protected under SSL.
• Doc. Online word processor. With the support of all file types and 250 MB of allowed space, it is an online storage service too.
• Gadgets. Widgets for the desktop of web pages.
• Google Chrome Frame. A plugin to add HTML 5 support to Internet Explorer.
• Google Commerce Search. Product search.
• GoogleCL.
  Command line tool for Linux. Allows to pass commands to Google's applications such as Docs, Picasa, Calendar...
• Ngrams. Statistical tool, showing the evolution of words in the literature in several languages. This shows such as in the example, the change of use that makes a word replaces another. Exemple: xul, xaml.
• Patents search. Retrieve a patent.
• Picasa
  Management software and image editing. Originally used on a competitor of Flickr, it was bought by Google in 2004 and offered for download for free.
• Powermeter.
  Help you to improve energy efficiency at home.
• Reader. RSS feed aggregator.
• Reader Play. Modern and fancy version of Reader allowing to click on a scrolling list. Reader Play is an alternative to Digg as Reader is one to Twitter.
• SMS. Search from a mobile by sms.
• Tipjar.
  On the model of Answers or Digg, a site where you can offer tips to save money. Tips are ranked by the votes of surfers.
• Transit
  To plan your transportation, from a browser or a mobile.
• Translate. Online translator. A new chat function has been added to the toolkit in January 2010.
• Transliterate.
  Convert romain characters into phonetics for foreign languages.
• Web Elements.
  Elements provided by Google to be added to your own site: Calendar, Conversation, Custom Search, Maps, News, Presentations, Speadsheet, Youtube News.
  Example: How to add a map to your site.

Games

• Pacman. Classic game.
• Play Maps Cube. The goal is to move a ball on a map and complete a level.

Read More

All Google Sites

List of sites of Google listed in categories

All Google services are free, only few have a more professional version requiring fee. The list illustrates that, through the services and tools offered, a strong trend is emerging, that is replacing the operating system and desktop software for browser running Web applications offline. One area in which Google is becoming the main actor.
Many acquisitions have been integrated into the Google site and its services. The sites are redirected to a subdomain of Google. Only the acquisition of which the domain is still active are listed here.
This list is completed by the List of Google Tools.

Web design and development

• 20 things I learned
  Advices for webmasters. Run under the Chrome browser.
• Experiments.
  To end the quarrels of authors of browsers each boasting a gear its product, Google created in 2009 a site where you can run JavaScript across browsers to compare their speed.
• Html5rocks.
  Dedicated to HTML 5, provides tutorials, demonstrations and tests for browsers.
• Instantiation. Java development for the Web.

Graphics and video

• Episodic. Online videos site bought en March 2010.
• On2. The creator of the VP8 codec.
• Omnisio. Adding comment to videos.
• Panoramio. Geolocation-oriented photo sharing site. Works with Earth and Maps.
• Green Parrot Pictures. Tools for motion based manipulation of films and videos. They will be offered to Youtube users.
• Youtube. Sharing video website that uses Flash for display videos on any website. Bought by Google in 2006, its expansion is still continuing while the service develops.
  Many sites have tried to imitate it with little success except Dailymotion.

Social networks and hosting

• All For Good. Find and share volunteer activities. Browse the site for activities near your location.
• Angstro. Tools for social networks (August 2010).
• Blogger.
  Platform of blog hosting. It allows you to avoid paid hosting site.
  A domain name may be associated with a blog. The site is blogger.com but the blogs are hosted on subdomains of blogspot.com.
• FreeBase.
  A graph of persons, places and things built by a free community.
• Genius Labs. Distributed applications technologies.
• Google+ is Google's reply to Fecebook, (next to Orkut), a social network which allows you to connect to a group. It integrates Circle for creating online groups but also other tools with a long-term prospect of an exchange network as common as the search engine.
• Orkut.
  Social network competitor to Friendster or MySpace. Half of users comes from Brazil and it is now hosted in this country. The goal is to create a community through invitations.
  The name is that of an employee of Google who developed the software in 2004.
• Postrank. Data and analysis on social web.
• Prizes.org. A place where you can put contests and offers prizes.
• SocialDeck.
  Social games for mobiles (August 2010).
  
• Textcube. Korean blogging platform, similar to Wordpress.
• Wave Protocol. Dedicated to Google Wave and the open source tool Wave in a Box.

Mobiles

• Admob. Acquired for US$ 750 millions, it is a mobile advertising network.
• Android. Site of the mobile operating system.
• Labpixies. Editor of widgets and games for mobiles.
• Punchd. Fidelity cards in shops on your mobile rather than paper.

Advertising and e-commerce

• Dealmap. Clone of Groupon (and then of Google Offers) based on Google Maps to find good deals in a city.
• Double Click. The advertising site was bought in 2007 for $ 3 billion.
• Invite media. On-line buying platform.
• Teracent. Take control of the look and feel of online adverts.
• Zagat. Restaurant reviews. Could be integrated in Google+. It is a perfect complement to Hotel Finder.

Online search

• Apture.
  Extension to browsers that performs a search on a part of the content of the page visited.
• Beat That Quote. Finance price comparison in UK.
• WDYL. (www.wdyl.com). New search engine that show results as a portfolio with categories of services.

Google's blogs

• Official Google Blog. Blog of the company.
• Analytics blog. Announcements about the statistics Web service.
• Adwords API. Information on the Adwords API.
• Base Blog. Information by the team of Google Base.
• Blogger Buzz. Dedicated to Blogger.
• Chromium Blog. Dedicated to the Chrome browser and its development.
• Code Blog. Sharing information on the code of applications from Google.
• Docs. For the online word processor.
• Enterprise. About Google Apps and enterprise in relation with Google.
• Inside AdSense. Information about the Adsense program.
• Inside AdWords. Information on the Adwords program.
• Maps API Blog. For the Maps API.
• Reader Blog. News, tips and techniques about Reader.
• Research Blog. Scientific research and Google.
• Google Talkabout. Voice and Google Talk.
• Webmaster Central Blog. Official news on the search engine.

Other sites and online services

• 20thingsIlearned. Online book to give basis of browsers and the Web.
• BumpTop. A 3D desktop for Windows and Mac. It supports multitouch and gesture interfaces.
  See a démonstration vidéo.
• DocVerse. Edition en groupe et en ligne de documents aux formats de Microsoft.
• Google Apps. (Overview). Hosting for mashups.
• Google Art Project. Online visit of all museums around the world.
• Google Code. Hosting for open source project, similar to Sourceforge.
• Google Base. Reference to any type of content by Google.
• Google eBooks. Million of free or paid books, now Google competes Amazon.
• Google News. Selection of news taken automatically from registered websites.
• Hotel Finder. A specialized search service to find the hotel that fit your needs in the place where you go.
• ITA Software.
  Travel information software, acquired by Google on July 1, 2010 for US $ 700 million.
• Labpixies. Gadgets for the Web, for iGoogle mainly.
• Google sites. Hosting service. Replaces Page Creator.
• Store. Online shop. There is also a specialised search engine to it, Google Commerce Search.
• Teach Parents Tech. Set of video to teach the very basic or computer technologies.
• Think Quaterly. Free online magazine.
• Widevine. TV on demand. (December 2010).

Read More

Ali Hasan Ghauri Acknowledgement Name on GitLab.com

GitLab.com would like to thank the following individuals and organisations that have privately reported security issues that affected GitLab.com.

A youngest  Pakistani Security Researcher "Ali Hasan Ghauri" is also seen on GitLab.com Vulnerability Acknowledgements.

Read More

Security Researchers Acknowledgment

Facebook - White Hats
https://www.facebook.com/whitehat/

Twitter - Twitter Whitehats 2012 & 2013
https://twitter.com/about/security

Google - Security Hall of Fame - Honorable Mention - "April - June 2011"
http://www.google.com/about/appsecurity/hall-of-fame/distinction/

Tuenti - Security Hall of Fame
http://corporate.tuenti.com/en/dev/hall-of-fame

Nokia Siemens Networks - Security Hall of Fame - "November 2012"
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Constant Contact - Security Acknowledgement
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

OwnCloud - Security Hall of Fame 2012 & 2013
http://owncloud.org/security/hall-of-fame/

iFixit - Security Acknowledgement 2012 & 2013
http://www.ifixit.com/Info/responsible_disclosure

Zynga - Whitehats 2012 & 2013
http://company.zynga.com/security/whitehats

Redhat - Vulnerability Acknowledgements for Redhat online services -"2012 Acknowledgements"
https://access.redhat.com/knowledge/articles/66234

Adobe - Security Acknowledgments
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html

SoundCloud - Whitehat Thanks List
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

GitLab - Vulnerability Acknowledgements
http://blog.gitlab.com/vulnerability-acknowledgements/

Collective Idea - HarmonyApp Security Thank-you List
http://get.harmonyapp.com/security/

Read More

XSS Vulnerability found on Skype and Visual Studio Magazine

An Independent security researcher Ali Hasan Ghauri has discovered Cross Site Scripting(XSS) Vulnerability on the Skype's search website(community.skype.com), and in visual studio magazine (http://visualstudiomagazine.com/)

The vulnerabilities were reported to Skype by research worker and therefore the company’s representatives redirected it to Microsoft’s Security Response Center (MSRC), they're currently within the method of fixture the vulnerability.

Also He found xss vulnerability on visual studio's website, and reported it .

All The vulnerability are fixed now which,

Read Full On Thehackersblog.com

Read More

The Youngest Security Researcher

A Pakistani Student "Ali Hasan Ghauri" (AHPT) who is 14 years old, The Youngest Security Researcher has discovered XSS (Cross-Site Scripting) Vulnerability on http://www.w3schools.com main site. Below is the Screen Shot of XSS.

The Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.

Read Full Post On : Thehackerspost.com

Read More

A Pakistani Security Researcher " Ali Hasan Ghauri " has discovered Vulnerability on Filehippo.com

           A Pakistani Security Researcher " Ali Hasan Ghauri " founder of AHPT has discovered XSS Vulnerability on Filehippo.com , FileHippo is an Internet download website that offers open source, freeware, and shareware programs for Windows. It does not accept user uploaded files.The website also offers its own software, FileHippo Update Checker, a free program that scans a computer and then reports out-dated software in a web-page, offering links to updated versions.

           According to Quantcast, FileHippo receives more than three million US visitors each month and Alexa lists FileHippo among the 700 most visited websites worldwide.

Now the proof is here below 

 In December 2012 the filehippo entire domain was vulnerable so "Ali Hasan Ghauri" reported filehippo team that "filehippo is on big risk about security issues , kindly fix the issue as soon as possible."

Read More

A Pakistani Student "Ali Hasan Ghauri" (AHPT) has discovered a critical vulnerability on www.w3schools.com

         W3Schools is a web developer information website, with tutorials and references relating to web development topics such as HTML, CSS, JavaScript, PHP, and SQL.


         A Pakistani Student "Ali Hasan Ghauri" (AHPT) who has 14 years old , The Youngest Security Researcher has Discovered Cross-Site Scripting (XSS) Vulnerability on http://www.w3schools.com , it is great for this youngest kid (Security Researcher) appreciation . Because Vulnerability Finding on  http://www.w3schools.com is not a joke it's a difficult work .

          

       Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerability on Skype , Adobe , Asia Cnet , Yellowpages , visualstudiomagazine , Filehippo , Cnet Downloads , US.Acer , W3Schools , hamariweb , mile2.com & Many More .
Above sites are very popular & big sites so that we named but Youngest Security Researcher "Ali Hasan Ghauri" (AHPT) has found 250+ Vulnerable Sites & gives the Security as well .

Read More