I was found Xss in ebay and now i am sharing PoC...
PoC: www.ebay.com/rpp/fashionvault/athletic-shoes-for-him-and-her/
PoC: www.ebay.com/rpp/fashionvault/athletic-shoes-for-him-and-her/
Google Bug Hunting
Today, i am sharing my Google findings that gives me a great experience.
First,
Xss in html5rock
PoC: http://www.html5rocks.com/en/tutorials/#
Second,
Bug in http://rightsflow.com/
I gives a Username and Password, Username field is all correct but in Password field, Password was showing and not marked as Password type.
Password field was defaults set as Text type.
First,
Xss in html5rock
PoC: http://www.html5rocks.com/en/tutorials/#
Second,
Bug in http://rightsflow.com/
I gives a Username and Password, Username field is all correct but in Password field, Password was showing and not marked as Password type.
Password field was defaults set as Text type.
Etsy Bug Bounty Program
Recently I participated in Etsy Bug Bounty Program and got success for a long time working and now I'm in Etsy Hall Of Fame for reporting Vulnerabilities to them:
http://www.etsy.com/help/article/2463
Facebook WhiteHat Prorgam
Facebook has it's own Bug Bounty Program so I moved towards to Facebook, hope for find a Bug and get a bounty. So I started and try to find something as soon as I can continuously tried, during this I found some bugs and report to Facebook. All the bugs had rejected by Facebook. I lost my hope but something I have in my heart and in the short period I found an interesting bug by little more Hard Work.
This time Facebook accepted my bug and rewarded me with $500.
and after a few weeks my name Updated in Facebook WhiteHat List:
This time Facebook accepted my bug and rewarded me with $500.
and after a few weeks my name Updated in Facebook WhiteHat List:
When I got $500 and it's my first bounty. Now my COnfidence is buildup and I Worked Hard more and another bug HTML INJECTION, I found in Facebook and they rewarded me for this bug with $1000.
Twitter - White Hat Program
Long time ago , I was found a bug in Twitter acquired site https://bagcheck.com/ , and I reported a bug to Twitter and they confirmed this issue. After some months Twitter asked me to prefer name for Twitter White Hat List and Updated me in their White Hat List.
https://about.twitter.com/company/security
https://about.twitter.com/company/security
Dell Xssed
Today, I wanna Show you one of my finding in Dell website.
SonicWall, originally a private company headquartered in San Jose, California, and now owned by Dell, sells a range of Internet appliances primarily directed at content control and network security.
Response:
The issue is now been fixed.
SonicWall, originally a private company headquartered in San Jose, California, and now owned by Dell, sells a range of Internet appliances primarily directed at content control and network security.
Response:
The issue is now been fixed.