Ebay Xssed

09:47 Posted by Ali Hassan Ghori ,
I was found Xss in ebay and now i am sharing PoC...

PoC: www.ebay.com/rpp/fashionvault/athletic-shoes-for-him-and-her/

Google Bug Hunting

09:31 Posted by Ali Hassan Ghori ,
Today, i am sharing my Google findings that gives me a great experience.

Xss in html5rocks.com Google acquired Site.

PoC: http://www.html5rocks.com/en/tutorials/#

Bug in http://rightsflow.com/

I gives a Username and Password, Username field is all correct but in Password field, Password was showing and not marked as Password type.

Password field was defaults set as Text type.

Facebook WhiteHat Prorgam

10:17 Posted by Ali Hassan Ghori
Facebook has it's own Bug Bounty Program so I moved towards to Facebook, hope for find a Bug and get a bounty. So I started and try to find something as soon as I can continuously tried, during this I found some bugs and report to Facebook. All the bugs had rejected by Facebook. I lost my hope but something I have in my heart and in the short period I found an interesting bug by little more Hard Work.

This time Facebook accepted my bug and rewarded me with $500.

and after a few weeks my name Updated in Facebook WhiteHat List:

When I got $500 and it's my first bounty. Now my COnfidence is buildup and I Worked Hard more and another bug HTML INJECTION, I found in Facebook and they rewarded me for this bug with $1000.

Dell Xssed

11:22 Posted by Ali Hassan Ghori ,
Today, I wanna Show you one of my finding in Dell website.

SonicWall, originally a private company headquartered in San Jose, California, and now owned by Dell, sells a range of Internet appliances primarily directed at content control and network security.


The issue is now been fixed.