iFixit | Forgot Password Mechanism Works as a Spam Machine

1) You got to go to Forgot Password webpage.{https://www.ifixit.com/login/forgot_password} 2) You will see an input text field where you can enter an e-mail address * Now, repeat the above 2 steps and you can keep sending e-mails to the same address again and again. You need to do is just simply Click Reset My password many times. "Attacker would automate HTTP requests and keep sending the e-mails" repeatedly. This could result in spamming where attacker enters the target e-mail address which might belong to anyone and keeps them sending bulk e-mails which makes the customer look at it as, spamming which is pathetic.

Read More

Linkcentre | Reflected Cross Site Scripting Vulnerability

1. Simply copy and paste the below URL in Google Chrome, Mozilla Firefox and IE.
https://www.linkcentre.com/search/?q=%27;prompt(document.domain);///

2. It will give you a popup which reflected on "q" parameter.  
Bypassing Technique: \';alert(1);///

Read More