Wednesday 23 November 2016

Yahoo Web Security Bug Bounty : Phpmyadmin access make data on risk

Yahoo Web Security Bug Bounty :  Phpmyadmin access make data on risk



 

Little Insight: 


 Vulnerability in Yahoo bug bounty  data on risk 


Vulnerable Website: 

http://tw.page.games.yahoo.net/phpmyadmin/setup/index.php?page=form&formset=Left_frame#tab_Left_tables


Impact: As you can see in the following screenshot I managed to login into phpmyadmin




 


Reward For  Phpmyadmin access  Vulnerability  : 500$

 

More Information

Thank you for your report, normally this would be out of scope but we felt this was a good find and we awarded a discretionary bounty.

The vulnerability mentioned here has been confirmed patched by the Yahoo Security Team.

 

Sunday 6 November 2016

WhatsApp : XSS vulnerability can be misused for Spreading Malware


   WhatsApp  XSS vulnerability can be misused for Spreading Malware 

 

 

 

 

Little Insight: 

[ According to FACEBOOK, This XSS could take advantage of the known domain to make phishing attacks easier or can be misused for Spreading Malware   :-)  ]

 

Reward For Whatsapp XSS  Vulnerability  : 1000$












More Information

The vulnerability mentioned here has been confirmed patched by the Facebook Security Team. 




Friday 2 September 2016

Google Web Security Bug Reward: Restricted File Upload in Google Adwords

Google Web Security Bug Reward: Restricted File Upload in Google Adwords









Little Insight: 

 

Well this is my first Vulnerability in Google bug bounty

 

which I spotted in  https://www.google.com/adwords/

 

Report Date :  10th fab 2014 

 

Reward For Restricted File Upload by pass  Vulnerability  : 500$

 

How This Work


 

 

 

More Information

 

The vulnerability mentioned here has been confirmed patched by the Google Security Team.

 

 

Friday 18 March 2016

Ebay INC (Magento) Web Security Bug Bounty: Directory Traversal / Local File Inclusion In magento.com


Little Insight:

 

https://wiki.magento.com was vulnerable to a directory traversal / local file inclusion vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem.

 

well this #LFI very interesting for me because when i am start my work i don't know its a java base application when i am go deep and deeper than i found its a java based application so this one very hard to find for me because  i am try to find as always etc/passwd 

 

Report Date :  27th may 2014 

Reward For  Directory Traversal Vulnerability  : 2500$

 

How This Work


when i was testing it was found url in sub-domain


after seen this url just try my luck for finding LFI so remove  de_DE-1988229788/4394/a32f094df7825f58c6a417309475c6c954804a27.10/1.0 and use url as https://wiki.magento.com/s/
 but when i am use this its show you can't access this page


this time my mind sure its have insecure forward rule then now i am try for LFI still i am not know its java based application.

 ... now work begin....


My Finding....

In the above summary just got a click on my mind now i try to find etc/passwd using ../or ..//..// and many more try but not success 

between this i m find one more url that file contain some data


File contents found:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
         version="2.4">

 


here now i got my answer its a java application but i am a little surprise java application with insecure forward rule

than i start my work on google is it possible LFI in java application in a few hours i got something like

 

Web Application Directory Structure

myWebApp/
  WEB-INF/
    web.xml
    weblogic.xml
    lib/
      MyLib.jar
    classes/
      MyPackage/
        MyServlet.class
  index.html
  index.jsp
 
 
 
now i try to find web.xml because  its an config file as on web apps on Apache php and other ../etc/pwd but here is java so its have web.xml file

so now url with ../web-inf/web.xml
after a few try i got this

https://wiki.magento.com/s/de_DE-1988229788/4394/a32f094df7825f58c6a417309475c6c954804a27.10/1.0/../../WEB-INF/web.xml

and now i can access every file from dir on this server 

 

More about


The vulnerability mentioned here has been confirmed fixed by EBay Inc Team.

you can also meet me on 


FACEBOOK

TWITTER