XSS on Feedly.com

according to alexa, feedly's global rank is 393 and it's Google PR is 7/10 which are quite niche. many of you have not heard about feedly but after the google reader have dead according to blogs like PCMag, gizmodo, verge and many more it have been the number one choice for RSS Reader. if you are a person who loves reading several blogs, like me feedly is for you. it takes all the news or blog title and shows it to one screen. 

Read more

2 Stored XSS on Vodafone

Cross Site Scripting have been my favorite vulnerability for all time, as XSS is very common to find in any website. in fact XSS is very dangerous Vulnerability. on OWASP's Top 10 Vulnerabilities of 2013 it is on 3rd. usually developer doesn't  watch out for this vulnerability while building website.  recently i have found 2 stored XSS on Vodafone! actually on vodafoneappstar.com, Vodafone App Star is an annual contest by vodafone to encourage developers to build apps for mobile platform. it is an international level contest by Vodafone.

Read more

Vulnerablity on Truecaller

Truecaller is a global phone directory application for smartphones and feature phones, and accessible via a Web site, developed by True Software Scandinavia AB. It finds contact details globally given name or telephone number, and has an integrated caller ID service using Crowdsourcing to achieve call-blocking functionality and social media integration to keep the phonebook up-to-date with pictures and birthdays.performing 120 million searches of the telephone number database every month. As of January 22, 2013 Truecaller reached 10 million users.

Read more

Finding Security Bug on Shikha.com

according to wikipedia - "Shiksha.com caters to the educational requirements and queries of students. The portal is the brainchild of Info Edge India Ltd. Students can find information on educational institutes, programs, scholarships and admission notifications. More than 40,000 courses of numerous Indian and overseas institutes are listed on this site. Shiksha.com has 15 branches in 12 Indian cities. As of May 2012, the traffic share as per Comscore is 41%. In July"

Read more

Finding XSS on Asia's top tech blog

i am a very big fan of Amit Agarwal, he is runs a asia's top technology blog and which counts under top 100 tech blogs over the globe! and when i was new to XSS i keep on injecting parameters to different website's different fields and one day i was just spending my time for reading labnol's articles and looking over his blog i just injected XSS parameter and fortunately it did worked :)

Read more

how sometimes reporting security flaws may result into some job offers

sometimes reporting vulnerabilities can turn some job offers to you, one day i was just surfing on internet and i came upon to a website that website was organizing a contest in which they are getting live opinions from the public about there new small movie and as always, i just injected a piece of javascript fortunately, it worked and the homepage of the website, every time it got open or refreshed it is having a alert “hacked by @n3g4tiv3eLemEnt” and after few second they restored there webpage, but i was not sure they have fixed up this vulnerability or not. so i injected another alert of saying “http://about.me/parv_jain” and it was working again.

Read more

Bypassing e-bay XSS filters to redirect to any other page

few days back, i have reported to vulnerability to e-bay as it bypasses the XSS (Cross site scripting) filters. but they refused it and don’t accept this as vulnerability and they send me mail saying this -

Read more