Finding Security Bug on Shikha.com

according to wikipedia - "Shiksha.com caters to the educational requirements and queries of students. The portal is the brainchild of Info Edge India Ltd. Students can find information on educational institutes, programs, scholarships and admission notifications. More than 40,000 courses of numerous Indian and overseas institutes are listed on this site. Shiksha.com has 15 branches in 12 Indian cities. As of May 2012, the traffic share as per Comscore is 41%. In July"

Read more

Finding XSS on Asia's top tech blog

i am a very big fan of Amit Agarwal, he is runs a asia's top technology blog and which counts under top 100 tech blogs over the globe! and when i was new to XSS i keep on injecting parameters to different website's different fields and one day i was just spending my time for reading labnol's articles and looking over his blog i just injected XSS parameter and fortunately it did worked :)

Read more

how sometimes reporting security flaws may result into some job offers

sometimes reporting vulnerabilities can turn some job offers to you, one day i was just surfing on internet and i came upon to a website that website was organizing a contest in which they are getting live opinions from the public about there new small movie and as always, i just injected a piece of javascript fortunately, it worked and the homepage of the website, every time it got open or refreshed it is having a alert “hacked by @n3g4tiv3eLemEnt” and after few second they restored there webpage, but i was not sure they have fixed up this vulnerability or not. so i injected another alert of saying “http://about.me/parv_jain” and it was working again.

Read more

Bypassing e-bay XSS filters to redirect to any other page

few days back, i have reported to vulnerability to e-bay as it bypasses the XSS (Cross site scripting) filters. but they refused it and don’t accept this as vulnerability and they send me mail saying this -

Read more