Finding a XSS in Microsoft OAuth Interface, a major risk for the security of the users' account

Summary In this article, I want to talk about one of my latest vulnerabilities that I found during my research, namely a Stored XSS(Cross Site Scripting) flaw in Microsoft OAuth Interface. My experience as a researcher with this company started two years ago when, out of curiosity, I began to look...

Read More

How I found the sweets inside Google servers. Local File Inclusion Write-up @ 2015

Hello there. In this blog post I'll tell you how I've managed to read arbitrary files from the Google servers by finding/exploiting a Local-File-Inclusion vulnerability. This flaw was found in one of the Google products, Google Feedburner, and was fastly fixed by Google Security Team. As Wikipedia...

Read More

Avangate eCommerce Platform - XSS Vulnerabilities

Description: Avangate eCommerce Platform suffer from Reflected-XSS(Cross-Site-Scripting) vulnerabilities which can be easily exploited and could allow an attacker to threaten users safety . What is XSS(Cross-Site-Scripting) vulnerability ? Reflected cross-site-scripting vulnerabilities arise when...

Read More

Google Feedburner - Reflected XSS

The base URL for this vulnerability will be : http://feedburner.google.com/fb/a/emailFlare?itemTitle=test&uri=test If you open the link above in browser you can see that the basic form which allows you to email a "Flare" to a random e-mail address. So, if you complete that form with random...

Read More

Bitdefender Security Breakdown - LFI/OAuth/XSS vulnerabilities

Summary Bitdefender websites were vulnerable to some web flaws that could allow an attacker to obtain arbitrary local files from the web server or hijack users sensitive information. Vulnerability Details LFI (Local File Inclusion) The vulnerable script was located here : http://www.bitdefender.com/downloadFile.php?language=in&fileName=pok.txt&filePath=../../../../../../etc/passwd Usually...

Read More