Thursday, 3 March 2016

Cross Site Scripting (XSS) in Apptentive

So here I am with another finding of mine.I found Stored XSS in Apptentive. It was pretty easy to bypass their blacklist.

Vulnerable parameters were the account name of an account and the company name.So I created an account with a pretty simple payload

/<svg/onload=prompt(1)>''

Now as I refreshed my dashboard Payload got executed.



Team Fixed it pretty fast but it took them 4 months to send my token of appreciation...

Got some swags and Letter of Appreciation






Muhammad Abdullah



Posted by at No comments:

Tuesday, 1 March 2016

XSS in Beatsbydre.com

In 2014 Apple Acquired Beats. Just after acquisition I thought of testing it. So I ended up finding multiple XSS in their main domain http://beatsbydre.com. 

 So what was next?? other than reporting the Bug

 Vulnerable Links were like below
http://www.beatsbydre.com/earphones/tour/red/900-00101-01.html?maxLimitError=--></
SCRIPT>">'><SCRIPT>prompt(String.fromCharCode(34, 120, 115, 115, 32, 98, 121, 32, 77, 117, 104, 97, 109, 109, 97, 100, 32, 32, 65, 98, 100, 117, 108, 108, 97, 104, 34))</SCRIPT>



http://www.beatsbydre.com/headphones/mixr/beats-mixr.html?bvrrp=9218-en_us/reviews/product/5/beats-mixr.htm&icid="><img src=1 onerror=prompt(document.domain);>//
 
Simple Vectors were used...
 
At First Apple refused to address the Vulnerability
 

 


But later on they accepted the report.
 
As per Apple's Policy Only HOF was offered as a reward..
 
 


Muhammad Abdullah
Posted by at No comments:

XSS in SteamCommunity

This is My Second Writeup ,An old finding of mine.
So,this was year 2013 ,I guess Dec was the month. I was new to Bug hunting at that time. A starter in this field. I was searching around to hunt a site. Then I said why don't I try Steam. Its a big company surely it would have bugs in their services and probably they would reward (At that time Valve had no Proper Security Program). So I tested their main domain and no luck.

Then I tried

http://steamcommunity.com

Luckily the search Bar was vulnerable to XSS and simple XSS vector

"><img src=x onerror=prompt(1)>"

got executed






POC...


So Reported it and After 2-3 days Devs Replied ,confirming the Vulnerability. And Devs be like


So,I dig deeper and found 4 more XSS bugs and reported them.Their Response was quick and appreciable.

So as a Reward got some Swags and a Complete Valve game Bundle.



Muhammad Abdullah

Posted by at No comments:

Tuesday, 1 September 2015

Cross Site Scripting in Hackpad

hi
This is my first write up.Hope you will like it.

 So,XSS in Hackpad

 It was Feb 2,2015.I saw DropBox Program on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't lucky.So I thought why not go for acquisitions.I searched Google for Dropbox acquisition and HackPad was the most recent one.

 So,What was next.I created an account and started testing it.I think it was my lucky day.I put a simple vector in search bar (<ScRiPt>prompt(document.domain)</ScRipt>) and it got executed.I was surprised on it.Search bar !!! and its vulnerable.



Quickly I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got

 HALL OF FAME







1 TB QUOTA
T-SHIRT

 I hope you will like it..
Muhammad Abdullah


Posted by at No comments:

Sunday, 2 August 2015

My Achievements And Bug Bounties

I have reported many small and big companies.Well some have rewarded and some have not but I love hunting and  reporting as I want Web to be safe and secure.Here is a small list of companies to whom I reported. It includes both private and Public Bounty Programs.

Apple : https://support.apple.com/en-us/HT201536
Apptentive : http://apptentive.com/
Bountify : http://bountify.io
CCedk Exchange : https://ccedk.com
Coindaddy : http://coindaddy.io
CryTek : http://crytek.com
DataDog : https://datadoghq.com/security
DropBox :https://hackerone.com/dropbox/thanks
Ebay Inc : http://ebay.com/securitycenter/ResearchersAcknowledgement.html
Eset : http://www.eset.com (x3)
Edx : http://edx.org
FortuneJack Casino : https://fortunejack.com/
FunCaptch : https://www.funcaptcha.com/whitehat/
Guru : https://Guru.com
HolyTransaction : https://holytransaction.com/
Layer : http://layer.com
MerchantPlus : http://mechantplus.com
OriginPc : http://originpc.com

Piwiq : http://piwiq.org
Pivotal : http://pivotal.io/security
Payapp : http://payapp.io
Peercoin : http://peercoin.net 
TixTime : http://tixtime.com
Tld-Systems : http://tld-systems.com/
Unitag : http://unitag.io/
Vmware : http://vmware.com
Valve(steam) : http://store.steampowered.com/
Verso : http://versocards.com  
Zopim:http://hackerone.com/zopim/thanks


+ Some Other Private Which I don't want to share and multiple Duplicates 

 
 



Posted by at No comments:

Tuesday, 14 July 2015

Whoami

root@Abd-Ground:~#

 root@Abd-Ground:~#whoami


root@Abd-Ground:~#Muhammad Abdullah ,just a Computer Engg Student from Nust Pakistan ,20 .Interested in Information Security ,Pentesting and Web stuff.Tennis Player and love Badminton and Ping Pong.I started as Black hat (defacing and other stuff) but in 2013 I turned to Responsible-Disclosure (White-Hat Stuff) and since then I am hunting and reporting in my free time.And now in 2015 I am starting Blogging.

root@Abd-Ground:~#
 
root@Abd-Ground:~#.....
Posted by at No comments:
Subscribe to: Comments (Atom)