Tuesday, 1 September 2015

Cross Site Scripting in Hackpad

hi
This is my first write up.Hope you will like it.

 So,XSS in Hackpad

 It was Feb 2,2015.I saw DropBox Program on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't lucky.So I thought why not go for acquisitions.I searched Google for Dropbox acquisition and HackPad was the most recent one.

 So,What was next.I created an account and started testing it.I think it was my lucky day.I put a simple vector in search bar (<ScRiPt>prompt(document.domain)</ScRipt>) and it got executed.I was surprised on it.Search bar !!! and its vulnerable.



Quickly I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got

 HALL OF FAME







1 TB QUOTA
T-SHIRT

 I hope you will like it..
Muhammad Abdullah


Posted by at No comments:

Sunday, 2 August 2015

My Achievements And Bug Bounties

I have reported many small and big companies.Well some have rewarded and some have not but I love hunting and  reporting as I want Web to be safe and secure.Here is a small list of companies to whom I reported. It includes both private and Public Bounty Programs.

Apple : https://support.apple.com/en-us/HT201536
Apptentive : http://apptentive.com/
Bountify : http://bountify.io
CCedk Exchange : https://ccedk.com
Coindaddy : http://coindaddy.io
CryTek : http://crytek.com
DataDog : https://datadoghq.com/security
DropBox :https://hackerone.com/dropbox/thanks
Ebay Inc : http://ebay.com/securitycenter/ResearchersAcknowledgement.html
Eset : http://www.eset.com (x3)
Edx : http://edx.org
FortuneJack Casino : https://fortunejack.com/
FunCaptch : https://www.funcaptcha.com/whitehat/
Guru : https://Guru.com
HolyTransaction : https://holytransaction.com/
Layer : http://layer.com
MerchantPlus : http://mechantplus.com
OriginPc : http://originpc.com

Piwiq : http://piwiq.org
Pivotal : http://pivotal.io/security
Payapp : http://payapp.io
Peercoin : http://peercoin.net 
TixTime : http://tixtime.com
Tld-Systems : http://tld-systems.com/
Unitag : http://unitag.io/
Vmware : http://vmware.com
Valve(steam) : http://store.steampowered.com/
Verso : http://versocards.com  
Zopim:http://hackerone.com/zopim/thanks


+ Some Other Private Which I don't want to share and multiple Duplicates 

 
 



Posted by at No comments:

Tuesday, 14 July 2015

Whoami

root@Abd-Ground:~#

 root@Abd-Ground:~#whoami


root@Abd-Ground:~#Muhammad Abdullah ,just a Computer Engg Student from Nust Pakistan ,20 .Interested in Information Security ,Pentesting and Web stuff.Tennis Player and love Badminton and Ping Pong.I started as Black hat (defacing and other stuff) but in 2013 I turned to Responsible-Disclosure (White-Hat Stuff) and since then I am hunting and reporting in my free time.And now in 2015 I am starting Blogging.

root@Abd-Ground:~#
 
root@Abd-Ground:~#.....
Posted by at No comments:
Subscribe to: Comments (Atom)