Second Order SQL Injection Explained with Example

Second Order SQL Injection Explained with Example   Introduction Second Order Sql injection occurs when user submitted values contain SQL injection attacks that are stored  in the database, instead of getting executed immediately. Which means that when user data is stored in database and later used by some other functionality of the application it doesn’t […]

Second Order SQL Injection

List of Bug Bounties

List of Bug Bounties

List of Bug Bounties List of Bug Bounties ,  help yourself bug hunters , enjoy the feast     Hall Of Fame Only 123contactform 99designs Abacus 37signals Acquia ActiveCampaign Activeprospect Adobe Adapcare Aerofs Aerochive Agora Androidfreeapp.net Apple Atlassian Base CRM Beanstalk Bitcasa BitWall BlackBerry BrainTree Card Chargify Clojars CloudApp Constant Contact Di Martino Entertainment DigitalOcean […]


CSRF Token Protection Bypass Methods

CSRF Token Protection Bypass Methods Heya, as  web and websecurity is getting intense day by day , use of CSRF tokens are becoming a part of web security. Some time ago, use of CSRF token was enough for CSRF protection.Although, CSRF token protection can be bypassed using several  techniques. So This post briefly touches the CSRF […]

CSRF Token Protection Bypass Methods Edit

Polarssl Bug Bounty Write up

Polarssl Vulnerability Bug Bounty Write up

Polarssl Vulnerability Bug Bounty Write up Polarssl Vulnerability Bug Bounty Write up, So after like 6 months, I decided to get back in Bug Bounty game. I was kind of away from Pentesting / Bug hunting, because I was loosing interest. Anyway, now I am gonna hunt ;). So I googled list of bug bounties […]


Facebook HTML Injection Vulnerability Bug Bounty

Facebook HTML Injection Vulnerability Bug Bounty Hello everyone, Last year, i started getting into Bug Bounty game, My first target was facebook. Getting Facebook Hall of Fame was my wish, So i started pentesting  and after a week, found the vulnerability as the title says “Facebook HTML Injection Vulnerability Bug Bounty”. It was an HTML […]

Facebook HTML Injection Vulnerability Bug Bounty

Hacking Beginner's Frequently Asked Questions

Hacking Beginner’s Frequently Asked Questions

Hacking Beginner’s Frequently Asked Questions This post is for all beginners who wants to become a “hacker” / Penetration Tester. As the title says, Hacking Beginner’s Frequently Asked Questions. In my own experiences, these questions are frequently asked by beginners. This post will help them in answering their basic questions and clearing out their confusions.  […]


Domain Trader Multiple 0day Vulnerabilities

Few days ago , I was pentesting a CCTLD Registrar (for fun and … yeah fun ;)) . One of the scripts I found on their b0x was Domain Trader. This Script is used for , and I quote the vendor “This powerful and robust software allows you to create your own Domain Auction and […]

Domain Trader Multiple 0day Vulnerabilities

di

DigitalOcean VPS Review 7 months 2

In Late 2013, I decided to start blogging, for that I had to buy a VPS. VPS because, it gives complete control over the server, its more secure then shared hosting. For VPS, I was looking for Price , SSD , and Good Support. Found DigitalOcean that had all of these, So this is my […]


CloudFlare Bug Bounty 2

Got Cloudflare Bug Bounty Reward for reporting Web Application Vulnerability in cloudflare core , that effected all cloudflare based websites. I reported That vulnerability in late 2013, but at that time, Cloudlare didn’t have Bug Bounty Program. They thanked me with an email, later on, when they started bug bounty program, they contacted me for […]

cloudflare

Column Truncation SQL injection

Column Truncation SQL Injection Vulnerability 2

  Some time back I was in NotSoSecure CTF www.notsosecure.com/blog/2014/04/21/sqlilab-ctf-wrap-up/ competition, challenge was to use SQL injection(any kind) for obtaining 2 flags, to capture one flag, users were required to register as an admin. The application was vulnerable to column truncation sql injection vulnerability. column truncation sql injection vulnerability is a very interesting vulnerability, its actually […]