Friday, 1 January 2016

Acknowledged By Twilio WIth (POC) ( Dos With Email)

I Reported Logical Denial Of Service Bug To Twilio. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty.


Small Description :- i m able to create a email with 100000000000000 words so , when i use that email on login page its make sites unavailable.


About Bug:-  Google Says denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.




Hall Of Fame Link :-  https://bugcrowd.com/twilio/hall-of-fame



Thanks for reading...

Acknowledged By Jet WIth (POC) ( Dos With Password)

I Reported Logical Denial Of Service Bug To Jet. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty.


Small Description :- i m able to create a password with 100000000000000 words so , when i use that password on login page its make sites unavailable.


About Bug:-  Google Says denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Hall Of Fame Link :-  https://bugcrowd.com/jet/hall-of-fame




Thanks for reading......

Acknowledged By Itbit WIth (POC) ( Dos With Password)

I Reported Logical Denial Of Service Bug To ItBit. They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty.


Small Description :- i m able to create a password with 100000000000000 words so , when i use that password on login page its make sites unavailable.


About Bug:-  Google Says denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.





Hall Of Fame Link :-  https://hackerone.com/itbit/thanks

Disclosed Report:-  https://hackerone.com/reports/98083


Thanks for reading...

Acknowledged By Blockhain WIth (POC)

I Reported Content spoofing  Bug To Blockchain They Accept My Report And Decided To Provide Me Hall Of Fame + Bounty.

About Bug:-  Google Says Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application.



Vulnerable Link :- https://goo.gl/g2FW2O

Thanks for reading ..

Sunday, 5 July 2015

Acknowledged By Apptentive (Certificate + T-shirt)

I Reported Cross Site Request Forgery  Bug To Apptentive They Accept My Report And Decided To Provide Me Certificate + T-shirt.

About Bug:- 

Google Says Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user's Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
 

Acknowledged By Urban Airship (T-shirt + Hall Of Fame)

I Reported Misconfigured SPF Bug To Urban Airship They Accept My Report And Decided To Provide  Me T-shirt + Hall Of Fame

Google Says About Misconfigured Spf if there is no spf or misconfigured spf issue on any websites its fully leads to spoof mails. attacker can manage to send fake mail  from anything@example.com.

Hall Of Fame Link:- http://urbanairship.com/full-disclosure-security-policy