Friday, June 17, 2016

FormZero.in - SQL Injection & XSS Vulnerable

XSS Vulnerability in formzero.in

This is a POC formzero.in - POC - SQL Injection (Fixed) & XSS (Not Fixed)

 
In last few months I discovered and reported a lot of bugs on a lot of different websites. Last month I posted about the askmebazaar.com bug and now this month I am sharing my experience with formzero.in. An Indian company which provides easy to use online form system (similar to Google Forms) to institutes, universities, companies and schools.

Read more »
Posted by at No comments:

Monday, May 23, 2016

Authentication/Authorization Flaw in "askmebazaar.com"

Creating an Account with Non-Existent name
This is a POC. Askmebazaar.com - POC - No Validation/Authentication Code
 
In last two months I discovered and reported a lot of bugs on a lot of different websites. During that time I found bugs in major ecommerce sites as well. Last month I posted about the Justdial.com bug and now this month I am sharing my experience with Askmebazaar.com.
 
Read more »
Posted by at No comments:

Wednesday, April 20, 2016

JUSTDIAL.COM HACKED BY HEY24SHEEP


Using God Mode Character "Apostrophe" :)
This is a POC. JustDial.com - POC - SQL Injection & No Validation/Authentication Code

Read more »
Posted by at No comments:
Subscribe to: Posts (Atom)