Showing posts from 2013

Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO

Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO . Found By:  Yogesh Jaygadkar | Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0 Tested with: vBulletin 4.0.6 & vBulletin 4.2.1 Vulnerable POST Parameter:  sendtrackbacks vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. POC:[Thread ID] = In Advanced Reply Or New Thread page, Put your ">vec

PayPal : User Credit Card Information Disclosure

Okay... So, here is another one old & duplicate bug from PayPall , which I reported looooong back. I have found some strange results of This sub domain is storing all credit card information of paypal user in URL. Below is the google dork for finding such “stored” CC details. Google Dork: inurl:CVV2= Google results are not much, nearly 80, but still harmful as sensitive user information is getting leaked.

Listed in Barracuda Networks Hall of Fame

Listed in Barracuda Networks Security - Hall of Fame.     Found multiple vulnerabilities in Barracuda security products. Bugs are still not patched.   'll update the POC once all bugs gets patched Thanks :)

Listed in Google Hall Of Fame

After 2 continues duplicate bugs & 2 Rejections, Google Accepted my 3 bugs... 1 bug is fixed, 2 more in row : D   1st bug did not qualify for a reward so they listed me on their Google Hall of Fame - distinction  . But soon I'll be on Reward Recipients page ;)     So, Finally I am listed in Google Hall Of Fame. ‘ll update the POC once all bugs gets patched

SQL Injection Vulnerability in ebay sub domains

Title : SQL Injection Vulnerability in sub domains Author : Yogesh D Jaygadkar Reported : December 27, 2012 Fixed : Jan 15, 2013 Public Released : Jan 25, 2013 Thanks To : Darshit Ashara Greets : Rahul Bro, Aasim, Sandeep, Sagar Description : Last Month I reported SQL Injection vulnerabilities in  sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally they fixed it & listed me in their Researchers Acknowledgement Page . Like every other bounty hunter I was also searching for some vulnerability in EBAY. That time I have no idea that Ebay don’t give bounty for any vulnerability. Not even for SQL Injection. :) POC: Sub Domains: & Page: searchAnnoucement.php searchAnnoucement.php Vulnerable Parameter: “ checkbox” Array POST parameter. Search option in ab

Password Reset Vulnerability in

Title :  Password Reset Vulnerability in Vuln URL : Author : Yogesh D Jaygadkar Reported : December 30, 2012 Fixed : December 30, 2012 Public Released :  Jan 08, 2013   Description : In, when users reset their password, they receives password reset link which is as below.[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 When I received this mail, I started playing with this link. I noticed that token is not getting validated from server side. So I removed it & tested with my own id.  Final POC :[victim user's email ID]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 And Password changed successfully.   Finally I