Jquery XSS

Long time back I reported an xss in JQuery’s website and few days back I noticed that it was fixed.   jQuery is a multi-browser JavaScript library designed to simplify the client-side scripting of HTML. It was released in January…

Waze Arbitrary File Upload

Waze is one of the world’s largest community based traffic and navigation app which was acquired by Google June 11, 2013 . And Google opens up responsible disclosure for their acquired websites . So I thought of trying my hands…

Imgur XSS

Imgur is an online image hosting service founded by Alan Schaaf in 2009 in Athens, Ohio. Imgur describes itself as “the home to the web’s most popular image content, curated in real time by a dedicated community through commenting, voting…

Don’t Get Trapped

This just an awareness for my blog readers . Think of the bad time when you go to your nearest ATM and find out that your bank balance is NILL. Because someone (a bad guy) hacked your account and transferred…

Oracle XSS

Every one knows about ORACLE . Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States. I spotted some security issues in their website and finally they have fixed it . One of them…

LFI in Nokia Maps

Well this is my first blog-post and I am going to share a Local File inclusion bug which I spotted in Nokia maps. :///etc/passwd reported on 2nd  JAN 2013 Nokia fixes it on 20th JAN 2013 And I received an…

Nokia Email App Pwnage

This was an interesting bug which I found in Nokia email app for Symbian mobiles in MARCH 2013. The email app was not filtering the JavaScripts in the body part of the mail and thereby leading to JavaScript execution via…