Microsoft Edge Browser For IOS - Address Bar Spoofing Vulnerability 2:41 PM During one of my previous posts " Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers ", I discussed about several ...
Paypal Mobile Verification And Payment Restrictions Bypass 8:53 AM In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verificat...
Sucuri WAF XSS Filter Bypass 8:50 AM Introduction Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and preve...
Bad Meets evil - PHP meets Regular Expressions 8:48 AM twi This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn mis...
A Tale Of Another SOP Bypass In Android Browser < 4.4 8:44 AM Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to resea...
Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 8:43 AM Introduction Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic ...
Android Browser + Messaging App DOS 8:42 AM While being impressed by Collin Mulliner's research on smart phones, I found myself very curious trying to find vulnerabilities ins...
Puffin Web Browser Pop Up Recursion Vulnerability - DOS 8:42 AM During my recent security research on " Puffin Web Browser " I found several security bugs with " Puffin Web Browser ...
Nokia Asha Series Lock Screen Bypass 8:41 AM There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you ob...
DOM XSS Explained 8:37 AM Cross Site scripting (XSS) has been a problem for well over a decade now, XSS just like other well known security issues such a...
A Tale Of A DOM Based XSS In Paypal 8:36 AM Introduction We have already disclosed lots of findings related to DOM Based XSS and this article talks about a pretty interesting ...
Code Igniter XSS Filter Multiple Bypasses 8:33 AM Recently we released our " XSS Filter Evasion Cheat Sheet ", i was quite surprised to hear the community feedback. The total d...
phpThumb Server Side Request Forgery 8:31 AM Recently me along with my friend " Deepankar Arora " discovered a server side request forgery vulnerability inside of the phpT...
Error Based SQL Injection - Tricks In The Trade 7:59 AM Trigger an error In this article I am going to describe some simple tips and tricks, which are useful to find and/or exploit error base...
Bypassing Cloudflare - Attack-Secure Challenge Writeup! 7:57 AM Few days back we setup a small and interesting challenge for RHA readers, the main goal of the challenge was to find the hosting provid...
Introducing Evil In Your Website With Untrusted Third Party Scripts 7:48 AM This is a small case study, where my aim is to explain why you shouldn't use untrusted third party scripts on your website. Htmlcomm...
Kali Linux DOM Based XSS Writeup 7:43 AM Recently, I have been on a mission to find XSS in popular security training websites, Since these are the ones who care about their secu...
SQL Injection With Update Query 7:42 AM We have wrote couple of articles discussing various techniques and attack vectors for SQL Injection, We have...
Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera 7:41 AM Now a days, I am not much active in bug bounty programs, However, still i wanted to share my experience with Opera, Opera does not have...
DOM Based XSS In Microsoft 7:36 AM Lately, i have been researching on DOM based XSS a bit, In my previous post i talked about the DOM based XSS i found inside A...