Showing posts with label Ali Hasan Ghauri. Show all posts
Showing posts with label Ali Hasan Ghauri. Show all posts
Wednesday, May 1, 2013
0
Wednesday, May 1, 2013
Nauman Ashraf
Read More..
New Record of Pakistani 14 Years Student Researcher in the field Of Web Application Security
14 Years Old , Pakistani Security Researcher Ali Hasan Ghauri found Cross Site Scripting Vulnerability on many high profile websites. Recently Ali Hasan found and reported XSS vulnerability in one of the biggest website, ebay and its own website shopping.com
Here are some Screen Shots :
Ebay fixed the Vulnerability on both sites and credit his name in Ebay responsible Disclosure Page. This is not finished , he also found XSS Vulnerability on Myspace.com. Myspace don't reply to the Researcher. According to the Researcher , Myspace Vulnerability still exists and he reported about 15 times to the Myspace Security Team but there is no reply to the researcher .
POC is not provided by researcher because the Vulnerability still exists .
Here is Screen Shot :
This young security researcher also found an XSS vulnerability on Cisco website & reported to the Cisco Security Team.
Cisco Replied to Researcher :
Cisco fixed this XSS Vulnerability very soon But don't offer any reward for the researcher.
Here is POC:
http://newsroom.cisco.com/press-release-content?articleld=1118649%22%3E%3Cimg%20src=x%20onerror=prompt%28XSS/By/AliHasanGhauri%29%3E
In the survey of this little boy Blog , he wrote about 150+ website Vulnerability which is fixed now and this 14 Year little boy made a record (Previous record is 16 Years ) for listed on the following websites :
Gitlab
http://blog.gitlab.com/vulnerability-acknowledgements/
BarracudaLabs
http://www.barracudalabs.com/bugbounty/halloffame.html
Ebay
http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
wizehive
http://www.wizehive.com/special_thanks.html
Redhat
https://access.redhat.com/site/articles/66234
Opera
http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers
ConstantContact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
According to the Researcher , he will be acknowledge in Adobe , Microsoft and At&t in Hall Of Fame because he reported the bug in these websites and they said that next month he will be listed in Hall Of Fame
Here are some Screen Shots :
Ebay fixed the Vulnerability on both sites and credit his name in Ebay responsible Disclosure Page. This is not finished , he also found XSS Vulnerability on Myspace.com. Myspace don't reply to the Researcher. According to the Researcher , Myspace Vulnerability still exists and he reported about 15 times to the Myspace Security Team but there is no reply to the researcher .
POC is not provided by researcher because the Vulnerability still exists .
Here is Screen Shot :
This young security researcher also found an XSS vulnerability on Cisco website & reported to the Cisco Security Team.
Cisco Replied to Researcher :
Cisco fixed this XSS Vulnerability very soon But don't offer any reward for the researcher.
Here is POC:
http://newsroom.cisco.com/press-release-content?articleld=1118649%22%3E%3Cimg%20src=x%20onerror=prompt%28XSS/By/AliHasanGhauri%29%3E
In the survey of this little boy Blog , he wrote about 150+ website Vulnerability which is fixed now and this 14 Year little boy made a record (Previous record is 16 Years ) for listed on the following websites :
Gitlab
http://blog.gitlab.com/vulnerability-acknowledgements/
BarracudaLabs
http://www.barracudalabs.com/bugbounty/halloffame.html
Ebay
http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
wizehive
http://www.wizehive.com/special_thanks.html
Redhat
https://access.redhat.com/site/articles/66234
Opera
http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers
ConstantContact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
According to the Researcher , he will be acknowledge in Adobe , Microsoft and At&t in Hall Of Fame because he reported the bug in these websites and they said that next month he will be listed in Hall Of Fame
Wednesday, March 13, 2013
0
Wednesday, March 13, 2013
Nauman Ashraf
-->
The Youngest Security Researcher " Ali Hasan Ghauri " also found XSS Vulnerabilities on OLX , EBAY , BrainTree Payments , GitLab & many more.
Ebay POC Screen Shot:
Ebay Acknowledged his name in Responsible Disclosure Acknowledgements Page.
GitLab also Acknowledged his name in Vulnerability Acknowledgement Disclosure.
According to Security Researcher, BrainTree Payments sent him a Cool T-shirt for finding bugs.
Read More..
Amazon vulnerable to XSS flaw found by Security Researcher
Ali Hasan Ghauri - 14 Years old , The Youngest Security Researcher found XSS vulnerability on Amazon (www.amazon.com) main site. Vulnerability is fixed by Amazon Security Team.
The Security researcher told The Hackers Post that he reported XSS flaw to Amazon security team. He got immediate response with appreciation and vulnerablity fixed by them.
[#] - Website:
http://www.amazon.com/
[#] - Vulnerable link (POC):
XSS (Cross Site Scripting)
[#] - Status:
Fixed [Critical]
[#] - Tested on:
Firefox 19.0.1
The Security researcher told The Hackers Post that he reported XSS flaw to Amazon security team. He got immediate response with appreciation and vulnerablity fixed by them.
Amazon Secuity Team immediately patched the XSS flaw which was reported by me. They didnot offer any reward to me because they dont have bug bounty program.
[#] - Website:
http://www.amazon.com/
[#] - Vulnerable link (POC):
http://www.amazon.com/Thomas-Calculus-Multivariable-12th-George/dp/0321643690/%22ns=%22alert%280x000308%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ghauri%22%29%3C/script%3E[#] - Vulnerability Type:
XSS (Cross Site Scripting)
[#] - Status:
Fixed [Critical]
[#] - Tested on:
Firefox 19.0.1
The Youngest Security Researcher " Ali Hasan Ghauri " also found XSS Vulnerabilities on OLX , EBAY , BrainTree Payments , GitLab & many more.
Ebay POC Screen Shot:
Ebay Acknowledged his name in Responsible Disclosure Acknowledgements Page.
GitLab also Acknowledged his name in Vulnerability Acknowledgement Disclosure.
According to Security Researcher, BrainTree Payments sent him a Cool T-shirt for finding bugs.
Wednesday, February 20, 2013
0
Wednesday, February 20, 2013
Nauman Ashraf
A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Filehippo.com main site. Vulnerability still exists
Security Researcher told The Hackers Post that In December 2012, the Filehippo entire domain was vulnerable and reported XSS flaw to Filehippo team but did not get any response from the company, so i decided to make it public.
Last time we published news of W3Schools vulnerable to same XSS flaw reported by the security researcher.
[#] - Website:
http://www.sify.com
[#] - Vulnerable link (POC):
http://www.filehippo.com/it/download_ccleaner/%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ali%20Hasan%20Ghauri%22%29%3C/script%3E
[#] - Vulnerability Type:
XSS (Cross Site Scripting)
[#] - Status:
Not Fixed [Critical]
[#] - Tested on:
Firefox 18.0.1
The Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.
About Filehippo:
FileHippo is an Internet download website that offers open source, freeware, and shareware programs for Windows. It does not accept user uploaded files.The website also offers its own software, FileHippo Update Checker, a free program that scans a computer and then reports out-dated software in a web-page, offering links to updated versions.
According to Quantcast, FileHippo receives more than three million US visitors each month and Alexa lists FileHippo among the 700 most visited websites worldwide.
More News of XSS flaw can be found here.
Read More..
FileHippo Vulnerable to XSS flaw found by Security researcher
A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Filehippo.com main site. Vulnerability still exists
Last time we published news of W3Schools vulnerable to same XSS flaw reported by the security researcher.
[#] - Website:
http://www.sify.com
[#] - Vulnerable link (POC):
http://www.filehippo.com/it/download_ccleaner/%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28%22XSS%20By%20Ali%20Hasan%20Ghauri%22%29%3C/script%3E
[#] - Vulnerability Type:
XSS (Cross Site Scripting)
[#] - Status:
Not Fixed [Critical]
[#] - Tested on:
Firefox 18.0.1
The Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.
About Filehippo:
FileHippo is an Internet download website that offers open source, freeware, and shareware programs for Windows. It does not accept user uploaded files.The website also offers its own software, FileHippo Update Checker, a free program that scans a computer and then reports out-dated software in a web-page, offering links to updated versions.
According to Quantcast, FileHippo receives more than three million US visitors each month and Alexa lists FileHippo among the 700 most visited websites worldwide.
More News of XSS flaw can be found here.
Saturday, February 2, 2013
0
Saturday, February 2, 2013
Nauman Ashraf
Read More..
W3Schools XSS vulnerability Found by the youngest Security Researcher
A Pakistani Student "Ali Hasan Ghauri" (AHPT) who is 14 years old, The Youngest Security Researcher has discovered XSS (Cross-Site Scripting) Vulnerability on http://www.w3schools.com main site. Below is the Screen Shot of XSS.
The Youngest Pakistani Security Researcher "Ali Hasan Ghauri" (AHPT) also Found Vulnerabilities on Big Tech Sites on Skype , Adobe, Asia Cnet, Yellowpages, visualstudiomagazine ,Filehippo ,CnetDownloads, US.Acer, W3Schools, Hamariweb & Many More.
Above just polpular sites are mentioned But The Youngest Security Researcher "Ali Hasan Ghauri" (AHPT) has found 250+ Vulnerable Sites & reported to them by giving the Security as well .
About W3Schools:
W3Schools is a web developer information website, with tutorials and references relating to web development topics such as HTML, CSS, JavaScript, PHP, and SQL.
Update:
XSS flaw on W3Schools fixed now.
Subscribe to:
Posts
(
Atom
)
