Google search – XXE writeup (local file read)

  XXE - XML eXternal Entity attackXML input containing a reference to an external entity which is processed by a weakly configured XML parser, enabling disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts Preview filters..... Continue Reading →

Advertisements

Journey through Google referer leakage bugs.

Hello Hunters, Here is a write-up about a simple bug which leaks sensitive tokens present in URL through referer header. In Google I have found this particular issue in several endpoints. Lets look into it. BUG 1 The journey of this bug started when I read a write-up of a XSS in Google. You can... Continue Reading →

Google Remote Code Execution – The story of $31K bug

Remote Code Exceution, on http://www.google.com. Google LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, search engine, cloud computing, <never mind.... these are Preview Fillers> Today Is April 1: I'm truly sorry,          If you’re hoping to survive the day without any pranks    ... Continue Reading →

DOM XSS in Facebook Mobile Site(app-login)

I was recently targeting adobe website for any vulnerabilities.I came to know that they were using (facebook/gmail) login to sign in instantly.when i clicked the ‘signin with facebook’,Facebook app login page was loaded.I just checked the url and saw there was a ‘cancel_url’ parameter,Which holds the url to which it redirects if the user choose... Continue Reading →

Create a website or blog at WordPress.com

Up ↑