____________________Welcome to AHPT____________________Welcome to AHPT____________________Welcome to AHPT___________________|~ I offers security consulting services within the space of "Penetration Testing" , "Ethical Hacking" , "Vulnerability Assessments" and "Security Code and Configuration Reviews" ~

IBM Xssed

I felt Happy when I found Cross Site Scripting Vulnerability in one of the most biggest Company's Site IBM.It is my pleasure that I helped them as a White Hat Web Application Security Researcher.

About IBM
Inventions:
Computing Scale: Used to weigh and price things that any vendor can use.  This invention saved retailers a lot of money.
Universal Product Code: Even though barcodes were dreamed up and patented in the late 1940s and early 1950s, it wasn’t in use until lasers emerged years later that they could be digitally read.  This technology sped up checkouts and improved inventory-keeping.
Their inventions have helped ease the daily life of many people, such as managers, teachers, students, store owners, and many employees. IBM has many other inventions that have made our lives easier and should be greatly appreciated.

It is my Honor that I helped IBM.

btw, here is a Proof Of Concept of Cross Site Scripting Vulnerability in IBM:


Host:  https://www.research.ibm.com
PoC: https://www.research.ibm.com/cgi-bin/haifa/svt/public.pl?group=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E
Status: Fixed





 
READ FULL POST

Netflix - Finding Bug

Netflix has Responsible Disclosure Policy and Hall Of Fame page for those who report a valid bug to them.

For this I am searching for a bug that is Valid and may be not a Duplicate issue. ALHAMDULILLAH ! , It is my luck that the reported issue got Valid and not reported previously by other researcher.

Here is Details:

During  reconnaissance I got a domain (netflixprize.com), now I searching for a bug in it. I noticed that Password data is transmitted over HTTP. I report this issue to Netflix. They accepted it and remove the Login page because there is no more need of Login page in that domain.











Reporting Date: Jan/02/2014
Acknowledgement Date: Jan/02/2014
Issue fixed: Jan/03/2014
Listed Inside Netflix: Jan/04/2014
READ FULL POST