Michael1026's Security/Bug Bounty Blog

Labs.ebay.com SQL Injection

Labs.ebay.com SQL Injection After choosing the date, I replayed the request using Live HTTP Headers. I added an apostrophe to the date parameter resulting in a mySQL error.

PayPal Server Side Request Forgery/Port Scanning

I will be talking about a vulnerability I found in PayPal's developer website that allowed me to port scan their server using their own tool. Fixed: Unknown

Facebook Bug Bounty Write up #1

When doing a doing a password reset on the mobile version of Facebook (http://m.facebook.com/recover/password), I noticed the the whole entire process was done over HTTP and wasn't secure. This was done with secure browsing enabled. Figuring this is a flaw, I reported it to Facebook.

Using Google Webmaster Tools to Receive Server Information

Using Google Structured Data Testing Tool, you can received server information of third party websites as well as port scan them. Simply use the URL and a port.

Paymill Clickjacking Vulnerability

Paymill was using "Allow-From" as an X-Frame-Option, which is ignored by Google Chrome. This allowed me to create a clickjacking page that would delete all of the victim's information. At first, Paymill thought that their page was protected using this option, but must have forgotten about Chrome. Here is the reply I got from them.

Click Jacking on Zagat (Google Hall of Fame)

In this post, I'm going to be discussing how I got on Google's Hall of Fame. I've been on their Hall of Fame three or four times, but this is my first time since I've opened this blog. This click jacking attack allowed an attacker to change any user's password or personal information. As you can see, in the bottom right corner, it shows that the webpage has no X-frame-Options header. This means that it's vulnerable to click jacking. If you want to see the POC code or learn about the plugins and browser I used when finding this vulnerability, follow their link.