I discovered and found HTML Injection, Clickjacking or UI redressing and Non persistent (Reflected) Cross Site Scripting (XSS) vulnerability at Magento. HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.   Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Vulnerable Domain: https://marketplace.magento.com Vulnerable URL: https://marketplace.magento.com/catalogsearch/result/?cat=8&q=%22%3E%3Cscript%3Ealert%28%22Hi%22%29%3B%3C%2Fscript%3E  POC S creenshots: HTML I njection:      CFS(Cross Frame Scripting) :   Cro ss Site Scripting I report this to magento through bugcrowd. Magento fix this vulnerability and 'Thanks' me and enter my name in Magento Hall

 AP = Access Point  API = Application Programming Interfaces  APK = Android Package Kit  ATA = Advanced Technology Attachment  ATM= Automatic Teller Machine  BASIC = Beginners All Purpose Symbolic Instruction Code  BSOD = Blue Screen Of Death  BIOS = Basic Input Output System  CPU = Central Processing Unit  CAPTCHA = Completely Automated Public Turing test to tell Computer and Humans Apart  CCS = Courtesy Copies  CDN = Content Delivery Network  CSS = Cascading Style Sheets  CDMA = Code Division Multiple Access  CLI = Command Line Interface  CLS =Clear Screen  CSRF = Cross Site Request Forgery  DBMS = Data Base Management System  DDOS = Distributed Denial Of Service  DEL = Delete  DIMM= Double In-line Memory Module  DIR= Directory  DNS = Domain Name System  DOS = Disk Operating System  DOS ATTACK = Denial Of Service Attack  DSP = Digital Signal Processor  DTP = Desktop Publishing  E.C = Electronics Commerce  EDI = Electronic Data In charge  EDP= Electronic Data Processing

  Hello Friends, Recently I found Cross Site Scripting vulnerability inside Ebay. The vulnerability exist in ebay sell page 'add photos' field. Payload:<img src=x onmouseover=alert("XSS")> I reported this to ebay. Ebay fixed this vulnerability and 'Thanks' me. It is my great pleasure to inform you that Ebay has listed me into it's Hall of fame for security researchers who have reported high risk vulnerabilities to Ebay. You can find my name listed in Ebay Security researchers Hall of Fame here .

  A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.   So Bug Bounty is a program where Friendly Hackers called Bug hunters find and report vulnerabilities to companies in exchange for reward called bounty. Many biggest compan ies like Google , Facebook,Microsoft ,Apple , Twitter , Paypal and other offer bug bounty. To start Register and create profile on Bugcrowd and Hackerone . To Learn bug hunting vis it hackerone , blogs and forums.

Hello Everyone,   I discovered a Content Injection in Instagram which allows  to manipulate a text on instagram. Content Injection (content spoofing) is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain. Here is vulnerable link https://www.instagram.com/accounts/password/reset/done/?cp=Bug Found By Anas Now change 'cp' parameter with any content like anonymous@unknownmail.com or http://www.phishingsite.com .

  Hello Everyone, I found multiple XSS vulnerabilities at EMF Email Me Form. EmailMeForm is The Web's #1 form and survey builder.     XSS 1   I'm creating a form with emf and like previous finding I change the title with xss payload xss executed.      XSS 2  Next I edit a success message with xss script when anyone complete the form, xss script runs.      XSS 3  Now I add the Browse or Upload button field in my form and fill the form as a visitor and upload "xml"&"html" file In which I write xss script and complete the form and submit. I go to form manage tab where I receive my own completed form and a file "xml&html" clickable link when I click this link xss runs. Prevention: File Should download.   I reported this to EMF.EMF fix these bugs and 'Thanks' me but One bug is still unfixed.  

Hi Friends, last time I explained what is  XSS Now in this tut I show you how I found my first xss vulnerability in displaybit. Displaybit is a website that pay users by uploading and sharing images. So how I found my first XSS in two min. I just upload the picture and and change the title with xss payload <script>alert("xss")</script> and save the picture.  XSS successfully executed whenever I refresh the page.So I report this to displaybit. Displaybit fix this bug and and 'Thanks' me. Then I again found my second another xss in display bit.This vulnerability exist in displaybit image search.When I view my image on displaybit I see a  search bar and I enter the previous payload, xss successfully executed . I again report this to displaybit through openbugbounty https://www.openbugbounty.org/incidents/220844/  I found my first XSS vulnerability in displaybit and my car e er starts here. There are man y way s and several t ech nique

Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users. In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the infected or a specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.  Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password. XSS Attack: Step 1: Finding Vulnerable Website: Hackers use google dork for finding the vul

  A bug is when a system isn't behaving as it's designed to behave. A vulnerability is a way of abusing the system (most commonly in a security-related way) - whether that's due to a design fault or an implementation fault. What is a vulnerability? Vulnerability is a cyber -security term that refers to a flaw in a system that can leave it open to attack. In computer security, a vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.  Most Common WEB Security Vulnerabilities  SQL Injections SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to