Sunday, January 19, 2014

Ebay's File Inclusion Vulnerability

     The vulnerability let the attacker run malicious code through file inclusion.
Uploading files to the server.
Be creative.
Thank you Ebay's security team
Big thanks to Ebay's security team for fixing this issue and for the opportunity to responsibly report security risks.

Thursday, November 22, 2012

Google Stored DOM XSS Vulnerability (Malicious's url)

Are domain’s links always safe to click on?

During Nov 1, 2012 I noticed something strange in Google’s producer behavior. In the beginning it was only an html injection. Then, I succeed to exploit it. However, the XSS was in a sandbox’s domain: A few days later, I noticed that the simulations of Tables (Iphone, Ipad, Android, etc.) are connected to the sandbox domain through  Using the Grand Access the attacker could send a malicious link that seems to be hosted in Furthermore, the attacker could inject any DOM script he wanted.


Special thank to Google's security team for the great support.