Posts Tagged ‘responsible disclosure’




Finally my name got listed for responsibly disclosing vulnerability in Microsoft developer platform.

Here is the link of the vulnerability:

Here is the HOF link:


ms hof

Microsoft HOF

Pagerduty tshirt

Pagerduty tshirt

Gifts from LinkedIn for responsibly disclosing multiple vulnerabilties.

Tshirt , sipper & hand-written letter

dropbox_bounty2 DSC_0301

Description: This is a URI redressing vulnerability found on evernote’s website. The vulnerability allowed victim’s account to get deleted by few clicks without his knowledge/consent. This vulnerability defeated the CSRFbuster token which was used on their site.

The vulnerability was reported first on 5/10/2013 but due to the issue of evernote’s ticketing system I had to resend the mail after a few days to obtain a ticket. After discussion with evernote’s sec-team, they told me that it had already been reported previously by some other researcher, hence my name wasn’t being listed on the site. Nevertheless, they fixed the vulnerability now.

Vulnerability: URI Redressing


Impact: Loss of files/account

Risk/Severity: High