Posts Tagged ‘responsible disclosure’

Zendesk

Advertisements

GitHub SWAG

Finally my name got listed for responsibly disclosing vulnerability in Microsoft developer platform.

Here is the link of the vulnerability: https://techielogic.wordpress.com/2013/12/13/vulnerability-on-microsoft-social-msdn/

Here is the HOF link:

http://technet.microsoft.com/en-in/security/cc308589.aspx

 

ms hof

Microsoft HOF

Pagerduty tshirt

Pagerduty tshirt

Gifts from LinkedIn for responsibly disclosing multiple vulnerabilties.

Tshirt , sipper & hand-written letter

dropbox_bounty2 DSC_0301

Description: This is a URI redressing vulnerability found on evernote’s website. The vulnerability allowed victim’s account to get deleted by few clicks without his knowledge/consent. This vulnerability defeated the CSRFbuster token which was used on their site.

The vulnerability was reported first on 5/10/2013 but due to the issue of evernote’s ticketing system I had to resend the mail after a few days to obtain a ticket. After discussion with evernote’s sec-team, they told me that it had already been reported previously by some other researcher, hence my name wasn’t being listed on the site. Nevertheless, they fixed the vulnerability now.

Vulnerability: URI Redressing

Application(s): https://www.evernote.com/Deactivate.action?view=

Impact: Loss of files/account

Risk/Severity: High

PoC: