Yogesh Jaygadkar

Exploit Title: Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO . Found By:  Yogesh Jaygadkar | http://www.jaygadkar.com/ Tested versions: vBSEO 3.2.0 & vBSEO 3.6.0 Tested with: vBulletin 4.0.6 & vBulletin 4.2.1 Vulnerable POST Parameter:  sendtrackbacks vBSEO Plugin for vBulletin contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sendtrackbacks' parameter upon submission to the /forum/newreply.php & /forum/newthread.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. POC: http://www.VictimVBForum.com/forum/newreply.php?do=postreply&t=[Thread ID] http://www.VictimVBForum.com/forum/newthread.php?do=newthread&f = In Advanced Reply Or New Thread page, Put your ">vec...

Okay... So, here is another one old & duplicate bug from PayPall , which I reported looooong back. I have found some strange results of api-3t.sandbox.paypal.com. This sub domain is storing all credit card information of paypal user in URL. Below is the google dork for finding such “stored” CC details. Google Dork: site:sandbox.paypal.com inurl:CVV2= Google results are not much, nearly 80, but still harmful as sensitive user information is getting leaked.

Listed in Barracuda Networks Security - Hall of Fame.     Found multiple vulnerabilities in Barracuda security products. Bugs are still not patched.   'll update the POC once all bugs gets patched Thanks :)

After 2 continues duplicate bugs & 2 Rejections, Google Accepted my 3 bugs... 1 bug is fixed, 2 more in row : D   1st bug did not qualify for a reward so they listed me on their Google Hall of Fame - distinction  . But soon I'll be on Reward Recipients page ;)     So, Finally I am listed in Google Hall Of Fame. ‘ll update the POC once all bugs gets patched

Title : SQL Injection Vulnerability in www.ebay.com sub domains Author : Yogesh D Jaygadkar Reported : December 27, 2012 Fixed : Jan 15, 2013 Public Released : Jan 25, 2013 Thanks To : Darshit Ashara Greets : Rahul Bro, Aasim, Sandeep, Sagar Description : Last Month I reported SQL Injection vulnerabilities in www.ebay.com  sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally they fixed it & listed me in their Researchers Acknowledgement Page . Like every other bounty hunter I was also searching for some vulnerability in EBAY. That time I have no idea that Ebay don’t give bounty for any vulnerability. Not even for SQL Injection. :) POC: Sub Domains:   http://sea.ebay.com & http://export.ebay.co.th/ Page: http://sea.ebay.com/ searchAnnoucement.php http://export.ebay.co.th/ searchAnnoucement.php Vulnerable Parameter: “ checkbox” Array POST parameter. Search opt...

Title :  Password Reset Vulnerability in etsy.com Vuln URL :  https://www.etsy.com/confirm.php?email= Author : Yogesh D Jaygadkar Reported : December 30, 2012 Fixed : December 30, 2012 Public Released :  Jan 08, 2013   Description : In etsy.com, when users reset their password, they receives password reset link which is as below. https://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 When I received this mail, I started playing with this link. I noticed that token is not getting validated from server side. So I removed it & tested with my own id.  Final POC : https://www.etsy.com/confirm.php?email=[victim user's email ID]&action=reset_password&utm_source=account&utm_medium=trans_email&utm_campaign=forgot_password_1 And Password changed successfully.   ...

Title : HTML Injection in Symantec.com Vuln URL :  http://www.symantec.com/business/support/index?page=content&id= Author : Yogesh D Jaygadkar Reported : July 02, 2012 Fixed : July 03, 2013 Public Released :  July 03, 2013 OS : Win7, Win XP, Ubuntu Description: HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side. so if an attacker embeds html/script tags such <html>, <SCRIPT> , <OBJECT> , <APPLET> , or <EMBED> into a web site, the web browser's JavaScript engine will execute it. While searching about some anti-virus related information i found that  Symantec Antivirus  official website is vulnerable to HTML Injection. Attacker can add  HTML Tags  into URL to execute html code on website. Screenshot 1 : Screenshot 2 :