Category: Uncategorized

Read only permission (which is all the drive applications) could have deleted and updated your files.

Throughout last year, I interviewed with more than 12 companies for an entry level infosec related position. Most of the positions were advertised as general infosec/appsec related positions. I have created a mind-map summarizing the most frequent categories and some sample questions.

Following is the POC for CVE 2016-4075: The POC is here The issue has been reported and fixed.

This is a short write up of a bug in OAuth 2.0 implementation of Google API. This bug could have allowed an application to delete/write on user’s any of the file(s) in google drive, although the user permitted the application to access only those files that were created by the application. For an instance, an… Continue reading Modifying/Deleting Google Drive files

I and my colleague Prakash were testing random stuffs to find a target that would be worth looking into. We found a new feature on Facebook which allows a user to visit the website of page-owner.The “Shop-now” feature looked interesting with different restrictions for different input fields. The app-link field caught my eyes, because “deep-link”… Continue reading Stored XSS on facebook and twitter!

Here’s a little write-up on how I was able to delete any unverified account in facebook. By unverified, I mean those accounts who didnot yet verify their email address linked to facebook. All (or most) of my bugs have been authentication related to many vendors, this was no different. Here is how I did it:… Continue reading How I hacked your unverified facebook accounts !

Github pages ain’t it. This is a test post.