.

Monday, 25 May 2015

Pakistan Top White Hat Hackers 2015 - Ethical Hackers

Ethical Hacker , White Hat Hacker Play and important role in our society and those days many companies need them for security data , Known as "Public Disclosure" "Bug Bounty Programs "

Pakistani Ethical Hackers Rocked most of the time in These programs , and Earned much Fame , Money , Knowledge and Connections .

Note : We Are Listing Those Hacker Which Got Hall Of Fames, Acknowledgements, Appreciations , Swags , Thanks , etc 
Just Comment with Your Name , and Proof , If You Are Not Listed , Sorry For This we Dont Have list Of All ( Still Adding)

Here Is List Of Pakistan White Hat Hackers or Ethical Hackers , With Names and Their Contact Links :
So Lets Meet the Pride Of Pakistan , the White Hat Pakistani Hackers 

  1. Rafay Baloch : https://www.facebook.com/rafay.baloch
  2. Shahmeer Amir : https://www.facebook.com/Shahmeer.1994
  3. Ali Hassan Ghouri : https://www.facebook.com/alihassanghori5
  4. Owais Ahmed Saddiqui : https://www.facebook.com/Owais955
  5. Danyal Khokhar : https://www.facebook.com/Name.To.Pta.Hoga
  6. Abdul Rehman :https://www.facebook.com/shadowcreator
  7. Abdul Wasay : https://www.facebook.com/wasay.me
  8. Aamir Khan : https://www.facebook.com/Aamir9795734
  9. Muhammad Ahmed : https://www.facebook.com/sniperhaxor
  10. Hammad Qureshi : https://www.facebook.com/hmad01256
  11. Salman Khan : https://www.facebook.com/SalmanKhanChampion
  12. Mirza Burhan Baig : https://www.facebook.com/MirxaLive
  13. Hamid Ashraf : https://www.facebook.com/hami.hax
  14. Osama Mahmood : https://www.facebook.com/th3.m4rkm3n.007
  15. Babar Khan Akhunzada : https://www.facebook.com/Akhunzada.phtm
  16. Adeel Imtiaz : https://www.facebook.com/Engg.Adeel.Imtiaz
  17. Waqeeh Ul Hassan : https://www.facebook.com/profile.php?id=100004339384473
  18. Kamran Saifullah : https://www.facebook.com/KamranSaifullah786
  19. Muhammad Shahzad : https://www.facebook.com/muhammad.phtml
  20. Haider Ali Khan : https://www.facebook.com/1337.phtm
  21. Zeeshan Sultan : https://www.facebook.com/zeeshi7897
  22. Haider Qureshi : https://www.facebook.com/stalinqureshi
  23. Abbas Shahid Baqir : https://www.facebook.com/abbaslums
  24. Hassan Awan : https://www.facebook.com/haxxan.awan
  25. Sajid Kiani : https://www.facebook.com/ssajidkiani
  26. Hammad Shamsii : https://twitter.com/HammadShamsii
  27. Muhammad Talha Khan : https://www.facebook.com/MTK911
  28. Ch Muhammad Osama :https://www.facebook.com/profile.php?id=100001453377561
  29. Danish Iqbal : https://www.facebook.com/dano.iqbal
  30. Muhammad Amir Sohail : https://www.facebook.com/AmirSohail707
  31. Zeeshan Haider : https://www.facebook.com/zee.smartoo
  32. Omer Iqbal : https://www.linkedin.com/in/omeriqbalbutt
  33. Kai Behroz : https://www.facebook.com/Kai.behroz22



















  34. Tags:

  35. Hacking Pakistan
  36. hacking pakistani websites
  37. pakistan hacking forum
  38. pakistan hacking sites
  39. pakistan hacking software
  40. pakistani hacking software
  41. pakistan hacking tricks
  42. pakistani hacking
  43. pakistani hacking tricks
  44. pakistani hacking sites
  45. pakistani hacking blogs
  46. pakistani hacking group
  47. pakistan hacking blog
  48. pakistan hacking websites
  49. pakistan hacking course
  50. pakistan hacking news
  51. pakistani hacking tutorial
  52. pakistan hacking army
  53. pakistani hacking tips
  54. pakistani hacking tools
  55. hacking facebook account pakistan
  56. pakistan bank hacking
  57. ethical hacking pakistan
  58. hacking facebook pakistan
  59. online facebook hacking free pakistan
  60. hacking facebook account free pakistan
  61. pakistan facebook hacking software
  62. pakistan hacking groups
  63. hacking of google pakistan
  64. pakistan gsm hacking
  65. pakistani hacking forums
  66. pakistani facebook hacking softwares
  67. pakistan mobile number hacking
  68. pakistani mobile number hacking software
  69. best pakistani hacking forums
  70. hacking laws pakistan
  71. learn hacking pakistan
  72. mobile hacking pakistan
  73. hacking news pakistan
  74. hacking mobile number pakistan
  75. facebook hacking online pakistan
  76. hacking software pakistan
  77. sim hacking pakistan
  78. hacking school in pakistan
  79. hacking services in pakistan
  80. pakistan hacking tools
  81. mobile hacking tricks pakistan
  82. ethical hacking training pakistan
  83. mobile network hacking tricks pakistan
  84. mobile balance hacking tricks pakistan
  85. telenor hacking pakistan
  86. india pakistan hacking war
  87. pakistan hacking indian websites
  88. wifi hacking pakistan
  89. pakistan hacked cbi website
  90. hacking sites in pakistan
  91. pakistan sim hacking software
  92. pakistan mobile hacking software free download
  93. facebook hacking software pakistan
  94. mobile number hacking software in pakistan
  95. facebook hacking software price in pakistan
  96. facebook hacking software purchase in pakistan
  97. wifi hacking software pakistan
  98. pakistani hacking software .com
  99. pakistani facebook hacking software
  100. hacking tricks in pakistan
  101. mobile hacking tricks in pakistan
  102. call hacking tricks in pakistan
  103. sms hacking tricks in pakistan
  104. mobile balance hacking tricks in pakistan
  105. mobile sim hacking tricks in pakistan
  106. pakistani hacking websites
  107. pakistani mobile hacking tricks
  108. pakistan mobile hacking
  109. pakistan sim hacking
  110. pakistan hacking blogs
  111. pakistani hacking groups
  112. hacking course in pakistan
  113. hacking course in pakistan islamabad
  114. ethical hacking course in pakistan
  115. ethical hacking course in pakistan karachi
  116. computer hacking course in pakistan
  117. professional hacking course in pakistan
  118. pakistan cyber army hacked indian sites
  119. hacking facebook account in pakistan online
  120. hack facebook account online free pakistan
  121. hack facebook account password free pakistan
  122. hack facebook account online in pakistan without survey
  123. hack facebook account online free pakistan without survey
  124. facebook account hacking software in pakistan
  125. hack facebook account online pakistan
  126. how to hack facebook account tune.pk
  127. pakistan bank account hacking
  128. certified ethical hacker pakistan
  129. ethical hackers in pakistan
  130. ethical hacking certification in pakistan
  131. ethical hacking jobs in pakistan
  132. certified ethical hacking in pakistan
  133. facebook hacking software in pakistan free
  134. facebook hacking tools in pakistan
  135. facebook hacking online in pakistan free download
  136. facebook hacking software free download pakistan
  137. hack facebook password free pakistan
  138. facebook hacking software for pakistan
  139. hacking facebook in pakistan
  140. hacking facebook account in pakistan
  141. hack facebook password in pakistan
  142. hack facebook id in pakistan
  143. facebook hacking software in pakistan
  144. free facebook hacking in pakistan
  145. punishment for hacking facebook in pakistan
  146. hack facebook password in pakistan online
  147. hack facebook password pakistan
  148. facebook hacking online in pakistan
  149. facebook hacking online in pakistan free
  150. free online facebook password hacking in pakistan
  151. online facebook hacking free in pakistan
  152. online facebook hacking free pakistan without survey
  153. hack facebook account online free in pakistan
  154. hack facebook account online free in pakistan without survey
  155. free hacking facebook account in pakistan
  156. download facebook hacking software in pakistan
  157. buy facebook hacking software in pakistan
Read more ...

Thursday, 16 April 2015

The three main causes of plagiarism




Plagiarism is one thing that the human race has been facing for thousands of years. That’s right! Thousands of years! However, those types of plagiarism were very different and varied from the type that we are talking about. We’re talking about the Online Plagiarism that only started a decade ago. Online Plagiarism is one thing that is increasing day by day at an astounding rate and this is frightening mainly because the creative ideas of many individuals and business are being copied and that is considered as a sort of theft that people easily get away with. However, the internet also has its own legal system that most certainly calls this as theft. The sad part is that the theft of an idea is very hard to track as compared to the theft of physical belongings that can be found very easily. The ability to catch plagiarism is very important and should be known by every businessman or individual that produces unique content. But why does it even happen? Well, there are many reasons.


1. They aren’t aware of plagiarism and its consequences
Most people know the meaning of plagiarism and they even know that it’s thing but what they don’t know is the fact that plagiarism can have many different consequences that they may have to face. Most dictionaries online have the meaning of the word plagiarism as :
* Stealing anyone’s ideas and using it as our own/
* Using anyone else’s idea for your own good without permission
* The commitment of literary theft.
* Presenting someone else’s work as yours
So, the basic idea is of course stealing someone else’s work.


2. They don’t know how to provide credits
Sometimes people who are creating content online allow users to share their content on the condition if their worked will still be labeled as THEIR work. Well, if you forget that then you’re in trouble as that is copyright infringement. And that will lead you to hundreds of problems that you can’t even imagine. You and your website can even be sued for not providing credits. Even if you rewrite their content they will find you using an Online Plagiarism Checker tool.


3. Having no resources or a less amount of time
This is mostly caused due to laziness and as funny as this may sound it is true. Procrastination in students is pretty normal and they mostly want to submit papers on the last day and this is what gets them in trouble where they end up copying content online and screwing up pretty much everything.
As crazy as these reasons may sound they are 100% true and this is why they many people end up plagiarizing their work and facing penalties. If you think a plagiarism penalty is not that harsh you’re probably day dreaming as this even leads to getting students expelled in many universities. So get to work and start doing plagiarism free work.


Read more ...

Thursday, 2 April 2015

Fresh 5000 SQLi Vulnerable sites List for Hacking latest 2015

Fresh 5000 SQLi Vulnerable sites List for Hacking latest 2015


Fresh List of Sqli Vulnerable websites list sql exploit havij hacking fresh sqli market shop sqli list exploits
shop?id= inurl shop id= checkout?id= sqli



Click Here For Websites List 
or 
visit : http://pastebin.com/xd9Vxyn9

5000 Fresh Sqli Vulnerable Websites List 2015
Pentest At your own risk ./the end
Read more ...

Top 10 Android Hacking Apps 2015

Android hacking apps adnroid hacking application top 15 top 10 android hacking applications top ten android hacking apps turn faceniff wifikill apk download android hacking apps
Their are Many Hacking Apps for Android over the internet and This is the main reason that Android Phones are BAN in some companies because of user using for negative purpose and no one can take them inside the company. which may cause damage to the companies.


Now I am sharing Secret list of those Hacking APPS but you must have your Android Phone ROOTED which will allow you to use those Hacking Apps.


1. Faceniff 




2. DroidSheep 



3. dSploit

  

4. Network Spoofer
  

 5. Network Discovery





6. Shark for Root

  

7. Penetrate Pro




8. WPScan




 9. Nessus





10. WiFi Kill
    

Read more ...

Wednesday, 1 April 2015

Allegro Linux - New Secret OS for Hackers

download free yosemite os x  , learn hacking for education purpose , what is computer hacking


We are going to introduced new Ubunut-based OS for hackers and its a
computer operating systems. It's still private and under development. Creators of Allegro Linux posted live preview of their new OS and shared all tools available in their new project.

Below Read following conversation with Luka, one of the creators.



Why to use Allegro OS - Operating System?

Allegro OSi is a Linux distribution and 101% open source. It can be used for everyday usage or you can use it for Hacking , Penetration Testing , during the installation you can encrypt your HDD with LVM and your data will be safe. 



When it will be available for download?

Might be it will come before May 2015.



What's system requirements for Allegro Linux?

you will need to have about 8 Gb free instead of 5Gb like in clear Ubuntu Desktop Version because it will have a lot of Pentest Tools.

 


Can we say is it better then Kali Linux?

I don't know and I will never compare Allegro OS with Offensive Security products, I have some bad experience with them and that's why I started this project!
Thanks to Luka for introducing us in their new Linux Distro that will maybe replace Kali Linux.


Note: This post is only for education Purpose .
Read more ...

Tuesday, 31 March 2015

Simple Steps to Enable Whatsapp Voice Calling Feature for Android, iOS

Here in this tutorial you can get the simple procedure to activate Whatsapp Voice Calling Feature to your Android device. As we know WhatsApp has started rolling out its most expected Free voice calling features for Android, iOS and Windows  users with version 2.11.508 of WhatsApp, which is the app’s latest version. On Friday, several Android mobile users were able to use the voice calling feature on WhatsApp after receiving a call from a friend who already had the service activated.




New Update for Whatsapp to Activate Whatsapp Calls:

First, you’ll first need the latest version of the Android app, which, at the time of writing is 2.11.561. Then you’ll have to ask a user who has the feature to call you.
Once you’ve received the call, close the app and reopen it. You should now see a new screen with three columns, including one for calls.





 

After this you can then call any of your WhatsApp contacts over VoIP through the app. You may not be able to reach people running older versions of the app.








Read more ...

How to Crack WPA2 WiFi Password Using Reaver and Backtrack 5 in steps



How to Hack/Crack Wifi Password?

One of the Useful method of Wifi Cracking/Hacking is here only for you .So today you will learn how to Crack/hack the wifi Password through (Push button) .you will learn cracking of a WPA / WPA2 Protected Wifi Password which has WPS ( push Button ) enabled on it.



What is Reaver ? 

Reaver is a Linux based software which bruteforce the wps pins on the router which has wps / Push Button enabled and it comes pre loaded with Kali Linux OS.


Before I begin. This is the official white paper that describes the science behind the attack.

You can also check below link - Credit:
  • http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf


Requirements:

In this demonstration, I am using the NetGear MBR624GU router and Alpha Networks AWUS036h wireless adapter. Keep in mind that Reaver isn’t compatible with all Wireless Adapters and it doesn’t work on every router that has WPS.

Tools Used: VMWare Player, NetGear MBR624GU Router, Alpha Networks AWUS036H Wireless Adapter, BackTrack 5, Reaver.
Also, you will need the MAC address (BSSID) for your router. You can find that somewhere printed on your router, write it down, make sure you input it in this format - 11:11:22:33:44:00.  Since you are testing your own router, you won’t need airodump-ng to analyze all the AP’s in the area, right?


Step 1 :

First we need to update the package listings from the repository for Backtrack 5.


Step 2 :

Install Reaver Pro



Step 3:

Make confirm your wifi adapter is connected to the VM (Virtual Machine) and put it in monitor mode.





Now let’s start up reaver pro, Enter/Input your router’s mac address and it should be done in a few hours. Go enjoy a cold beverage or do wait because it will take much time  ;) 



Every now and then, the attack might pause or slow down, press ctrl c  and it will give you the option to save your session/progress it’s made, so you don’t have to restart from the very beginning. Example of being able to restart it:



I didn’t feel like waiting 10 hours till reaver got done cracking my router, so I grabbed an old screenshot of another router I had originally/successfully performed this attack on, back in June. This is what it looks like when it’s successful


if you have any questions or feedback, please feel free to express it below .

Note: For legal purposes, please don’t try this on any equipment that you don’t own.




Read more ...

Sunday, 29 March 2015

Can't Send Text Messages on Windows Phone 8x Problem

HTC 8X text message sending problem - Solved

Problems:

Verizon 8x problems texting "can't send message Try Again",Texting problem with new Windows Phone 8 update, My Htc 8x Will Receive Texts But Not Send. Why , My Att Htc 8x Windows Phone Wont Let Me Send Sms Messages.
 

Hello Folks, Are you having trouble with your Windows Phone / HTC Window 8x not sending texts (SMS) properly, try making confirmed the International Assist option is turned off. It caused me a world of annoyance.
You may find International Assist option in the Settings > applications > phone menu.


Background:

I recently purchased a HTC Windows Phone 8. Last spring,I discovered that the Verizon HTC 8X comes factory unlocked, which means you can use it on any provider e.g Verizon++ , AT&T! The device is wonderful.Past  I was using Lumia 920 and I am not a big fan of how huge the Lumia 920 is, so the size and weight of the HTC 8X is just right. 

The Problem:

At first, I though the problem was related to the fact that I was using my (HTC Window Phone 8x)Verizon phone on a non-Verizon carrier (in my case, T-Mobile). Then I noticed an interesting trend. Whenever I selected the recipient's number manually from my contacts, the message seemed to go through. Whenever I responded to a text message conversation thread, the text didn't go through.

Issue :

Cant' send text message on HTC window phone 8x



 
Steps to Solved the Problem :

1) Goto  Settings > applications > Phone menu.





2) There is an Option "International Assist" so turned off this Option .

3) Problem Solved ! Now try to send the Message to your friends and Yeah its working now.



P.S : I turned that option off and suddenly, all of my text messages starting working great!


If you want any information ,Feel free to Comment Below .
Read more ...

Friday, 6 March 2015

Top10 Wifi Hacking Apps For Android step by step 2015 Free


best wifi hacker for android free download As we know there are many "hack apps android" but some are Real Wifi Breaker and some are useless.If you want to wifi hack for android and using your smartphone as a portable and instant hacking device , If it is Yes than you are on the best place because this blog is about Real Wifi Hacking app for android from which you can hack almost 80% of  Netowrks on 100% success rate.
Download Android | Wifi Password Hacker and Phone Hacking | Wifi Password Hacker




WiFi Hacking APP For Android [Requirement]:
:
  • RFA - Reaver For Android



There are two Method of Real Wifi Breaker .
The first method is to enter the WPA/WPA2/WEP key of the router and other is by entering the 8[eight] digit WPS PIN of the router rather than the password and other is a Push button Method and Push Button Method which is an alternative of wps pin.



As we Know "Reaver" will scan the WiFi Networks in your Rang and Reaver will display the routers which have WPS pin method enabled , if you found one then you are the lucky one and you are able to Break wifi. After this will try all the posible combination of 8 digit keys to router and in a mean while the password of the router will be available along with the wps.
Download this APP for android click here or visit this url " http://forum.xda-developers.com/showthread.php?t=2456888 " 

After Downloading you can able to perform the simple steps such as selecting that network in that app and clicking on the WiFi after it will start its work but wait always try the network which have good signals so it will crack faster and you will have to wait till it cracks the key for you.
And do not try this for any illegal purpose and this article is only for educational purpose while i am not responsible for any of your act dont after reading this article.
Read more ...

Monday, 23 February 2015

5 Simple Steps To Block Ads From Apps On Android

Enjoy web browsing without any distractions caused by Ads on your Android mobile by making this easy tweak.


disabling interest-based ads and Iphone 5 advertising limit ad trackingHow to Disable Limit Ad Tracking iOS 7 2015 Install Adblock Plus for Android and Ads on Unrooted Android Devices


Google has integrated the interest based ads on the Google mobile web interface and apps that show ads. Every Android device has an Advertising ID that is used by the App developers to create a profile of the user’s preference to project the interest-based ads. If the user does not want to be distracted by such interest-based ads, then there is an option to opt out of that.







Follow this simple guide to disable the option that lets the apps and other services track your interests to show you ads.

Step one:




Open the Google Settings app.

Step two:



Select the Ads option from the list of options.

Step three:

  
Select the checkbox next to the option – Opt out of interest-based ads.
Read more ...

Saturday, 21 February 2015

how to use whatsapp on pc step by step 2015 [ laptop , Barcod , chrome]

whatsapp from pc




Hi Folks,Good news because every one ask about can i use whatsapp in pc so Reply is Yes! WhatsApp is now available on your computer via the web.so you can Use WhatsApp on PC .The new web client is an extension of the data from your phone, displayed in a Google Chrome page. It's simple to set up, and as long as your phone has a data connection you'll be able to send and receive messages via the WhatsApp service right from your PC.

Related : how to use whatsapp on pc with bluestacks


‘WhatsApp Web’ currently only works in Google Chrome on Windows, Mac, Linux and Chrome OS and Support for more browsers ‘coming soon’.



How to Use WhatsApp Web on a PC on Chrome Browser

 

How to Using the App

An updated app is working on Windows Phone, Blackberry 10 and Android.
To sign in to WhatsApp on your Chromebook or other PC:

  • Open a new tab in Google Chrome
  • Go to the WhatsApp Web site
  • Scan the QR code that appears on screen in the WhatsApp app on mobile
  • You’re in!
When you see the design you’ll see that the “Chrome only” caveat isn’t a surprise: the Web client looks like a tablet version of the Android app and uses Google’s Material Design language in spades.





Note: you need the very latest version of WhatsApp to use the feature

Tag : how to use whatsapp , how to use whatsapp on laptop , how to use whatsapp on mobile ,use whatsapp online





Read more ...

Sunday, 28 December 2014

Private Bug Bounty Programs 2015






Bug Bounty (wikipedia)
A bug bounty program is a deal offered by many website and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.







Bug Bounty Guide:
  1. Learn and study all types of common attack like XSS, SQL Injection, RFI, LFI and others. Remember one thing that hacking and vulnerability assessment are not same. To be a good bug bounty hunter you must know, how a vulnerability is generate and what is the wrong in coding to generate a vulnerability. It helps you mentally to find out where maybe the vulnerabilities are exist.
  2. Find out which companies or websites are under bug bounty program. Searching in Google you can get a list of them. ex: Bug Bounty Program websites .
  3. Using vulnerability assessment tools or any vulnerability scanner is not a good idea to become a good bug bounty hunter. You should use your brain not any software.
  4. If your target is any big website than try to find out the sub domains of that website. It will be more easier to vulnerability assessment over it. But before that you should read their terms and conditions to know that is sub domains are allowed in bug bounty or not.
  5. After your vulnerability assessment make a details report with POC about that vulnerabilities you have found. On your report you must highlight what kind vulnerability is about and what is the negative impact of that vulnerability if it found by any offensive hacker. 
  6. After submitting your report wait for the replay. If you disclosure the vulnerability before their replay it is not good for your reputation

Thanks for Reading this Article and if you need any information so feel free to comment below .


Read more ...

Friday, 26 December 2014

How to Hack WPA/WPA2 WIFI Passwords in 3 Steps [2014/2015 , pin ]

Reaver Hacking Wifi tutortial how to hack wifi wpa protected password 2014/2015 working new wps hacking hack wifi wpa2 password kali linux/backtrack5 and crack wifi.



 How to Hack/Crack Wifi Password?

One of the Useful method of Wifi Cracking/Hacking is here only for you .So today you will learn how to Crack/hack the wifi Password through (Push button) .
you will learn cracking of a WPA / WPA2 Protected Wifi Password which has WPS ( push Button ) enabled on it.

What is Reaver ? 
Reaver is a Linux based software which bruteforce the wps pins on the router which has wps / Push Button enabled and it comes pre loaded with Kali Linux OS.

What is Push Button or WPS ?
Basically WPS/Push Button option comes with many routers / modems in which while connecting to a network you may avoid entering a password and can simply connect to your network by pressing a button inside your modem / router.

What You Will Need To Perform This Attack ?


  • WPS ( Push Button ) Enabled WIFI Network in Range 
  • Wireless Adapter 
  • Kali Linux OS 

Get Started 

Start Your Kali Linux OS and open terminal

1. Turn On your monitor interface by typing the below command
airmon-ng start wlan0


2. Check if there is any wps enabled wifi in your range.
To check the wps enabled network we will use wash command so type the below command and it will list all those networks which have wps enabled.

wash -i mon0 -C
Now this will display all those networks which have wps enabled so chose any network which has strong signals and after copy its BSSID

3. Start Cracking by typing the below command

 reaver -i mon0 -b BSSID -vv



Here in this command  " reaver -i mon0 -b BSSID -vv " in BSSID paste the BSSID number which you want to crack and which you copied in past from above step and wait for about hours because this needs much time even 3-5 hours depending upon the pin code of the router which reaver will bruteforce and if the pin matches it will crack the password for you and will display the password.



How You can protect yourself from this attack ? 

As a Security Researcher my opinion for security reasons just disable the wps option from the device  or if you really want to enable it then create hard and end custom pin as many routers come with default pin code which reaver can easily crack.

Note : this is only for Education Purpose so don't try for negative work .
we are not responsible for any thing.






Read more ...

Sunday, 14 December 2014

Logout Cross site Request Forgery CSRF Vulnerability [worth bug 250$ ]



CSRF LOGOUT IMPACT :


Logout should protect your logout mechanism against CSRF. At first it seems that all an attacker can do is logout the user, which would be annoying at worst. However, if you combine this with a phishing attack, the attacker may be able to entice the victim to re-login in using their own form and then capture the credentials. Very sketchy, but to protect against this sort of attack requires little cost.



LOGOUT CSRF POC :





Overview:

Hello , This is Abdul Haq Khokhar , I am Independent Security Researcher and I have recently found Vulnerability in website (Private Program) on hackerone.com and I don't want to disclose website because my report is still Triaged (12-12-2014) and security team is fixing now.

well vulnerability was really simple as i shown in below POC-Screenshot and i was just testing this vulnerability first time so i tried on this web and Got the Shocking response from the Website .


BUG : Logout CSRF Cross site Request Forgery CSRF


POC Code :
Already shown in POC Screenshot above .

Reporter : Abdul Haq Khokhar

After Reading the Response from Security team :

Reward :
250$





I hope you enjoyed this article and Hopefully you guys will try this bug on other websites too :-D

             

“Let him who would enjoy a good future waste none of his present.”
Roger Babson

For Contact :

Facebook  | Twitter  |  Bugcrowd  | Hackerone        






Read more ...

About

Like Us