Send friend request from their own accounts[Make a Friend Troll]

Introduction About this App

I can say this is a Facebook Bug 2015 Because we are able to Send own Friend Request from your self and you can understand your reaction when you got a friend request from yourself through suggestion .

How to Troll one of your friends :

Follow These Steps:

1) Copy your friend's account URL from Browser
Example : https://www.facebook.com/Name.To.Pta.Hoga

2) Paste the URL in the input field

3) Click " Troll One Friend


Here is the Proof and Reactions when people Got own friend Request :

Another Proof :

Click Here to Download Here

Read more ...

Break privacy on facebook | Three steps to break Facebook DP Privacy 2015

 

How to Extract the Facebook DP ?

Introduction

OryxSolutions Software House develop a Useful app to access any person Facebook DP through Facebook DP Extractor, So anyone can see the Display Picture You just have to follow some easy STEPS. And the Rest work leave to us.

3 Simple Steps to Break a Facebook Privacy :

How it Works:

 

step 1:

Open your Target Profile in Facebook

step 2:

Copy Link from the address bar .

step 3:

Past it here and on fetch dp [Revealer]
Here is the Link : http://www.dp.theoryxlabs.com/

Finally Done :

Your Facebook DP fetched.

About Developer

Osama Tauseef Alam

 Working in Oryx Solutions for almost one year.
Facebook Page : DP Extractor

App URL : Facebook DP Extractor

Read more ...

How to Takover the Account by Simple Trick[Bug,csrf Protection]

Vulnerability type 

 InSecure Direct Object Reference

How to Takeover the Account Via Simple Trick :

Someone researcher found the account takeover vulnerability in Private website and so you can consider someone is me.so let me start how to takeover the account in simple way .i was testing the website and then i got an account editing page so as always tried to find csrf vulnerability and after some hardwork i bypassed their mechanism of CSRF protection by deleting the authenticity_token= value from the editing request ! But wait what is it ?

 

 After lots of hard-work i see the edit page So by changing the value in the id=edit_account_<victim_id> I was able to change the details of victim and also able to delete the account from the website.

 

 

 

Vulnerability Fixed :Within 2 days the “secret” website fixed the bug !But maybe I should check it again!

OMG ! They plugged some internal protection but they didn’t change anything in the POST request’s functionality!

So let's try for second time :D !

 

 

 

 

 

May be I should try to changing the parameter’s value id=<edit_account_victim_id> to id=<victim_id>

Done so I bypassed the mechanism of website second time also :) !

 

 

 

They rewarded me some more bounty ! 

 

 

 

If you want any question so feel free to ask on comment .

 

 

 

 

Read more ...

Sql Injection Vulnerability Found by Security Researcher in MyBB [tamperdata,test,examples]

 

First of Fall what is sql injection ?

SQL mixture is a kind of security try in which the attacker incorporates Structured Query Language (SQL) code to a Web structure information box to get access to resources or take off changes to data. There are many sql injection tutorial in Internet as well sql injection examples.A SQL request is a requesting for some movement to be performed on a database. Regularly, on a Web structure for customer check, when a customer enters their name and mystery key into the substance boxes suited them, those qualities are implanted into a SELECT inquiry. In case the qualities entered are found of course, the customer is allowed access; if they aren't found, access is denied. Regardless, most Web structures have no instruments set up to square incorporate other than names and passwords. Unless such preliminary measures are taken, an assailant can use the information boxes to send their speak to the database, which could allow them to download the entire database or interface with it in other unlawful ways. 

 
Sql injection cheat sheet  :

If you want to learn Advance Sql Injection so click here of cheat sheet.

Mybb 1.8.x SQL Injection Vulnerability POC by MakMan:

Title:
MyBB 1.8.X to 1.8.1 Error based SQL Injection

Exploit URL and POC :
http://pastie.org/private/qqgmvkyn758abfiyutje3q

Date : 2014-11-15
Google Dork : intext:Powered By MyBB # Version: 1.8.X
# Tested on: Linux / Python 2.7
# Status : Patched in MyBB 1.8.2
# Author : MakMan -- facebook.com/hackticlabs

   

Here is the POC Video For the SQL Injection Vulnerability :

Mybb 1.8.x SQL Injection POC by MakMan from Mukarram Khalid on Vimeo.


IF you want any Question about this vulnerability or anything Please Feel Free to Comment Below .

Read more ...

how to verify paypal without bank account 2015

Verify Paypal with bank account [in India]

 

 

Introduction:
We all know that it's very hard to get credit card(in India) as it requires so many formalities so today we are going to see how to PayPal account by linking and confirming our bank account without the need of a credit card.Follow these simple step by step procedure to verify Paypal account with a your bank account in India.

Steps For Verified Paypal :

1)Login to PayPal and click on "Get verified" link shown in Status.PayPal Get Verified Link How to verify Paypal with bank account [in India].

2)Click on Link My Bank Account buttonpaypal link bank account button How to verify Paypal with bank account [in India] 

 

3)Enter your Name, Bank name, IFSC code ( bank unique code, get from your bank or at http://bankifsccode.com/) and Account number and click ContinuePayPal Enter your bank details How to verify Paypal with bank account [in India].

4)Now verify those details and click on Add Bank Account PayPal bank details confirm How to verify Paypal with bank account [in India].

 

5)PayPal will then send 2 small deposits to your bank account in 4-6 days. Then login to your PayPal account and click on the Confirm bank account link.PayPal bank account confirm link How to verify Paypal with bank account [in India].


6)Enter those two amounts and click on "Confirm" buttonpaypal small amounts confirm How to verify Paypal with bank account [in India].

 

 

That's all. Your account will be verified.

 

Read more ...