Hacking Beginner’s Frequently Asked Questions

Hacking Beginner’s Frequently Asked Questions This post is for all beginners who wants to become a “hacker” / Penetration Tester. As the title says, Hacking Beginner’s Frequently Asked Questions. In my own experiences, these questions are frequently asked by beginners. This post will help them in answering their basic questions and clearing out their confusions.  […]

Hacking Beginner's Frequently Asked Questions

Domain Trader Multiple 0day Vulnerabilities

Domain Trader Multiple 0day Vulnerabilities

Few days ago , I was pentesting a CCTLD Registrar (for fun and … yeah fun ;)) . One of the scripts I found on their b0x was Domain Trader. This Script is used for , and I quote the vendor “This powerful and robust software allows you to create your own Domain Auction and […]

DigitalOcean VPS Review 7 months 2

In Late 2013, I decided to start blogging, for that I had to buy a VPS. VPS because, it gives complete control over the server, its more secure then shared hosting. For VPS, I was looking for Price , SSD , and Good Support. Found DigitalOcean that had all of these, So this is my […]



CloudFlare Bug Bounty 2

Got Cloudflare Bug Bounty Reward for reporting Web Application Vulnerability in cloudflare core , that effected all cloudflare based websites. I reported That vulnerability in late 2013, but at that time, Cloudlare didn’t have Bug Bounty Program. They thanked me with an email, later on, when they started bug bounty program, they contacted me for […]

Column Truncation SQL Injection Vulnerability 2

  Some time back I was in NotSoSecure CTF www.notsosecure.com/blog/2014/04/21/sqlilab-ctf-wrap-up/ competition, challenge was to use SQL injection(any kind) for obtaining 2 flags, to capture one flag, users were required to register as an admin. The application was vulnerable to column truncation sql injection vulnerability. column truncation sql injection vulnerability is a very interesting vulnerability, its actually […]

Column Truncation SQL injection


Persistent Cross Site Scripting in Name.com 2

Name.com is well known Domain Registrar, Hosting company, some time back they introduced a new product Website Builder. As the name says, it allows users to build websites quickly and easily. I saw their facebook post about website builder. I instantly thought, hmm new product, must be buggy . As the product is paid but has […]

Microsoft Hall Of Fame For Reporting Vulnerabilities in Nokia 2

                              Back in august 2013, i did penetration testing of Nokia Websites, in my 1 week of penetration testing  i found various vulnerabilities(details are below), during pentest , i found that the third party tools that nokia is been using are more […]