Content Spoofing Found in itBit

Posted by Unknown in: bug bounty Content Spoofing itbit itbit bug bounty Vulnerabilities at Saturday, October 31, 2015

Today i'll share how i found content spoofing on itbit with you ..


Proof of concept:- 


1) Itbit sent failed login notification to user upon every unsucessful login attempt containing the time of login attempt,user-agent and ip. so i just did   an unsuccessful  login and intercept the request using proxy tools (burpt or tamper data)

2) Now just change the user-agent strong and forward the request



3) now user will get the modified user-agent string in the email


Conclusion :-

This vulnerability has been confirmed and patched by ItBit Security Team. I would like to thank them for their quick response to my report.

Cokie Studio 8 - Episode 3 ( Atif Aslam and Gulpanra )

Posted by Unknown in: Atif Aslam Coke Studio Coke Studio 8 Gul Panrra at Saturday, August 29, 2015

Coke Studio, Season 8, Episode 3 - Gul Panrra & Atif Aslam, Man Aamadeh Am


An extremely talented Pakistani female Pashto singer Gul Panrra made her debut in Coke Studio Season 8 Episode 3 with the Atif Aslam. The tune they decided to sing is Man Aamadeh Am which is in Pashto and Persian dialect. Atif Aslam and Gul Panrra nailed it & individuals adored it. You can watch the feature.



  • Artists: Atif Aslam , Gul Panra
  • Title: Man Aamadeh Am
  • Language: Urdu , Farsi
  • Coke Studio Pakistan Season 8, Episode 3
  • Produced by: Strings
  • Guest Musician: Tanveer Tafu (Banjio) , Arsalan Rabbani (Harmonium)
  • Houseband Complete
  • Backing Vocalist : Momin Durrani , Rachel Viccaji , Sara Haider
  • String Section: Javed Iqbal (Head Violinist) , Islamuddin Meer (violin) , Manzoor Ahmed (violin) , Saeed Ahmed(violin)

Content Spoofing Found in Paypal

Posted by Unknown in: Content Spoofing Paypal Paypal bug bounty Vulnerabilities at Friday, August 21, 2015

Content Spoofing Found in Paypal


Behroz Mehboob, an Security Analyst has found a Content Spoofing Vulnerability in Paypal Website

Content Spoofing :-


Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain.
This attack is typically used as, or in conjunction with, social engineering because the attack is exploiting a code-based vulnerability and a user's trust.

Proof of concept:-






This vulnerability has been fixed by Paypal Security Team.

youtube offline

Posted by Unknown in: youtube offline Application. youtube offline feature youtube offline play at Sunday, June 21, 2015
Hello Friends
Once Again with a new Post I am Here, in this Post I'll write About youtube offline feature, here i'll
Describe how youtube offline feature works, when youtube Announced offline feature and other so many Details about it.
.
.
you tube Announced it's Offline Feature on 14 Dec 2014, it's Only Available in three countries, INDIA, indonesia, and Philippines. This feature is an trial for other countries. 
.
.
They Launched this feature in Asian Countries first for trial where internet connection is Slow, or not reachable via 2G connection easily.
.
.
Youtube offline feature Available only for Android Device. and soon it will be Available to Others.

"How this Feature work." :- if you Have a Slow internet connection, then there are an Icon is Provided for download that video, then it will start to download that video to your local storage, when it's complete then you can see that video.
.
.
First of All Select the Video you want to Watch offline. there there will be a Offline Icon Provided by youtube application, Click on That.. And Follow Given Steps.

youtube offline feature
youtube offline icon

 In This Step You Have to Select the Video Quality witch you want to Watch in offline Mode.
choose video Quality
Choose Video Quality

 After Selecting the Video Quality, it will start to Download the youtube offline Video, to your Android Device. During that you can do your other work.
youtube offline video download
It will start to Download video

When Video Download is Complete, it will show you Icon Like this, means now you can watch that Video in Offline Mode.
Icon changed when Download Complete
ICon Changed when Download Complete








For watch your video, you have to go in your offline library, so it will show you all the offline downloaded video. Select the video witch you want to play. and click on that.
youtube offline library
Video Added to offline Library
So it will start to play that video in your Device.
.
PRos & Cons of youtube offline feature:- Absolutly that Application Allow to See you youtube video offline, But it Consume A Lot of DATA of your internet Package.
.
.
It Download that Video Completely to your Device, But that would be Available for only next 48 hrs to you Device. after that you can't watch that video, coz it will Delete that from your Device.
.
.
so this is the main con of that.. you Download a video to your Device via youtube offline feature, but that is only valid for 48 hrs, After that NO DATA..
.
.
ADVICE:- if you Have to Download the video Really then Don't use this Feature, coz after 48hrs no video for you. Download using any other youtube downloader so you would have it for A long time in your Device.
.
.
Thanks for Reading
Plz don't Forget to Comment your Review About this. if you have any Query then plz post Comment we'll try to solve it.

YupHok Social Script 2.1

Posted by Unknown in: Clone Script Yuphok at Sunday, June 14, 2015 3 Comments
Dowload Free YupHok Social  Script 2.1


YupHok Social Script 2.1 - make your own website with a simple social YupHok scenario.

Features:
1. Create groups
2. Create a page
3. Mobile version
4. Admin Control Panel
5. Facebook Authorization

A summary of the functions of administration panel:

General Settings
It allows you to edit the settings of the web site and information.

Custom settings
It allows you to change the predefined settings of users and the features that are enabled or disabled.

Settings page
It allows you to change the settings of predefined pages and functions that will be enabled or disabled.

Group Settings
It allows you to change the predefined settings for groups and functions that will be enabled or disabled.

Advertisement
It allows you to announce news or information to your users.

Threads
Allows you to change the arrangement of the whole web site, included the current theme, the show will have a dedicated button Active.

Statistics
Enhanced user and site statistics (registered users, create multiple pages, create groups, comments, reports, like, etc.).

Manage user
Allows you to edit the user (or user defined), test them, update user settings and information or delete them.

Manage pages
It allows you to edit a page (or a particular page), validate them, and to update the page setup information or delete them.

Manage Groups
It allows you to edit a group (or some group), group configuration and update information or delete them.

Run reports
It allows you to change the predefined settings of users and the features that are enabled or disabled.

Manage advertisement
It allows you to add advertisements in certain places on the web.

Manage's administrative logon
Update your the admin username and password login.


This is How i Got Access to CCTV Surveillance System of my Town.

Posted by Unknown in: CCTV Camera Access. DVR Access.. Router Access at Saturday, June 13, 2015
Hello Friends..
Me BAck Once Again on Behroz Pai's Blog.. with a new Tutorial.
In this i'll Explain you "HOw i Got Access to CCTV Surveillance System of My Town.."
.
.
So Don't Wasting Time Let's Start a  Quick Explanation..
.
.
AS we Know All CCTV Camera's are Connected to A DVR (Digital Video Recorder). and That DVR Have All Functionality to Operate that Camra's.
.
.
Now a DAy's Advance DVR Also Provide the FAcility of Remote Surveillance or Remote Monitoring Feature..
.
.
So Getting Advantages of That.. We'll TAke Access on CCTV Surveillance System of Particular Area or Neighbouring House..
.
.
Here Just you Follow Given Steps.
.
.
Step1:- Go on Google.com and Type what is my ip. so you would get Something like this.
Ip Address
IP Address

This is your ip Address so from this you can get the idea About your Subnet and Current Assigned ip Addresses in your Network.

Note:- Here i am using Ubuntu os. and that have Nmap Already Installed.
                if you are using Windows os. then Nmap is also Available for that and All  Commands are                   Same as I Explaining here.

Step 2:- go to terminal (in windows command prompt/Cmd) type:
                  sudo nmap --top-ports 10 -open  -T5 192.1.1.* (range of your ip Address)

Note: - don't use sudo in windows..      

Step3: wait for some minutes. it will Scan All the Live Hosts and Open Ports. and     give you Result Like this.
       
Scan Result
Scan Result
   
Step 4:- now you have all the Ip Address's Live in your ISP network. one by one copy that and paste it on your Browser's Address Bar / url bar.
.
.
Step 5:- you'll Get a Login Panel or Admin Panel Witch will Ask you for username and Password. (The Login Panel Could be of Router or DVR )

Login Page
Login Page
Note:- The Login Page could be Different According to Dvr or Router.
.
.
Step6:- Here we'll try some Default Password Combination witch are i am Mentioning Following.. only Some Admin Change Default password other Remain it Same. so if u not get Success in one Ip try other..
.
.
Username Password
admin 12345
admin    admin
admin     password
.
.
and Depends on Company of DVR you Can Search it's Default Password on Google it will show you.
.
.
Now get Logged into that System. and Enjoy:--
.
.
Step 7:- if you Don't GEt Success with Default passwords you can use EXploits for that.. some time brute force Also work. via Metasploit direct Exploit that.
.
.
Note: Please Don't Harm Any One. After Reading this.. do it for Good Purpose Only.
      I just want to Aware all Sysadmins to Change Default Router and DVR Pass.
      so they Can Save there System from SCript Kiddies and BAd Guys.
.
.
Plz Don't Forget to Post Comments and Give your Review to Us. If you have Any Query Just Comment we'll Try to Solve that.
.
.
for more Good Tutorials don't Forget to Visit on  myajm.com  here you'll get more and more Good Tutorials..
Happy Learning..

Just only 4 Posts and Google Ad-sense Approved.

Posted by Unknown in: adsense Blogger google adsense Tutorial at Thursday, June 11, 2015 5 Comments
how i Got Approved Google Adsense only with four Posts.Approve adsense with four (4) posts
Hello Buddies..
I am Unknown to you all.. But today Behroz invited me to Write a Post on His Blog..
So me Introducing My Self Here.. me a Noobe Blogger who Don't have any Specific Identification to Tell you.
But today i want to Share my Success Story to you All. How  I Get Approval on Google Adsense only with four (4) Posts.


The Story Begins...
Every where i was See that Bloggers are Earning more and more money with Adsense, so I decided to do that.

 I Discussed with some  Pro Bloggers How to Approve Adsense on my Blog.
They Suggested me A Lot of Things and How I can Make more Chances to get Approval Very Fast.
so me Sharing that Tricks with you All. I hope it will Help you to get Approved Adsense Instantly.

I owned a Domain myajm.com I Done here Only 4 Posts and Got Approved An Adsens Account. Just Keep Following Things in Mind Before Apply for Adsense..

Google Adsense Image
Google Adsense

 1. Content is King. 
                    So Don't Copy Paste Any Thing on your Blog, Even if you are Posting Any Image then At Least edit it's Contrast Brightness or Add a Watermark on It Before Posting. Because Google Detect Similar Types of Images and Not Index your Site, and Deny your Adsense Application.

2. Manage Content Quality.
                Whatever you Post on your Blog At least Add Some Good Images Related to That Post, so it's Describe a Visual Scenario of that. Don't use Shot words or Slang Language while Writing an Article, Use Proper Language and Sentence. Avoid Spelling and Grammatical Mistakes.

3. Add your Site to Webmaster.
               Before Applying Make Sure, that your Each and Every Post is Added to Google Webmaster. and there are no Any Error in Sitemap and Robots.txt file. and Add Proper Keywords to your Posts and site.

4. Add your Site to Analytics.
                    Add your Site to Google Analytics, so when ever Google will start to Review your Site. it would be Able to Know. HOw Much Visitors you Have on your Blog, and how Much Page views it Have. it will Increase the Chances to got Approved on Google Adsense.

5. Alexa Rank Doesn't Matter.
            It's a Complete Myth that Alexa Rank is Most Important. Google Doesn't care of it. Alexa Just Count the Visitor who have installed Alexa tool bar on it's Browser. Suppose you Don't Have Alexa tool bar Installed on your Browser then Alexa will not count your Visit. In Real you are Getting 1000 Visitor per Day but Only 200 visitor have Alexa tool Installed in their System Alexa show you only 200 Visitor.

So Don't use the 3rd Party Sites Witch tell you that they'll Increase your Alexa Rank. if Google get this types of Visits on your During your Application Period. it will now Allow to Activate Ad-sense.

I hope you got A Little Idea. what Matters before Applying for Adsense. for More Artical Visit on My Blog Myajm.com .

if you Have Any Query plz Post Comments so we would be able to Solve your Queries. and Don't Forget to Give your Review.

Happy Blogging.