In my free time, I enjoy looking for vulnerabilities in websites which I then report to the webmaster so they can take appropriate action to get it patched. Listed below is a small portion of the sites I helped out and software packages or plugins in which I found a vulnerability.
This does not represent all of my findings.
All of the findings below were reported to the webmaster and resolved.
Websites prefixed with *. indicates that I found vulnerabilities on subdomains of this site.
Note that all websites listed below have a responsible disclosure policy, I do not do security checks on websites that do not have such policy in place.
Plugins & Software Packages
|vBulletin Profile Reporter||SQL Injection|
|vBulletin vBSSO Single Sign-On||SQL Injection|
|vBulletin MicroCART||Arbitrary File Deletion, SQL Injection, Cross Site Scripting|
|vBulletin vbBux & vbPlaza||SQL Injection|
|vBulletin Customizable Roster||Data Extraction, Cross Site Scripting|
|vBulletin OzzMods Reviews||Arbitrary File Upload & Deletion, Cross Site Scripting|
|vBulletin Verify Email Before Registration||SQL Injection|
|vBulletin Point Market System||SQL Injection|
|vBulletin SCANU's vBFinder||Authentication Bypass|
|vBulletin MicroSUPPORT||SQL Injection|
|vBulletin Yay! Another Facebook Bridge||SQL Injection|
|Video Chat By rayzzz.com||SQL Injection, Arbitrary File Upload|