New Record of Pakistani 14 Years Student Researcher in the field Of Web Application Security

14 Years Old , Pakistani Security Researcher Ali Hasan Ghauri  found Cross Site Scripting Vulnerability on many high profile websites. Recently Ali Hasan found and reported XSS vulnerability in one of the biggest website, ebay and its own website shopping.comHere are some Screen Shots :

Ebay fixed the Vulnerability on both sites and credit his name in Ebay responsible Disclosure Page. This is not finished , he also found XSS Vulnerability on Myspace.com. Myspace don’t reply to the Researcher. According to the Researcher , Myspace Vulnerability still exists and he reported about 15 times to the Myspace Security Team but there is no reply to the researcher .

POC is not provided by researcher because the Vulnerability still exists .

Here is Screen Shot :

This young security researcher also found an XSS vulnerability on Cisco website & reported to the Cisco Security Team.
Cisco Replied to Researcher :

Cisco fixed this XSS Vulnerability very soon But don’t offer any reward for the researcher.

Here is POC:

http://newsroom.cisco.com/press-release-content?articleld=1118649%22%3E%3Cimg%20src=x%20onerror=prompt%28XSS/By/AliHasanGhauri%29%3E

In the survey of this little boy Blog , he wrote about 150+ website Vulnerability which is fixed now and this 14 Year little boy made a record (Previous record is 16 Years ) for listed on the following websites :

Gitlab

http://blog.gitlab.com/vulnerability-acknowledgements/

BarracudaLabs

http://www.barracudalabs.com/bugbounty/halloffame.html

Ebay

http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

wizehive

http://www.wizehive.com/special_thanks.html

Redhat

https://access.redhat.com/site/articles/66234

Opera

http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers

ConstantContact

http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

According to the Researcher , he will be acknowledge in Adobe , Microsoft and At&t in Hall Of Fame because he reported the bug in these websites and they said that next month he will be listed in Hall Of Fame

email