Ebay fixed the Vulnerability on both sites and credit his name in Ebay responsible Disclosure Page. This is not finished , he also found XSS Vulnerability on Myspace.com. Myspace don’t reply to the Researcher. According to the Researcher , Myspace Vulnerability still exists and he reported about 15 times to the Myspace Security Team but there is no reply to the researcher .
POC is not provided by researcher because the Vulnerability still exists .
Here is Screen Shot :
This young security researcher also found an XSS vulnerability on Cisco website & reported to the Cisco Security Team.
Cisco Replied to Researcher :
Cisco fixed this XSS Vulnerability very soon But don’t offer any reward for the researcher.
Here is POC:
http://newsroom.cisco.com/press-release-content?articleld=1118649%22%3E%3Cimg%20src=x%20onerror=prompt%28XSS/By/AliHasanGhauri%29%3E
In the survey of this little boy Blog , he wrote about 150+ website Vulnerability which is fixed now and this 14 Year little boy made a record (Previous record is 16 Years ) for listed on the following websites :
Gitlab
http://blog.gitlab.com/vulnerability-acknowledgements/
BarracudaLabs
http://www.barracudalabs.com/bugbounty/halloffame.html
Ebay
http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html
wizehive
http://www.wizehive.com/special_thanks.html
Redhat
https://access.redhat.com/site/articles/66234
Opera
http://my.opera.com/securitygroup/blog/2013/04/05/thanks-to-the-researchers
ConstantContact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
According to the Researcher , he will be acknowledge in Adobe , Microsoft and At&t in Hall Of Fame because he reported the bug in these websites and they said that next month he will be listed in Hall Of Fame