Pakistani Hacker Awarded $5,000 for Finding Bug in Chrome & Firefox

Zain Itrat

Zain Itrat

Minister (2k+ posts)
pakistani-hacker-gets-5000-for-reporting-flaws-in-chrome-and-firefox-main.png



[FONT=&amp]Pakistani hacker, Rafay Baloch, has won a combined bug bounty of $5,000 after finding a flaw in how browsers use their omnibox address bars.[/FONT]

[FONT=&amp]He found a vulnerability with the way Chrome and Firefox render website addresses, and how an attacker could potentially use it to trick users into visiting a phishing website.
[/FONT]
[FONT=&amp]In a blog post, he explained that the bug could be used to fool users into thinking that the website they are visiting is the real one, thereby making them reveal their sensitive information such as IDs and passwords to the scammers.
[/FONT]
All Omnibox browsers could be used to trick users into phishing scams

[FONT=&amp]Phishing attacks are those where the user is presented with a lookalike page to the original website. The page has the same looks and design and fools the user into entering their login details and other critical information. However usually, the website address gives away the true nature of a phishing website as it cannot be the same as the original website.
[/FONT]
[FONT=&amp]The address bar spoofing in browsers works by employing a right-to-left language, like Urdu, Arabic or Persian, and forcing the browser to render it differently. Rafay stated that when a neutral right-to-left character (such as forward slash or any other special character) is used, it can flip a web address to display it in the right-to-left direction.
[/FONT]
[FONT=&amp]For example, 127.0.0.1/ا/http://google.com would appear as a right to left as http://google.com/*ا/127.0.0.1.[/FONT]
[FONT=&amp]The user would think that they are visiting google.com. However, they would in reality be visiting the web page from the IP address 127.0.0.1. Such links could be hidden in spam email, tweets or shortened links.
[/FONT]
The bug is yet to be fixed by most browsers

[FONT=&amp]According to Rafay Baloch, the upcoming versions of Chrome 53 and Firefox 48 will fix this vulnerability. For the time being there isnt much information regarding other browsers about a timeline regarding their fix for this vulnerability.

source[/FONT]
 
Featured Thumbs
https://scontent-cdg2-1.xx.fbcdn.net/v/t1.0-0/s480x480/13934990_1751603845113093_1042454763203753171_n.jpg?oh=685d237dd90a09c7fe5fa1de5cc4166a&oe=5846E0B2
A

aliahmad297622

Chief Minister (5k+ posts)
Re: Pakistani Hacker Awarded $5,000 for Finding Bug in Chrome and Firefox

5000 to low I think some body make him fool minimum 5 million plus respect this type of work
 
Last edited:
mubarik Shah

mubarik Shah

Chief Minister (5k+ posts)
Re: Pakistani Hacker Awarded $5,000 for Finding Bug in Chrome and Firefox

though $5k is not enough there is priceless name and fame for PAKISTAN......
 
A

abdlsy

Prime Minister (20k+ posts)
Re: Pakistani Hacker Awarded $5,000 for Finding Bug in Chrome and Firefox

mubarik Shah said:
though $5k is not enough there is priceless name and fame for PAKISTAN......
Click to expand...

these organization are stingy with money as they know a nobody young genious will do anything to take a challenge and get fame even for 100$ at this ultimate level. Now with that fame recognition and more money will come. Inshallah.
 
J

jadoon437

Minister (2k+ posts)
Re: Pakistani Hacker Awarded $5,000 for Finding Bug in Chrome and Firefox

[h=1]PayPal Awards USD 10,000 to Pakistani Hacker for Reporting Vulnerability[/h]
[h=1]PayPal Awards USD 10,000 to Pakistani Hacker for Reporting Vulnerability[/h]By Waqas on December 25, 2012 Email @hackread SECURITY

An ethical hacker, security researcher and a writer Rafay Baloch was paid total USD 10,000 for reporting a Code Execution / Command Execution vulnerability on the sub-domain of Paypal.
Paypal had started a *Bug Bounty program* for security experts around the world to report any bug or vulnerability if found on their server.
The hacker writes on his official blog that while testing Paypal’s server, he found a critical command execution vulnerability allowing hackers to execute any command on the server.
Rafay was initially paid USD 600 for reporting XSS Vulnerability on the main site of Paypal, later after reporting several other bugs, the company paid more USD 6000 for his expert services which obviously saved Paypal from a disaster and embarrassment.
Here is a screenshot of an email conversation between Rafay and a Paypal representative about money reward.
He claims that at the moment more then 20 of his reported vulnerabilities are still being validated by Paypal and it will not be a proper time to disclose the types of vulnerabilities.
However, money is not the only thing awarded to Rafay, Paypal has also offered him a job as a Senior Pentester A.K.A SecurityNinja in their HQ at San Jose, USA.
Here is another screenshot of an email conversation between Rafay and a Paypal representative Colley Grace regarding job officer at PayPal.


Speaking with HackRead, Rafay said that:
He feels great and proud to serve his nation by providing the cyber world a secure future.

https://www.hackread.com/paypal-awards-usd-10000-to-pakistani-hacker-for-reporting-vulnerability/



 
You must log in or register to reply here.

Featured Discussion Latest Blogs خبریں

© Copyrights 2008 - 2025 Siasat.pk - All Rights Reserved. Privacy Policy | Disclaimer|

Back
Top