Blogs of SumSid

2008-01-20T02:38:00.000-08:00

.......

hum maikadon main hi palte rahe...
hum maikadon main hi palte rahe...
ladkhadaye kabhi, kabhie..sambhalte rahe...

yadon se unki hum ladte rahe....
yadon se unki hum ladte rahe....
ladkhadaye kabhi, kabhie..sambhalte rahe...

2007-07-15T05:02:00.000-07:00

Koi Baat Chale

Yaad hai ek din, meri mejh par baithe baithe tumne cigeratte ki dibiya par ek paudhe ka scetch banaya tha

aa kar dekho, paudhe par phool aaya hai:)

.......
aisi bikhre hain raat din jaise,
motiyon wala haar tooth gaya!
tumne mujhko perooh kar rakha tha..
..........

2007-04-15T04:04:00.000-07:00

Updates..

Recently i have been very slow in updating my blogs, mainly becuase of my new project www.notsosecure.com .Having said that, i will try my best to update this soon.

Here is another one from Umrao Jaan.

Ek hum hi maiii ko aankhon se pilate hain,
Ek hum hi maiii ko aankhon se pilate hain,
Ek hum hi maiii ko aankhon se pilate hain,
Kehne ko toh duniya main, Kehne ko toh duniya main,
maikhaane hazaron hainnn!!!!

quality isnt it,:)
SumSid

2007-02-01T11:13:00.000-08:00

aap in dinon yahan hote toh...

shaam se saans bhaari hai,
bekarari hai, bekarari hai,
aap ke baad har ghadi humne,
aap hi ke saath gujaari hai!!

......

jaage hain deer tak
hamen kuch deer sone do
thodi se raat aur hai
subah to hone do
aadhe adhure khwaab jo
pure na ho sake
ek baar phir se neend mein
woh khwaab bone do

Taken from the movie "Guru, 2007"

2006-12-08T11:19:00.000-08:00

kalaiiiyon se khol do yeh
nabs ki tarah dhadakta waqt....
tang karta hai......

2006-11-08T12:01:00.000-08:00

For Fun and Not so much on Profit!!!!
This blog has some senstive info and hence i have to add a small security wrapper on it ;.... hack it to read this info.. its a script kiddie hack..
Huhhh the hint is.. 'The Devil is in the Details'

2006-08-25T00:45:00.000-07:00

Logon ka kaam hai kehna...

Yesterday, i watched the all the time great movie Sharaabi for the 11th time. If you can understand what these great lyrics mean, then you are GOD!!!. Here they go,

Log Kehte Hai Main Sharaabi Hoon (2)
Tum Ne Bhi Shaayad Yehi Soch Liye Haan
Log Kehte Hai Main Sharaabi Hoon

Kissi Pe Husn Ka Guroor Jawaani Ka Nasha
Kissi Ke Dil Pe Mohabbat Ki Rawaani Ka Nasha
Kissi Ko Dekhke Saanso Se Ubharta Hai Nasha
Bina Piye Bhi Kahin Hadh Se Guzarta Hai Nasha
Nashe Mein Kaun Nahin Hai Mujhe Bataao Zara
Kisse Hai Hosh Mere Saamne To Laao Zara
Nasha Hai Sab Pe Magar Rang Nashe Ka Hai Juda
Khili Khili Hui Subah Pe Hai Shabnam Ka Nasha
Hawa Pe Khushbu Ka Baadal Pe Hai Rimjhim Ka Nasha
Kahin Suroor Hai Khushiyon Ka Kahin Gham Ka Nasha
Nasha Sharaab Mein Hota To Naachti Botal
Maikade Jhoomte Paimaanon Mein Hoti Hulchul
Nasha Sharaab Mein Hota To Naachti Botal
Nashe Mein Kaun Nahin Hai Mujhe Bataao Zara (2)

Log Kehte Hai Main Sharaabi Hoon (2)
Tum Ne Bhi Shaayad Yehi Soch Liye Haan
Log Kehte Hai Main Sharaabi Hoon

-----------------------------------
Huh...I should not even attempt to explain this....

SumSid

2006-05-27T09:30:00.000-07:00

Fir haath main sharaab hai..
sach bolta hoon main

मैने पीना कब सीखा था?
मैने जीना कब सीखा था?
एक बोतल जो टूट गयी तो,
तो महफ़िल सारी रूठ गयी॥

ये दुनिया एक महफ़िल है
और हम इसके मेहमाँ हैं,
हैं कुछ साक़ी और कुछ आशिक़
उम्मीदें हैं ,कुछ अरमाँ हैं॥

आज अगर कुछ शब्द बहे,
तो आखिर दिल से कौन कहे,
प्यार वफ़ा कसमें और वादे
अब इनकी पीड़ा कौन सहे?

पीड़ा को इतिहास बता कर
पीना मैने अब सीखा है।
शायद लोग और कुछ कह दें
पर जीना मैने अब सीखा है॥

2006-05-21T07:12:00.000-07:00

Din kuch aise guzarta hai koi..jaise ehsaan utartaa hai koi

KInare durr hote hote bohot durr ho gaye !
Pani ke chhapakon ki awaaz bhii dub gayee!
"dil mein aise sambhaltey hain gum, jaise jevar sambhalta hai koi" !
Ruth gaye naraz ho gaye !
Haath se angoothee utaree wapas kar dee, bahaon ke kangaan utare saath pheron sahit lautaa diye !
lekin wo bakee zevar jo dil mein rakh liye unkaa kya hogaa !

mera kuch samaan tumharay paas para hai....
sawan ke kuch bheegay bheegay din rakhay hain
aur merey ik khat mey liptee raat paree hai
wo raat bujha do
mera wo samaan lauta do....

------------------------

Itnee ijaazat dey do bas jab is ko
dafnaoon gee
mey bhee waheen
so jaoon gee !!!

2006-05-21T00:07:00.000-07:00

"Kshama shobhti us bhujang ko jiske pass garal ho
Usko kya jo dant-heen, vishrahit vineet saral ho"

--dharmveer bharti, 'kurukshetra!'

If you are possessed of strength people speak to you from the platform of equality; if you lack strength, they treat you as weak.

2006-04-26T19:08:00.000-07:00

aao fir nazm kahein

tukda ek nazm ka raat bhar sason main meri sarakta hi raha,
lub par aaya toh jaban katne lagi
daaton se pakda toh lub chilne lage
na toh faika hi gaya mooh se , na nigla hi gaya,
tukda ek "kaanch" ka atak jaye halak main jaise,
tukda woh nazm ka sason main meri sarakta hi raha!!!!!
----------------------------------------------$um$id

2006-04-20T03:48:00.000-07:00

Monster.com , Blogger.com XSS bug

moved to http://axcesdenied-gofox.blogspot.com/

2006-04-14T04:24:00.000-07:00

kab aate ho.. kab jaate ho

imli ka yeh pedh hawa main jab hilta hai toh,
imli ka yeh pedh hawa main jab hilta hai toh,

eenth ki deewar par parchai ka cheenta padhta hai!!!
aur jasb ho jaata hai jaise.. sookhe matit par koi paani ka katre bikhair gaya ho..

dheere dheere aagan main fir dhoop sisakti rehti hai..
kab aate ho.. kab jaate ho..
din main kitni baar. mujhe yaad aate ho...

enjoy. SumSid!!

2006-04-13T20:12:00.000-07:00

zara hatke.. zara bachke.. yeh hai bambai ..meri jaan

bambai main 8 mahine rehne ke baad, agar sach kahoon ko bambai sach main aisis hai..

morning.. and evening

"din khaali khaali bartan hai..
aur raat hai jaise andha kuan..
In sooni andheri aankhon mein
aansoo ki jagah aata hai dhuan"

i can recall another gulzaar masterpiece but i dont think this applies to mumbai..

"dupahrein aise lagti hain, jaise bina mohron ke khaali khaane rakhe hain..
na koi khelna wala hai baji.. aur na koi chaal chalta hai..
na din hota hai na raat.. sabhi kuch ruk gaya hai..
wo kaya mausam ka jhonka tha.. jo is deewar par latki hui tasveer tirchi kar gaya hai"

khair

"Dil Dhuu.NDhataa hai, phir vahii, fursat ke raat din"
......SumSid

2006-04-13T20:09:00.000-07:00

Yaadein....

Unhe yeh ummend ki hum bulate..
Humein yeh ummenid ki woh pukarein..
hai naam hothon par ab bhi lekin...
aawaaz main pad gayi darrarein..

2006-04-01T04:56:00.000-08:00

Piya Tora kaisa abhimaan

kisi mausam ka jhaunka tha
jo is deewar par latki hui tasveer tirchhi kar gaya hai
gaye sawaan mein ye deewarein yoon seeli nahin thi
na jaane is dafa kyun inmein seelan aa gayi hai
darare pad gaye hai aur seelan is tarha baithti hai
jaise khushk rukhsaroon pe geele aansu chalte hain

2006-03-21T06:04:00.000-08:00

10 cents

Ek roj zindagi ke ru-baru aa baithe...
Zindagi ne poocha..dard kya hai..? Kyun hota hai..?
Kahan hota hai, yeh bhi toh pata nahi chalta....
Tanhai kya hai aakhir...?
Kitne log toh hain...fir tanha kyun ho...?
Mera chehra dekh kar zindagi ne kaha...main tumhari judwa hun...mujhse naaraz na hua karo...!!

2006-03-18T07:27:00.000-08:00

ek akela is shehar main

Maut tu ek kavitaa hai mujhse ek kavita ka vada hai milegi mujhko
doobti nabzon mein jab dard ko neend aane lage
zard sa chehra lekar jab chaand ufaq tak pahunche
din abhi paani mein ho, raat kinaare ke kareeb
na andhera na ujaala ho, na abhi raat na din
jism jab khatm ho aur rooh ko jab saans aaye
mujhse ek kavita ka waada hai milegi mujhko....

2006-03-18T07:03:00.000-08:00

Kya bhoolon kya yaad karoon

age 5 years -----place Shahjahanpur----school: St.paul
age 10-17------place lucknow-----------college:mbic
age 17-21-------place Kanpur------------college:IIT Kanpur

---------------------------------------------------------------
age21-22--------place mumbai-------------company:NIIconsulting
age 22-----------place ???????-------------company:?????????

2006-03-14T06:55:00.000-08:00

Why do ppl write blogs

Frankly speaking i dont know why i write blogs. During my IIT days i used to read the blogs of Saurabh Nanda who used to post some cool linux stuff there. But do we write blogs for information??? I guess NO!! I think most people (like me) write blogs when they get frustrated from work (or life) and then blogs is a medium to take a break from work and post all ur frustration . Some day you may look back at those pages and smile :). Other than this , you may also have a secret admirer :))

2006-03-03T03:25:00.003-08:00

Lo din beeta ,lo raat aaye

Few lines from sunset point

shaam bhuj rahi thi aur aane wale ki koi aahat nahin thi kahin
neeche behta dariya keh raha tha ,
aao meri aagosh main aa jao ,
main tumhari badnami ke saare daag meta doonga....

din magar dhalne laga hai,
dil main ek khauf sa baith raha hai.....

woh der se pahuncha tha , magar wakt par pahuncha tha...

2006-02-20T19:11:00.000-08:00

Good ? Morning

My first night out in mumbai and that too in office.. Got a new toshiba laptop today but the ethernet card is not supported in linux. So, it is going to be a big pain !!!
Hoping that things wont go too bad in Prague!!!
Signing off!!!
SumSid

2006-02-18T04:29:00.000-08:00

Udaas Paani

So, i am finally blogging again. Read an interesting BOF article today. Just in case you were wondering why the title says Udaas Pani is becoz i have started hating Mumbai. I wish people in mumbai gets some more heart and stop being too professional.!!!
SumSid

2006-01-10T21:50:00.000-08:00

GCIA

http://www.giac.com/certified_professionals/listing/gcia.php

2006-01-04T01:20:00.000-08:00

Intel Display Driver DOS Vulnerability

Check out http://www.securityfocus.com/bid/16127/
SumSid

2005-12-29T20:37:00.000-08:00

Rediff Mail XSS Vulnerability

I dont know why people look at XSS vulnerability as less critical. This may be an eye opener for them. This poc shows how easy it is to grab a cookie and play with it.
here is a POC:-
http://login.rediff.com/cgi-bin/subs/passwd_remind.cgi?FormName=takeusername&login=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
Thanks
SumSid

2005-12-29T20:31:00.000-08:00

MSN India SQl injection

A Sql injection vulnerability has been reported in MSN India web site.
The vendor (Microsoft) was quick in responding to us. The site was immediately taken offline.
The full story will be released at NII web site very shortly along with
the WINDOWS DISPLAY DRIVER DOS vulnerability

2005-12-21T07:24:00.000-08:00

YAHOO Bugs released

Finally the minor YAHOO bugs which i discovered has been released. You would have got it in your email as i made sure to post it to every individual on my mailing list:) so i wont post it here
Btw:- if you havent received in your email see it here

2005-12-21T07:21:00.000-08:00

Being lazy

I find it too boring to update each and every advisory here
So here is a link which will keep me and you updated about my advisories

http://secunia.com/search/?search=$um$id
Thanks
SumSid($um$id)

2005-12-20T04:22:00.000-08:00

Shmoocon

Today i got an invitation to speak at Shmoocon to be held at Washington .The event is scheduled from january 13th to january 16th 2006.
But it seems that i wont be able to get a visa on such a short term notice.
Huhhh!!!!
Still to speak at an international conference.
2 invits and both gone waste..

Shmoocon homepage
pakcon homepage

SumSid

2005-12-18T20:17:00.000-08:00

URL Redirection in ORKUT

About Orkut:-
orkut.com is an online community website designed for friends. The main goal of our service is to make your social life... orkut's social network can help you both maintain existing relationships and establish new ones by reaching out to people you've never met before. Who you interact with is entirely up to you

Original Url:-

https://www.orkut.com/
GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F

Malformed URL:-
https://www.orkut.com/GLogin.aspx?done=http://any_url.com

After successful validation Url redirection occurs. To make the matter worse , as the validation has already occured.the victims browser has been authenticated and will remain authenticated unless he logs out of orkut. Although remotely , it can only be exploited by doing a phishing attack at any_url.com with a fake login screen etc.

Credits:-$um$id

2005-12-13T19:40:00.000-08:00

Advisory

EveryAuction V 1.53 XSS vulnerability
Read it here on Security Focus

PhpSupportTicket Advisory

2005-12-13T19:35:00.000-08:00

Links to Me

My articles/ advisories are available at the following links:-
0. CVE-2005-4264
1.CVE-2005-4162,
2.CVE-2005-4088
3.Snort docs
4.Secguru:- http://www.secguru.com/node?from=16
5. FRSIRT
6.Security-tracker http://www.securitytracker.com/alerts/2005/Dec/1015332.html

2005-12-08T21:09:00.000-08:00

One More

My Perl -Cal advisory is published at Security focus .Here is the link
The same is also available at Secunia. See it here

2005-12-07T05:50:00.000-08:00

Advisory

Software: Shop PBS

Type: Cross Site Scripting

Severity: Medium

Vulnerability Type: Input Validation Error

Overview:- There exists a cross-site scripting vulnerability as the input in the parameter "keyword" is not filtered properly sanatised in the index.jsp

Description:- The cross-site scripting bug can be executed with a URL like so:

This issue could permit a remote attacker to create a malicious URL link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site.

proof of Concept:-

http://www.shoppbs.org/searchHandler/index.jsp?keywords=
"<"script">"alert%28document.cookie%29"<"/script">"&x=31
&y=11"

Solution:
--------------------
There is no vendor-supplied patch for this issue at
this time.

Credit:-
KeyShore

...Kishore works with me and he came accross this one..:)
Cheers
SumSid

2005-12-07T03:36:00.000-08:00

Advisory

TITLE:
Yahoo servers URL redirection

SECUNIA ADVISORY ID:
coming soon.

VERIFY ADVISORY:
coming soon.

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Yahoo.com web site

DESCRIPTION:
$um$id has reported vulnerabilities in Yahoo.com web site/s which can be
exploited by malicious people to injection malacious URL in the scripts running on the servers which causes redirection to those malacious URL.
As the redirection will be done by the Yahoo servers the victim will associate the same amount of trust with the malacious URL as he/she will with the Yahoo servers. This can then be followed by a phishing attack.

Proof Of Concept:-
original link:- http://in.rd.yahoo.com//prop/?http://in.photos.yahoo.com/
malformed link:-http://in.rd.yahoo.com//prop/?http://www.any_malacious_link.com

Minutes after reporting this vulnerability with different url to YAHOO , that link was updated.However, the prrof of concept contains the new url and which still allows url redirection

SOLUTION:
Check the URL before rendering it in the browser.

PROVIDED AND/OR DISCOVERED BY:
$um$id

2005-12-06T20:48:00.000-08:00

Advisory at Secunia

The following advisories of mine are now available at secunia.

1. PhPForumPro SQL Injection
Secunia id:17915
Link:-http://secunia.com/advisories/17915

2. PhPAddressBook v1.2 SQL Injection
Secunia id:-17885
Link:-http://secunia.com/advisories/17885

Thanks
SumSid

2005-12-06T04:40:00.000-08:00

advisory

TITLE:
X-cart Path disclosure vulnerability

SECUNIA ADVISORY ID:

VERIFY ADVISORY:

CRITICAL:
Not critical

IMPACT:
Path disclosure vulnerability

WHERE:
From remote

SOFTWARE:
x-cart

DESCRIPTION:
$um$id has reported a vulnerability in x-cart, which can be
exploited by malicious people to disclose certain system information.
Input passed in "error_message.php" isn't properly
sanitised before being returned to the user. The vulnerability has been reported in x-cart gold and in x-cart pro. Other versions may also be affected.

proof of concept:-
http://localhost/x-cart/admin/error_message.php?http://www.attacker.com

SOLUTION:
No patch is available as of now.

PROVIDED AND/OR DISCOVERED BY:
$um$id

2005-12-05T23:32:00.000-08:00

Comments from people

Hi Sumit

I really enjoyed your article on Scurity Focus on "Evading NIDS, Revisited." I am not an IDS or networking expert, but you explained everything so well, with such good illustrations, that this was a very readable paper, even for the non-expert. Wish all security articles were as good as this one.

Thanks for a very enjoyable and informative article.

Regards

Mary Ann Davidson
Mary is the chief security researcher at Oracle

2005-12-02T20:18:00.000-08:00

INFOCUS

Check out my articles on SecurityFocus
Comments/Suggestions invited.
Thanks
Sumit

2005-12-02T01:14:00.000-08:00

Advisory

Product:- PHP SUPPORT TICKETS version 2.1 and earlier

Vulnerability:-Sql Injection

CRITICALITY:
critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
"Manage customer queries with this one stop solution for online customer relations.PHP Support Tickets is written in PHP5 and utilises a MySQL database both are required on your web.The administration section is secured through a username and password. The default entry is administrator / password. You may change this once you have logged in.
You may have unlimited Moderators / Admins assigned to take care of incoming tickets. These are all entered through an intuitive user admin page.Admins are allowed to view all tickets and perform all admin tasks, moderators can see the tickets assigned to their department only.Manageable departments allow you to edit / delete / add new departments at will.".

DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.The input passed to the "username" and "password" field and in the "id" parameter in the "index.php" is not properly filtered which allows the attacker to run arbitary sql query. There may be other parameters as well where the input is not filtered.

Proof of concept:-
** The proof of concept cannot be released until vendor is ready with the patch***

SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied

2005-12-01T05:51:00.000-08:00

ADVISORY

Product:- php-addressbook v1.2 by WidgetMonkey

Vulnerability:-Sql Injection

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
"This is an address book program for people who have their own web space. At present it is does not have a multiple user function. I wrote it because I wanted a place where I could store all my addresses so I can access them from multiple locations, and its a handy backup if you lose your address book, and there weren`t any freeware programs that suited my needs".

DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in "view.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.There are other parameters also where the input is not properly filtered and will result in sql injection.

SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied

2005-12-01T04:13:00.000-08:00

ADVISORY

Product:- PhpForumPro from W2B

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
PhpForumPro from W2B.
phpForumPro is a fast and powerful, password protected private discussion forum application built with the industry standard PHP4 scripting language and powered by the MySQL database engine.

DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "parent" parameter in "index.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.There are other parameters also where the input is not properly filtered and will result in sql injection.

SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied

2005-11-30T06:05:00.000-08:00

ADVISORY

Product:- GoFox free Travel tool Sql Injection Vulnerability

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Gofox free travel tool

DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "pid" parameter in "traveltools.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied

2005-11-29T22:23:00.000-08:00

ADVISORY

TITLE:
Send Card,Mapple Addressbook SQL Injection Vulnerabilities

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Send card,address Book by Mapple ,

DESCRIPTION:
The users input is not clearly filtered in the validation script. Thus, the validation can easily be bypassed and to make the matter worse any query can be run on the mysql server retreiving a lot of crucial data.

Solution:
--------------------
There is no vendor-supplied patch for this issue at
this time.

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied
----------------------------------------------------------------------

2005-11-29T20:33:00.000-08:00

ADVISORY

Vendor: Perl-Cal
Products Affected: Perl-Cal 2.99 and earlier
Type: Cross Site Scripting
Severity: Medium Date released: 23rd Nov 2005
Vulnerability Type: Input Validation Error
Overview:- PerlCal is a CGI script written by Acme Software that allows web-based calendar sharing and related functions.There exists a cross-site scripting vulnerability as the input in one of the parameters is not filtered correctly.

Description:- The cross-site scripting bug can be executed with a URL like so:

http://localhost/cgi-bin/perlcal/cal_make.pl
?p0=%3Cscript%3Ealert(‘hi’);%3C/script%3E

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site.

Demonstration:- http://localhost/cgi-bin/perlcal/cal_make.pl
?p0=%3Cscript%3Ewindow.open(‘http://www.google.com’);%3Cscript%3E

This can also be used to steal users cookie.
Demonstration:- http://localhost/cgi-bin/perlcal/cal_make.pl?p0=%3Cscript%3Ealert(document.cookie);%3C/script%3E

Solution:
--------------------
There is no vendor-supplied patch for this issue at
this time.

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied

Blogs of SumSid

.......

Koi Baat Chale

Updates..

aap in dinon yahan hote toh...

Logon ka kaam hai kehna...

Fir haath main sharaab hai.. sach bolta hoon main

Din kuch aise guzarta hai koi..jaise ehsaan utartaa hai koi

"Kshama shobhti us bhujang ko jiske pass garal ho Usko kya jo dant-heen, vishrahit vineet saral ho"

aao fir nazm kahein

Monster.com , Blogger.com XSS bug

kab aate ho.. kab jaate ho

zara hatke.. zara bachke.. yeh hai bambai ..meri jaan

Yaadein....

Piya Tora kaisa abhimaan

10 cents

ek akela is shehar main

Kya bhoolon kya yaad karoon

Why do ppl write blogs

Lo din beeta ,lo raat aaye

Good ? Morning

Udaas Paani

GCIA

Intel Display Driver DOS Vulnerability

Rediff Mail XSS Vulnerability

MSN India SQl injection

YAHOO Bugs released

Being lazy

Shmoocon

URL Redirection in ORKUT

Advisory

Links to Me

One More

Advisory

Advisory

Advisory at Secunia

advisory

Comments from people

INFOCUS

Advisory

ADVISORY

ADVISORY

ADVISORY

ADVISORY

ADVISORY

Fir haath main sharaab hai..
sach bolta hoon main

"Kshama shobhti us bhujang ko jiske pass garal ho
Usko kya jo dant-heen, vishrahit vineet saral ho"