Vinod has found zero-day vulnerabilities in WordPress, one of the most popular content management system. This allowed WordPress to take note of these vulnerabilities before they could affect the scores of WordPress users.

Joomla is another popular content management system that had undetected zero-days. Vinod discovered, reported, and helped rectify these zero-days.

Session fixation is a method of exploitation where the application doesn’t invalidate or close sessions or has some inconsistencies in the way in which it handles multiple sessions of a user. These inconsistencies between sessions can pave the way for attackers to perform a simple SQL injection to gain access to the web application.

W3Schools is a platform where thousands of users visit to learn every day. The website uses embedded elements within iframes in almost every page. Vinod identified an iframe vulnerability where a hacker could easily replace the destination of the iframe and redirect users to a malicious website.

Vinod has also contributed to the security of system security software. BitDefender, an antivirus software developed by the Romania based BitDefender, LLC, had a vulnerability that hackers could use to manoeuvre a series of blind attacks that leverage how the software responds to each query. Vinod discovered and reported it to the company.

BSNL had an SQL database vulnerability where the database is attacked with random inputs to elicit responses (error messages) to determine its structure, which can then be used to exploit it. Vinod discovered and reported this vulnerability in 2010.

Virgin Media, a leading telecommunication company based out of the UK also had an SQL injection vulnerability in its web application which was found by Vinod in 2013 and later rectified.

A stored cross site script is a malicious script (code) that is injected into a user’s browser by faking trustworthiness, usually possible because of inadequate processing of user inputs by a web application. PBBoard Forum, a forum where large number of users interact, and one which receives a large number of user inputs was susceptible to this attack. Vinod helped to rectify this vulnerability.

By performing a directory traversal attack, a malicious user is able to access restricted directories, files, and folders which they do not otherwise have access to on the server. Vinod found one such loophole in a popular e-commerce portal’s website in 2013 that was later patched.

The PHPAuction script is a widely used script on auction-based websites that, if implemented without standard security procedures will allow hackers to execute malicious codes even by using third party hosts to access restricted files or gain an administrator’s control. Vinod has identified one such vulnerability in a website that uses the PHPAuction script.

Vinod hacked into a Job website that uses the PHPJobSite script to determine its resistant to attacks. He identified and helped resolve a session hijacking vulnerability that involves hijacking incomplete or truncated sessions that are not fully closed by predicting cookies stored on a system from the incomplete session.

PHPinstant Gallery script is a photo gallery script used on websites across the internet. HTTP requests such as clicking on a photo from the gallery can be taken advantage of to run a malicious script in response to the request (Reflective XSS) or it could be stored on the website and could simply be run when the user visits the website (Stored XSS). Vinod has helped resolve both these vulnerabilities in the PHPinstant Gallery script.