• Twitter
  • Facebook
  • Youtube

About me

Let me introduce myself


A bit about me

Shawar Khan is an Ethical Hacker & Security Researcher from Pakistan.

With over years of experience in cyber security, Shawar Khan identified major security flaws in world's well known companies. This includes Google, Microsoft, PayPal, Apple and many others. A huge number of Halls of Fame and Certificates were rewarded as a token of appreciation from these companies. In spare time, Shawar used to develope exploits and web-app penetration testing tools. Some of them are BruteXSS & D-TECT.

Profile

Shawar Khan

Personal info

Shawar Khan

A Part-time Web Applicatoin Penetration Tester and Security Hacker

RESUME

Know more about my past


Employment

  • 2015-future

    Mutation Media @ Web Developer

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

  • 2011-2014

    Websoham @ Exclusive Admin

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

  • 2009-2011

    Templateclue.com @ Lead Developer

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Education

  • 2015

    University of Engineering @Level

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

  • 2013-2014

    College of Awesomeness @ passed

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

  • 2009-2013

    College of Informatics @ graduated

    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Skills & Things about me

Web Application
95%
Penetration Testing
Mobile App
88%
Penetration Testing
Python
90%
Exploit Writing

Portfolio

My latest projects


Saturday, August 1, 2015

Stored Cross-Site Scripting(XSS) vulnerability in Intel founded by Shawar Khan


Cross-Site Scripting(XSS) using .jpg file upload in Linux


Reflected Cross-Site Scripting(XSS) & HTML Injection vulnerability in BlackBerry founded by Shawar Khan


Testing and detection of Open Redirection Vulnerability

 


Wednesday, July 15, 2015

What is Stored Cross-Site Scripting(XSS) Attack & its testing

Today, i will tell you about Stored Cross-Site Scripting(XSS) vulnerability.
You may have seen my previous videos related to XSS testing and Flash-XSS.But now i will tell you about its Stored Type .



Stored Cross-Site Scripting(XSS) Attack and its testing.
In the Following video you will learn:
  • What is Stored Cross-Site Scripting(XSS).
  • How to test Stored-XSS vulnerability in a site.
  • Detection of Stored-XSS

In Stored XSS(also known as persistent-XSS), the XSS code is stored in the site's database.for example we posted a script in a comment and post it.so it will be saved in the site even if we refresh it.so if its vulnerable, it will show xss whenever the page loads.
The testing is same as nomal xss.we just need to check if our xss is stored in the page.we check that by refreshing the page.
For example if i post a comment using a payload "/><svg/onload=prompt(1)>
and then XSS executes
now if i refresh the page and visit it again and if the popup executes it means its vulnerable to Stored XSS.
This can be used to inject keylogger,deface site and perform other attacks like Redirection when victim opens the site and like that.

Shawar Khan
Cyber Security Researcher

What is Flash-XSS & Execution of XSS using swf file.

Execution of XSS using Swf file.
In the Following video you will learn:
  • XSS Execution using SWF File.
  • Concept of Flash-XSS
  • How to test if a site is vulnerable to Flash-XSS

Tuesday, July 14, 2015

Cross-Site Scripting(XSS) Execution using Anchor Tag

Cross-Site Scripting(XSS) execution using Anchor Tag
In the Following video you will learn:
  • XSS Execution
  • How to execute XSS using Anchor Tag(<a>)

Services

What can I do


Branding

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Web Design

Quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Donec sit amet venenatis ligula. Aenean sed augue scelerisque.

Graphic Design

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.

Development

Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident.

Photography

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod. Donec sit amet venenatis ligula. Aenean sed augue scelerisque, dapibus risus sit amet.

User Experience

Quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Donec sit amet venenatis ligula. Aenean sed augue scelerisque, dapibus risus sit amet.

Contact

Get in touch with me


Adress/Street

12 Street West Victoria 1234 Australia

Phone number

+(12) 3456 789

Website

www.johnsmith.com