Ali Hassan Ghauri is a 14 years old student researcher. His field is web application security. Recently he found that many leading websites do have vulnerability to Cross Site Scripting. The most recent discovery was about Ebay where Ali Hassan found and reported XSS vulnerability. Not only Ebay but shopping.com that is owned by Ebay as well are vulnerable to Cross Site Scripting.
As soon as Ali Hassan reported this to Ebay, they fixed it on both sites. Credits were named to Ali Hassan. His name was mentioned in Ebay responsible Disclosure Page. The road has just started for Ali Hassan as he found XSS vulnerability issue with myspace.com as well. Although Ali Hassan reported this issue to myspace.com officials but the problem still exists and they did not reply to Ali Hassan till yet. Myspace.com’s security team must be quite lazy about it.
Another prominent website where this young Pakistani security researcher found XSS vulnerability issue is Cisco website. He brought this issue in the notice of Cisco’s security team and was responded by them. Their reply to Ali Hassan is as follows.
Ali Hassan Ghouri has found XSS vulnerability issues on many websites. These websites are 150+ in number and in this age he holds the record for it. Ali Hassan is listed on the following websites.
Not only this but one of the largest and most popular website of Pakistan (Hamariweb.com) had some penetration issues that were reported by Ali Hassan and were fixed by the security team.
According to Ali Hassan, he will be featured in the hall of fame in Adobe, Microsoft and AT&T as he reported the issues in their websites and they are expected to list his name at the start of next month in the hall of fame.
