Ahmed Mehtab, a white hat hacker and a student of HSSC-II, recently identified a vulnerability in the blog of Matt Cutts, Google’s webspam head.
The particular vulnerability existed in one of the modules used in the blog. It allowed for full path disclosure. With that exploit, information such as full hosting path and username for hosting company were available.
After Ahmed contacted Matt with the information on the exploit, he thanked him on email and Twitter. He also wrote a post on his blog about ways to fix the full path disclosure vulnerability which you can see here.
@ahmedmehtabpk I just wanted to say thanks for point out the path disclosure issue on my blog. It’s fixed now. Thanks again for your help!
— Matt Cutts (@mattcutts) February 18, 2015
A self taught white hat hacker, Ahmed Mehtab has previously worked on helping companies discover bugs and exploits. Some of them are: Motorola, Concise, Nokia, Fastmail , Cyber Secure Pakistan, Ultraspectra among others.
Notification of a particular DNS vulnerability in Motorola’s website which allowed an attacker to download files from their servers drew appreciation by Richard Rushing, the head of Motorola’s Security Team. Concise Courses offered Ahmed free passes for courses on their online portal after they fixed a bug through his help.
After he finishes high school, Ahmed plans on getting certified and helping Pakistan in the mounting cyber war against rogue groups and nations.