# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demoLOL ! Please put some of your resources to work ;)
Cheers,
Kish !
Wednesday, August 26, 2009
Whitehouse.gov - One for the "lulz"
#########################
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demo
LOL ! Please put some of your resources to work ;)
Cheers,
Kish !
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demoLOL ! Please put some of your resources to work ;)
Cheers,
Kish !
ESPN Shop - XSS
#########################
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.espnshop.com
Click here for the demo
Learn input validation, and try to use it :)
Cheers,
Kish !
P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.espnshop.com
Click here for the demo
Learn input validation, and try to use it :)
Cheers,
Kish !
P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.
Wednesday, July 8, 2009
Hakin9 - Issue (03/2009) - Review
Thanks to the Hakin9 Team for sending me a copy for review. This issue of Hakin9 comes with a new set of articles on various topics such as Bruteforce, Malware analysis, and Examining malicious PDF documents.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Thursday, June 25, 2009
Electronic Arts - XSS vulnerability
#########################
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com
Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com
Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
Friday, May 29, 2009
XSS in Blogarama
#########################
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################
Vuln URL: hxxp://www.blogarama.com
Click here for the demo
Fix input validation in your website...
Cheers :)
Kish
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################
Vuln URL: hxxp://www.blogarama.com
Click here for the demo
Fix input validation in your website...
Cheers :)
Kish
Sunday, May 17, 2009
XSS in Adobe's Store
#############################
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################
Vuln URL: hxxps://store3.adobe.com
Click here to see the demo
Fix your input validation, and make shopping with adobe a good memory for the customer.
Cheers :)
Kish
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################
Vuln URL: hxxps://store3.adobe.com
Click here to see the demo
Fix your input validation, and make shopping with adobe a good memory for the customer.
Cheers :)
Kish
Sunday, May 3, 2009
HTML Injection in ZDNET
############################
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################
Vuln URL: hxxp://blogs.zdnet.com
Click here to see the demo
Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*
Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))
Cheers,
Kish
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################
Vuln URL: hxxp://blogs.zdnet.com
Click here to see the demo
Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*
Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))
Cheers,
Kish
Subscribe to:
Posts (Atom)