########################################
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################
When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D
>> Click here for redirect demo <<
This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !
Cheers,
Kish
Monday, July 11, 2011
Wednesday, June 29, 2011
No research off late (Kosova Airlines)
We have not been doing a lot of research and poking lately, in websites or networks...
We will eventually find time, and start looking for throw aways (XSS / SQLi). Please understand that full disclosure is good for everybody, instead of security by obscurity.
In the meantime, check out the Kosova Airlines website at www.flyksa.com
Or you can access their database here. Need I say more about bad coding practices?
Cheers,
Kish
We will eventually find time, and start looking for throw aways (XSS / SQLi). Please understand that full disclosure is good for everybody, instead of security by obscurity.
In the meantime, check out the Kosova Airlines website at www.flyksa.com
Or you can access their database here. Need I say more about bad coding practices?
Cheers,
Kish
Thursday, December 30, 2010
ISS - Internet Security Systems?
I have great respect for the guys at ISS X-Force... You guys are the best, nothing personal :)
Although, I'm certain they wouldn't approve of this screenshot here...
Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Although, I'm certain they wouldn't approve of this screenshot here...
Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Wednesday, July 28, 2010
Talk about facebook funnies
http://graph.facebook.com/566543089 -> now that's funny ! :D
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
{
"id": "566543089",
"name": "Leo Fu",
"first_name": "Leo",
"last_name": "Fu",
"link": "http://www.facebook.com/people/Leo-Fu/566543089",
"gender": "male",
"locale": "zh_HK"
}
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
{
"id": "676543089",
"name": "Michael Seng",
"first_name": "Michael",
"last_name": "Seng",
"link": "http://www.facebook.com/people/Michael-Seng/676543089",
"gender": "male",
"locale": "en_US"
}
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
Monday, June 7, 2010
OWASP - Zone Transfer?
OWASP's domains ending with .org and .com are vulnerable to DNS Zone Transfer... Is it because, they preach only web security? That they never bothered to touch the network side of things ?
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Thursday, January 7, 2010
MIT Press - XSS - Happy new year to one and all !
######################################
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp
Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp
Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
Sunday, September 20, 2009
XSS in Linuxmafia website - Today's lulz
#########################
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
Subscribe to:
Posts (Atom)