Thanks to the Hakin9 Team for sending me a copy for review. This issue of Hakin9 comes with a new set of articles on various topics such as Bruteforce, Malware analysis, and Examining malicious PDF documents.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Wednesday, July 8, 2009
Thursday, June 25, 2009
Electronic Arts - XSS vulnerability
#########################
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com
Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com
Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
Friday, May 29, 2009
XSS in Blogarama
#########################
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################
Vuln URL: hxxp://www.blogarama.com
Click here for the demo
Fix input validation in your website...
Cheers :)
Kish
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################
Vuln URL: hxxp://www.blogarama.com
Click here for the demo
Fix input validation in your website...
Cheers :)
Kish
Sunday, May 17, 2009
XSS in Adobe's Store
#############################
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################
Vuln URL: hxxps://store3.adobe.com
Click here to see the demo
Fix your input validation, and make shopping with adobe a good memory for the customer.
Cheers :)
Kish
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################
Vuln URL: hxxps://store3.adobe.com
Click here to see the demo
Fix your input validation, and make shopping with adobe a good memory for the customer.
Cheers :)
Kish
Sunday, May 3, 2009
HTML Injection in ZDNET
############################
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################
Vuln URL: hxxp://blogs.zdnet.com
Click here to see the demo
Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*
Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))
Cheers,
Kish
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################
Vuln URL: hxxp://blogs.zdnet.com
Click here to see the demo
Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*
Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))
Cheers,
Kish
Wednesday, April 29, 2009
SQLi and XSS vulnerabilities in IPL website
###################################
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################
Vuln URL: hxxp://www.iplt20.com
Click here for SQLi demo
There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)
What's more you can insert, update, and delete tables in their DB :))
Happy hunting, Cheers!
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################
Vuln URL: hxxp://www.iplt20.com
Click here for SQLi demo
There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)
What's more you can insert, update, and delete tables in their DB :))
Happy hunting, Cheers!
Saturday, April 25, 2009
XSS in Imageshack
################################
# Website: http://www.imageshack.us
# Bug: XSS
# Date: 25.04.09
##############################
# Website: http://www.imageshack.us
# Bug: XSS
# Date: 25.04.09
##############################
Vuln URL: hxxp://www.imageshack.us
Click here for XSS demo
Fix your input validation.
Cheers,
Kish
Subscribe to:
Posts (Atom)