Although, I'm certain they wouldn't approve of this screenshot here...
Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Thursday, December 30, 2010
ISS - Internet Security Systems?
I have great respect for the guys at ISS X-Force... You guys are the best, nothing personal :)
Although, I'm certain they wouldn't approve of this screenshot here...
Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Although, I'm certain they wouldn't approve of this screenshot here...
Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Wednesday, July 28, 2010
Talk about facebook funnies
http://graph.facebook.com/566543089 -> now that's funny ! :D
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
{
"id": "566543089",
"name": "Leo Fu",
"first_name": "Leo",
"last_name": "Fu",
"link": "http://www.facebook.com/people/Leo-Fu/566543089",
"gender": "male",
"locale": "zh_HK"
}
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
{
"id": "676543089",
"name": "Michael Seng",
"first_name": "Michael",
"last_name": "Seng",
"link": "http://www.facebook.com/people/Michael-Seng/676543089",
"gender": "male",
"locale": "en_US"
}
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
Monday, June 7, 2010
OWASP - Zone Transfer?
OWASP's domains ending with .org and .com are vulnerable to DNS Zone Transfer... Is it because, they preach only web security? That they never bothered to touch the network side of things ?
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Thursday, January 7, 2010
MIT Press - XSS - Happy new year to one and all !
######################################
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp
Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp
Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
Sunday, September 20, 2009
XSS in Linuxmafia website - Today's lulz
#########################
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
Wednesday, August 26, 2009
Advisory Updates: Q2 2009, and a bit more...
Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
Whitehouse.gov - One for the "lulz"
#########################
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demo
LOL ! Please put some of your resources to work ;)
Cheers,
Kish !
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demoLOL ! Please put some of your resources to work ;)
Cheers,
Kish !
Subscribe to:
Posts (Atom)