Wednesday, August 26, 2009

Advisory Updates: Q2 2009, and a bit more...

Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.

The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))

ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...

Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.

Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised

Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !

Cheers :)
Kish
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , ,

Whitehouse.gov - One for the "lulz"

#########################
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.whitehouse.gov

Click here for the demo

LOL ! Please put some of your resources to work ;)

Cheers,
Kish !
Posted by at No comments:
Labels: , , , , , , , , , , , , ,

ESPN Shop - XSS

#########################
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.espnshop.com


Click here for the demo

Learn input validation, and try to use it :)

Cheers,
Kish !

P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.
Posted by at No comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)