You can use this query...
intext: * jQuery 1.2.6 - New Wave Javascript * * Copyright (c)
You can check a specific website using the site operator...
Cheers,
Kish
Monday, July 11, 2011
New Google Dork (Thanks AXN!)
Presenting our own google dork, which stemmed from the AXN site goodies... To check whether a particular site uses jQuery extensively...
You can use this query...
You can check a specific website using the site operator...
Cheers,
Kish
You can use this query...
You can check a specific website using the site operator...
Cheers,
Kish
AXN India - Exposed to the Internet
A simple google query did the trick... :D
This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)
Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...
Stopped playing for we didn't want to end up accidentally hacking the website :))
Bottom line: Functionally sound, security wise - bad idea?
Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D
This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)
Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...
Stopped playing for we didn't want to end up accidentally hacking the website :))
Bottom line: Functionally sound, security wise - bad idea?
Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D
Money Image - Error Based SQLi
########################################
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################
Money Image is a website similar to Image shack :)
Click here for demo
Fix your input validation fellas !
Cheers,
Kish
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################
Money Image is a website similar to Image shack :)
Click here for demo
Fix your input validation fellas !
Cheers,
Kish
Matasano Chargen - Redirection
########################################
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################
When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D
>> Click here for redirect demo <<
This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !
Cheers,
Kish
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################
When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D
>> Click here for redirect demo <<
This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !
Cheers,
Kish
Subscribe to:
Posts (Atom)