################################################
# Website: www.papajohnspizza.in
# Date: 20.03.13
# Bug: File Inclusion (Remote / Local)
###############################################
And please guys make your website a little secure, it shouldn't take 'just' 20 minutes for server pwnage (sic)... Do your homework on the login page, scripting on the client side and remove the plugins that are not necessary... More importantly allocate a budget towards securing your website, because your WWW is your brand image on the Internet.
Cheers,
Kish
Showing posts with label Insecure Times. Show all posts
Showing posts with label Insecure Times. Show all posts
Tuesday, March 19, 2013
Tuesday, January 17, 2012
Happy NY2012 - Directory Traversal
Shouts to all the people who tell me, directory traversal / listing is NOT important.
Additional shouts to people who tell me, how their website "security" budget is cramped, but they can do endless scans of their intranet, internal network and desktops for compliance, year on year! :)
################################################
# Website: www.mmasuperstore.com.au
# Date: 18.01.12
# Bug: Database PWNage
###############################################
If only you guys had invested a portion of the money you spent on design towards security, this day would not have arrived!
But, Enjoy while it lasts... Consider this to be more publicity :))
Directory Traversal Vuln - MMA Super Store
WP Config File - MMA Super Store
What you have to learn from this incident is invest in security... as much or a portion of your design budget. Test the website with QA & Security instead of designing eye candy and flashing banners for "affiliate" dollars in mind!
When you run an online store and sell merchandise, please provide the "level of security" promised in your privacy statement instead of keeping things adhoc and designing a flashy website. The Internet is not a secure place, the Internet was not designed with adequate security.
Directory traversal is often overlooked and Websites don't get the attention they deserve, in 2012, that's a bad statistic !
Cheers,
Kish
Additional shouts to people who tell me, how their website "security" budget is cramped, but they can do endless scans of their intranet, internal network and desktops for compliance, year on year! :)
################################################
# Website: www.mmasuperstore.com.au
# Date: 18.01.12
# Bug: Database PWNage
###############################################
If only you guys had invested a portion of the money you spent on design towards security, this day would not have arrived!
But, Enjoy while it lasts... Consider this to be more publicity :))
Directory Traversal Vuln - MMA Super Store
WP Config File - MMA Super Store
What you have to learn from this incident is invest in security... as much or a portion of your design budget. Test the website with QA & Security instead of designing eye candy and flashing banners for "affiliate" dollars in mind!
When you run an online store and sell merchandise, please provide the "level of security" promised in your privacy statement instead of keeping things adhoc and designing a flashy website. The Internet is not a secure place, the Internet was not designed with adequate security.
Directory traversal is often overlooked and Websites don't get the attention they deserve, in 2012, that's a bad statistic !
Cheers,
Kish
Labels:
Crimemachine,
Directory,
Google Hacking,
Hacking,
Insecure Times,
MMA,
Store,
Super,
Traversal,
Web Hacking,
Web Security
Tuesday, October 18, 2011
Metallica Concert - Oct 30th, Bangalore
################################################
# Website: www.ticketgenie.in
# Date: 18.10.11
# Bug: XSS / SQLi / Multiple Vulnerabilities
###############################################
Special advisory dedicated to all metal heads and headbangers from all over the world. The concert tickets for Metallica's show at Bangalore, Palace grounds is available at TicketGenie website... The tickets started getting sold publicly 3 days back according to a news website. So you can pay for the ticket or get it for FREE :D
How many tickets do you want? :))
Want to track other people's tickets?
BONUS: Login page is vulnerable to bruteforce attacks, since there is no account lockout mechanism
We have not included Proof-of-Concept demonstrations as with other posts, since the pages can be abused to buy free tickets :))
A website which deals with financial information should be better protected than this... I am NOT going to trust Ticket Genie with my credit card, unless they show some improvement with security.
Cheers,
Kish
# Website: www.ticketgenie.in
# Date: 18.10.11
# Bug: XSS / SQLi / Multiple Vulnerabilities
###############################################
Special advisory dedicated to all metal heads and headbangers from all over the world. The concert tickets for Metallica's show at Bangalore, Palace grounds is available at TicketGenie website... The tickets started getting sold publicly 3 days back according to a news website. So you can pay for the ticket or get it for FREE :D
How many tickets do you want? :))
Want to track other people's tickets?
BONUS: Login page is vulnerable to bruteforce attacks, since there is no account lockout mechanism
We have not included Proof-of-Concept demonstrations as with other posts, since the pages can be abused to buy free tickets :))
A website which deals with financial information should be better protected than this... I am NOT going to trust Ticket Genie with my credit card, unless they show some improvement with security.
Cheers,
Kish
Labels:
Bangalore,
Concert,
Crimemachine,
Free Ticket,
Genie,
Headbangers,
Insecure,
Insecure Times,
Metal,
Metalheads,
Metallica,
SQLi,
Ticket,
Ticketgenie,
Web Hacking,
Whack,
XSS
Thursday, October 6, 2011
Exploit Pack - Another Open Source Security Framework
Hey y'all,
Exploit Pack is a New Framework by former CORE Security employee (Anibal Sacco), so I am not surprised he uses python for the engine... Core IMPACT uses a similar style. The GUI is Java based though, why oh why do people code in this memory intensive thing called Java, cut me some slack with the platform independence please...
OK, Python is very versatile for coding a framework (eg: Immunity's CANVAS)... but with IMPACT, CANVAS and Metasploit in the fray... especially MSF (has gained enormous feedback + support) which is why Rapid7 bought the framework and paid developers to continue the good work... As a fourth addition, it may or may not make it... but it will certainly be a learning experience for the "new business" entrepreneur.
Interestingly enough, Metasploit has super integrated in to the "security tools" (that we use regularly) and has cemented it's place as de-facto standard for client-side, phishing, churning new sploits, wifi pen testing, web application exploitation, even PBX systems can be attacked and with the new vSploit modules... being introduced, it just keeps getting better and better... CORE pwned MSF simply by integrating the framework itself in to IMPACT's arsenal. Currently IMPACT has over 2500 exploits and counting... :))
If I were to have mad assembly skills and I learnt exploit coding from CORE's internal resource - Gera, I would be coding exploits and selling them to ZDI hands down... Plus, the $2 USD bounty is very miniscule compared to Google, Facebook and other bug bounties :)
Now that I have reasoned out a lot of "cons", here's one big "pro"... When the users read these words "module editor that allows you to create your own custom exploits" (similar to MSF eXploit Builder by Jerome Athias). You can still edit the templates in CANVAS or MSF to do the same thing only in python / ruby respectively. Immunity had a similar plugin called visualsploit to build exploits graphically, but they stopped selling it soon after introducing it... Recently they started giving out VisualSploit with every CANVAS license...
Saw this a couple of days ago on Twitter. Good luck to him, he is talented... but is he business savvy? That's for us to wait and see...
Visit http://www.exploitpack.com for more details
Cheers,
Kish
Exploit Pack is a New Framework by former CORE Security employee (Anibal Sacco), so I am not surprised he uses python for the engine... Core IMPACT uses a similar style. The GUI is Java based though, why oh why do people code in this memory intensive thing called Java, cut me some slack with the platform independence please...
OK, Python is very versatile for coding a framework (eg: Immunity's CANVAS)... but with IMPACT, CANVAS and Metasploit in the fray... especially MSF (has gained enormous feedback + support) which is why Rapid7 bought the framework and paid developers to continue the good work... As a fourth addition, it may or may not make it... but it will certainly be a learning experience for the "new business" entrepreneur.
Interestingly enough, Metasploit has super integrated in to the "security tools" (that we use regularly) and has cemented it's place as de-facto standard for client-side, phishing, churning new sploits, wifi pen testing, web application exploitation, even PBX systems can be attacked and with the new vSploit modules... being introduced, it just keeps getting better and better... CORE pwned MSF simply by integrating the framework itself in to IMPACT's arsenal. Currently IMPACT has over 2500 exploits and counting... :))
If I were to have mad assembly skills and I learnt exploit coding from CORE's internal resource - Gera, I would be coding exploits and selling them to ZDI hands down... Plus, the $2 USD bounty is very miniscule compared to Google, Facebook and other bug bounties :)
Now that I have reasoned out a lot of "cons", here's one big "pro"... When the users read these words "module editor that allows you to create your own custom exploits" (similar to MSF eXploit Builder by Jerome Athias). You can still edit the templates in CANVAS or MSF to do the same thing only in python / ruby respectively. Immunity had a similar plugin called visualsploit to build exploits graphically, but they stopped selling it soon after introducing it... Recently they started giving out VisualSploit with every CANVAS license...
Saw this a couple of days ago on Twitter. Good luck to him, he is talented... but is he business savvy? That's for us to wait and see...
Visit http://www.exploitpack.com for more details
Cheers,
Kish
Labels:
CANVAS,
CORE Security,
Crimemachine,
Exploit Pack,
Exploits,
Framework,
Immunity,
Insecure Times,
Metasploit,
Pack,
Python,
Ruby
Wednesday, September 14, 2011
Mexico CNN Website - Open redirect
########################################
# Website: http://mexico.cnn.com
# Date: 14.09.11
# Bug: Open Redirection Page
########################################
Click here for demo
I could use a r57shell with this to make it look more scary :)
Sidenote: GoDaddy has made an effort to make us look good, by putting up their default banner...hmmm !
Cheers,
Kish
# Website: http://mexico.cnn.com
# Date: 14.09.11
# Bug: Open Redirection Page
########################################
Click here for demo
I could use a r57shell with this to make it look more scary :)
Sidenote: GoDaddy has made an effort to make us look good, by putting up their default banner...hmmm !
Cheers,
Kish
Labels:
CNN,
Crimemachine,
Digi,
Insecure,
Insecure Times,
Mexico,
R57Shell,
Whack
Monday, July 11, 2011
New Google Dork (Thanks AXN!)
Presenting our own google dork, which stemmed from the AXN site goodies... To check whether a particular site uses jQuery extensively...
You can use this query...
You can check a specific website using the site operator...
Cheers,
Kish
You can use this query...
intext: * jQuery 1.2.6 - New Wave Javascript * * Copyright (c)
You can check a specific website using the site operator...
Cheers,
Kish
Labels:
Crimemachine,
Google Dork,
Google Hacking,
Insecure,
Insecure Times,
Web Hacking
AXN India - Exposed to the Internet
A simple google query did the trick... :D



This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)

Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...

Stopped playing for we didn't want to end up accidentally hacking the website :))
Bottom line: Functionally sound, security wise - bad idea?
Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D



This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)

Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...

Stopped playing for we didn't want to end up accidentally hacking the website :))
Bottom line: Functionally sound, security wise - bad idea?
Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D
Labels:
AXN,
AXN India,
Crimemachine,
eBuzz,
Google,
Google Hacking,
Insecure,
Insecure Times,
Web Hacking
Money Image - Error Based SQLi
########################################
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################
Money Image is a website similar to Image shack :)
Click here for demo
Fix your input validation fellas !
Cheers,
Kish
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################
Money Image is a website similar to Image shack :)
Click here for demo
Fix your input validation fellas !
Cheers,
Kish
Labels:
Crimemachine,
Image,
Image Hosting,
Insecure,
Insecure Times,
Money,
Money Image,
SQL Injection,
SQLi,
Web Hacking,
Whack
Matasano Chargen - Redirection
########################################
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################
When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D
>> Click here for redirect demo <<
This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !
Cheers,
Kish
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################
When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D
>> Click here for redirect demo <<
This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !
Cheers,
Kish
Labels:
Chargen,
Crimemachine,
Experts,
Insecure,
Insecure Times,
Matasano,
Web Hacking,
XSS
Wednesday, June 29, 2011
No research off late (Kosova Airlines)
We have not been doing a lot of research and poking lately, in websites or networks...
We will eventually find time, and start looking for throw aways (XSS / SQLi). Please understand that full disclosure is good for everybody, instead of security by obscurity.
In the meantime, check out the Kosova Airlines website at www.flyksa.com

Or you can access their database here. Need I say more about bad coding practices?
Cheers,
Kish
We will eventually find time, and start looking for throw aways (XSS / SQLi). Please understand that full disclosure is good for everybody, instead of security by obscurity.
In the meantime, check out the Kosova Airlines website at www.flyksa.com

Or you can access their database here. Need I say more about bad coding practices?
Cheers,
Kish
Labels:
Airlines,
Back,
Crimemachine,
FlyKSA,
Insecure,
Insecure Times,
Kosova,
Research,
SQLi,
XSS
Thursday, December 30, 2010
ISS - Internet Security Systems?
I have great respect for the guys at ISS X-Force... You guys are the best, nothing personal :)
Although, I'm certain they wouldn't approve of this screenshot here...

Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Although, I'm certain they wouldn't approve of this screenshot here...

Vuln URL: hxxp://webapp.iss.net/Search.do
On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys
We are Back ! ;)
Labels:
Crimemachine,
Digi,
Experts,
HTML Injection,
IBM,
Insecure,
Insecure Times,
ISS,
Web Hacking,
Whack,
X-Force,
XSS
Wednesday, July 28, 2010
Talk about facebook funnies
http://graph.facebook.com/566543089 -> now that's funny ! :D
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
{
"id": "566543089",
"name": "Leo Fu",
"first_name": "Leo",
"last_name": "Fu",
"link": "http://www.facebook.com/people/Leo-Fu/566543089",
"gender": "male",
"locale": "zh_HK"
}
One more just to make sure, we can still rely on facebook ;)
nyaaaa, what's that : http://graph.facebook.com/676543089
{
"id": "676543089",
"name": "Michael Seng",
"first_name": "Michael",
"last_name": "Seng",
"link": "http://www.facebook.com/people/Michael-Seng/676543089",
"gender": "male",
"locale": "en_US"
}
Since when did we need a Opera or Firefox for facebook, lol ! :D
Cheers,
Kish
Labels:
Crimemachine,
Facebook,
Funny,
Graph me,
Humor,
Insecure,
Insecure Times,
social networking,
Web Hacking
Monday, June 7, 2010
OWASP - Zone Transfer?
OWASP's domains ending with .org and .com are vulnerable to DNS Zone Transfer... Is it because, they preach only web security? That they never bothered to touch the network side of things ?
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Labels:
Crimemachine,
Insecure Times,
ISECOM,
Network FAIL,
OWASP,
Zone Transfer
Thursday, January 7, 2010
MIT Press - XSS - Happy new year to one and all !
######################################
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp

Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
# Website: www.mit.edu
# Date: 08.01.10
# Bug: Cross Site Scripting (XSS)
#####################################
Search box vulnerable to XSS... after September, got really bored of XSS/SQL/RFI... that's why I took a break... but still, couldn't resist taking a shot at MIT Press ;)
So here goes the first post, for the new year - 2010
Vuln URL: hxxp://mitpress.mit.edu/catalog/search/default.asp

Click here for XSS demo
Solution: Try and validate input ... it's not good practice to let XSS through, for I recently investigated cases where XSS was used to install malicious code on to client systems for further access.
Cheers,
Kish :)
Labels:
Crimemachine,
Insecure,
Insecure Times,
MIT,
MIT Press,
XSS
Sunday, September 20, 2009
XSS in Linuxmafia website - Today's lulz
#########################
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.linuxmafia.com/kb/
Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...
Click here for the demo
Click here for another demo (this one's a bit serious)
Cheers,
Kish
Labels:
Crimemachine,
Hack,
Hacking,
Insecure,
Insecure Times,
linux,
linuxmafia,
lulz,
mafia,
Web Hacking,
Whack,
XSS
Wednesday, August 26, 2009
Advisory Updates: Q2 2009, and a bit more...
Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
Labels:
Adobe,
Blog,
Blogarama,
Crimemachine,
Digi,
Electronic Arts,
eShop,
Hack,
Hacking,
Indian Premier League,
Insecure,
Insecure Times,
IPL,
SQL Injection,
SQLi,
Web Hacking,
Whack,
XSS,
ZDNet
Whitehouse.gov - One for the "lulz"
#########################
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demo
LOL ! Please put some of your resources to work ;)
Cheers,
Kish !
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.whitehouse.gov
Click here for the demoLOL ! Please put some of your resources to work ;)
Cheers,
Kish !
Labels:
Crimemachine,
Gov,
Government,
Hack,
Hacking,
HTML Injection,
Insecure,
Insecure Times,
lulz,
Special,
Whack,
Whitehouse,
Whitehouse.gov,
XSS
ESPN Shop - XSS
#########################
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.espnshop.com

Click here for the demo
Learn input validation, and try to use it :)
Cheers,
Kish !
P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################
Vuln URL: hxxp://www.espnshop.com

Click here for the demo
Learn input validation, and try to use it :)
Cheers,
Kish !
P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.
Labels:
Crimemachine,
eShop,
ESPN,
ESPNShop,
Hack,
Hacking,
HTML Injection,
Insecure,
Insecure Times,
Web Hacking,
Whack,
XSS
Wednesday, July 8, 2009
Hakin9 - Issue (03/2009) - Review
Thanks to the Hakin9 Team for sending me a copy for review. This issue of Hakin9 comes with a new set of articles on various topics such as Bruteforce, Malware analysis, and Examining malicious PDF documents.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Labels:
Crimemachine,
Hacking,
hakin9,
hakin9 magazine,
Insecure Times,
magazine,
Review,
SQL Injection,
SQLi
Thursday, June 25, 2009
Electronic Arts - XSS vulnerability
#########################
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com

Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################
Vuln URL: hxxp://www.ea.com

Click here for the demo
FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...
Cheers :)
Kish
Labels:
Crimemachine,
EA.com,
Electronic Arts,
Hack,
Hacking,
HTML Injection,
Insecure,
Insecure Times,
Web Hacking,
XSS
Subscribe to:
Posts (Atom)







