Archive | Web Hacking

Advertisements


21 March 2015 | 1,076 views

XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool

We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]

Continue Reading


19 March 2015 | 354 views

Pinterest Bug Bounty Program Starts Paying

There’s been a fair bit of news about bug bounty programs in the past year or so, with Twitter officially starting to pay bug bounties at the end of 2014 and Google recently removing the caps from their program and making Pwnium all year round. The latest news is Pinterest bug bounty program has started […]

Continue Reading


14 March 2015 | 1,179 views

wig – CMS Identification & Information Gathering Tool

wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. It’s strength is CMS identification, it can also attempt to do OS fingerprinting. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score […]

Continue Reading


01 March 2015 | 1,918 views

CMSmap – Content Management System Security Scanner

CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. […]

Continue Reading


10 February 2015 | 1,410 views

Droopescan – Plugin Based CMS Security Scanner

Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe. Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made […]

Continue Reading


05 February 2015 | 1,817 views

Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records

Anthem Hacked! Everyone is screaming, I was like WTF is Anthem? Turns out it’s part of the 2nd largest health insurance provider in the US (Wellpoint) after United Healthcare – so it’s a pretty big deal with an estimated 70 Million people on its books. Of course according to them, “Anthem was the target of […]

Continue Reading


09 December 2014 | 1,791 views

InsomniaShell – ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell. ASP.NET is an open source server-side Web application framework designed for […]

Continue Reading


06 December 2014 | 1,808 views

WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1500 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework […]

Continue Reading


02 December 2014 | 1,985 views

Gruyere – Learn Web Application Exploits & Defenses

This codelab is built around Gruyere – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]

Continue Reading


22 November 2014 | 1,865 views

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild. The most recent time was this year actually, but was a DoS attack, which is not THAT […]

Continue Reading


Advertisements