Archive | Web Hacking


08 January 2014 | 1,204 views

Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Bitcoin and other cryptocurrencies are pretty much headline news every day now, especially with the inflated values (Bitcoin over $1000 recently). We haven’t mentioned them for a long time though, back in 2012 we wrote about Hackers breaking into a Bitcoin Exchange Site called Bitcoinica. There have been plenty of Bitcoin related hacks since then, [...]

Continue Reading


06 January 2014 | 2,159 views

xssless – An Automated XSS Payload Generator Written In Python

xssless is an automated XSS payload generator written in python. Usage Record request(s) with Burp proxy Select request(s) you want to generate, then right click and select “Save items” Use xssless to generate your payload: ./xssless.py burp_export_file Pwn! Features Automated XSS payload generation from imported Burp proxy requests Payloads are 100% asynchronous and won’t freeze [...]

Continue Reading


25 November 2013 | 1,356 views

vBulletin.com Hacked – Forum User Emails & Encrypted Passwords Leaked

vBulletin.com hacked is the latest news going around, there seems to have been a spate of these lately, with huge numbers of user accounts leaked. Thankfully this time, the passwords are actually hashed, but with what algorithm – we aren’t quite sure. Perhaps someone could figure it out with HashTag. I do have some vBulletin [...]

Continue Reading


20 November 2013 | 3,667 views

Cupid Media Hack Exposes 42 Million Passwords In Plain Text

42 Million Passwords – now that’s a big number, and the worst part – they aren’t even hashed. Nope, not at all – not even badly. Apparently the intrusion took place earlier this year, in January 2013 – but there was no public announcement. The data was found on the same server where the hacked [...]

Continue Reading


06 November 2013 | 2,215 views

aidSQL – PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem [...]

Continue Reading


04 November 2013 | 851 views

Anonymous Targets Singapore For Proposed Internet Licensing Rules

So the latest news in South East Asia is that someone claiming to be affiliated with Anonymous is waging a digital war against Singapore due to their proposed Internet licensing rules, which are akin to backdoor censorship. You can see the Youtube video here: The Anonymous Legion Threatens Singapore Government They already started by attacking [...]

Continue Reading


28 October 2013 | 1,506 views

Major Adobe Hack – Acrobat & ColdFusion Source Code Leaked

So earlier this month there was a major Adobe hack and the source code for a couple of it’s mainstream products (Acrobat Reader, ColdFusion and ColdFusion Builder) was leaked and downloaded, most likely in it’s entirety. There was a bit of a panic surrounding this as the software is used by a lot of major [...]

Continue Reading


10 October 2013 | 1,262 views

AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists

There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages. DNS security has been overlooked for a long time, with most companies not using DNSSEC [...]

Continue Reading


07 October 2013 | 3,567 views

Mutillidae – Vulnerable Web-Application To Learn Web Hacking

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest to learn web hacking. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The [...]

Continue Reading


12 June 2013 | 2,932 views

OWASP Bricks – Modular Deliberately Vulnerable Web Application

Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’. Road Map Demonstrate maximum variations of most common vulnerabilities Help people to learn the need of secure [...]

Continue Reading