Archive | Web Hacking


29 August 2006 | 12,281 views

Link & Comment Spamming – A possible solution.

Recently one of the sites I am developing for my self was link spammed. Some unpleasant individual decided that it would be fun to post 160 ‘comments’ spread over all the blog posts. All the comments contained was URL’s. Even more stupid they used BB tags, but as I wrote the site it doesn’t use [...]

Continue Reading


10 August 2006 | 4,544 views

OWASP – Fortify Bug Taxonomy

Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of [...]

Continue Reading


08 August 2006 | 5,060 views

Cyberwar Efforts Step-Up – NASA Sites Hacked

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down. The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel. Today two NASA websites were attacked as well. [...]

Continue Reading


07 August 2006 | 11,538 views

Wapiti – Web Application Scanner / Black-box testing

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, [...]

Continue Reading


01 August 2006 | 11,970 views

Israeli Hackers Join the War Against Palestinian Sites

Israeli hackers have decided to ‘help’ and join the war against Palestine. The hackers group that calls itself “IDF” (which also means Israeli Defence Force) has hacked dozens of sites, erased the site content and replaced it the index with a picture of the Lebanon destruction that is made by Israeli Defence Force as an [...]

Continue Reading


01 August 2006 | 13,656 views

SpikeSource Spike PHP Security Audit Tool

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP. The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week. This tool is especially welcomed by Darknet as [...]

Continue Reading


31 July 2006 | 6,406 views

WordPress 2.0.4 Released – Fixes Security Issues

Just to let you all know, if you are using WordPress you can upgrade today. The latest stable release of WordPress (Version 2.0.4) is available. his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid [...]

Continue Reading


30 July 2006 | 5,913 views

Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service. It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site. eplawless stated the following: It was me. I did [...]

Continue Reading


27 July 2006 | 17,135 views

Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below

Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you [...]

Continue Reading


08 July 2006 | 13,933 views

WebScarab – Web Application Analysis – New Version

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review [...]

Continue Reading