Archive | Web Hacking


31 July 2006 | 6,407 views

WordPress 2.0.4 Released – Fixes Security Issues

Just to let you all know, if you are using WordPress you can upgrade today. The latest stable release of WordPress (Version 2.0.4) is available. his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid [...]

Continue Reading


30 July 2006 | 5,913 views

Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service. It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site. eplawless stated the following: It was me. I did [...]

Continue Reading


27 July 2006 | 17,138 views

Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below

Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you [...]

Continue Reading


08 July 2006 | 13,936 views

WebScarab – Web Application Analysis – New Version

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review [...]

Continue Reading


04 July 2006 | 38,914 views

Absinthe Blind SQL Injection Tool/Software

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. Features: Automated SQL Injection Supports MS SQL Server, [...]

Continue Reading


04 July 2006 | 29,473 views

Data Mining MySpace Bulletins

An interesting find made by John Hackenger surfaced today. For those of you familiar with MySpace, you’ll know that it uses ‘Bulletins’ to send a single message to multiple friends in your list. Because the message is sent only to the people you have authorized to be on your list, sometimes you get a feel [...]

Continue Reading


28 June 2006 | 5,174 views

Web Services Attack Frequency Increasing

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others. As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers [...]

Continue Reading


24 June 2006 | 5,788 views

LiveJournal Advert Installs Malware

Seems like someone sneaked past the LiverJournal advertisers policy by only trying to infect Australian and European users. A certain advertiser (kpremium.com) – being sneaky and underhanded. It’s not LJ’s fault, LJ already disabled the advert from rotation. The ad itself is for a program that lets you download stuff – you know the sort [...]

Continue Reading


22 June 2006 | 14,331 views

Cross Site Scripting (XSS)

Cross Site Scripting, or know as XSS, is the most common basic web hacking technique… and harmless, as many would say… but on this matter I don’t really agree, that’s why I wrote this article. About XSS as I knew it is a very abstract definition for JavaScript injection, or at least this is what [...]

Continue Reading


21 June 2006 | 18,656 views

Google’s Orkut Hit by Data Stealing Worm – Mw.Orc

So just a few days about there was a new MSN Worm – BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention. And of course plenty of nasty Trojans. A new Internet worm capable of stealing bank details and other [...]

Continue Reading