Archive | Web Hacking


10 August 2006 | 4,546 views

OWASP – Fortify Bug Taxonomy

Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of […]

Continue Reading


08 August 2006 | 5,065 views

Cyberwar Efforts Step-Up – NASA Sites Hacked

Ah cyberwar, cyber terrorism, efforts are ramping up, more sites are going down. The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel. Today two NASA websites were attacked as well. […]

Continue Reading


07 August 2006 | 11,566 views

Wapiti – Web Application Scanner / Black-box testing

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, […]

Continue Reading


01 August 2006 | 11,984 views

Israeli Hackers Join the War Against Palestinian Sites

Israeli hackers have decided to ‘help’ and join the war against Palestine. The hackers group that calls itself “IDF” (which also means Israeli Defence Force) has hacked dozens of sites, erased the site content and replaced it the index with a picture of the Lebanon destruction that is made by Israeli Defence Force as an […]

Continue Reading


01 August 2006 | 13,869 views

SpikeSource Spike PHP Security Audit Tool

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP. The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week. This tool is especially welcomed by Darknet as […]

Continue Reading


31 July 2006 | 6,407 views

WordPress 2.0.4 Released – Fixes Security Issues

Just to let you all know, if you are using WordPress you can upgrade today. The latest stable release of WordPress (Version 2.0.4) is available. his release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid […]

Continue Reading


30 July 2006 | 5,915 views

Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service. It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site. eplawless stated the following: It was me. I did […]

Continue Reading


27 July 2006 | 17,141 views

Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below

Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you […]

Continue Reading


08 July 2006 | 13,993 views

WebScarab – Web Application Analysis – New Version

WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review […]

Continue Reading


04 July 2006 | 38,965 views

Absinthe Blind SQL Injection Tool/Software

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery. Features: Automated SQL Injection Supports MS SQL Server, […]

Continue Reading