Archive | Web Hacking


22 June 2006 | 14,335 views

Cross Site Scripting (XSS)

Cross Site Scripting, or know as XSS, is the most common basic web hacking technique… and harmless, as many would say… but on this matter I don’t really agree, that’s why I wrote this article. About XSS as I knew it is a very abstract definition for JavaScript injection, or at least this is what […]

Continue Reading


21 June 2006 | 18,656 views

Google’s Orkut Hit by Data Stealing Worm – Mw.Orc

So just a few days about there was a new MSN Worm – BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention. And of course plenty of nasty Trojans. A new Internet worm capable of stealing bank details and other […]

Continue Reading


18 June 2006 | 7,775 views

Microsoft got Defaced

No, it wasn’t Microsoft.com, still, a very cool hack. Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today. At the time of this writing, the site still hasn’t been fixed. […]

Continue Reading


15 June 2006 | 20,471 views

SQL Power Injector v1.1 Released

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page. For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode). Moreover this application […]

Continue Reading


13 June 2006 | 12,486 views

Oedipus – Open Source Web Application Security Analysis

Oedipus is an open source web application security analysis and testing suite written in Ruby by Penetration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities. Oedipus can be […]

Continue Reading


12 June 2006 | 5,440 views

Academic Papers on Web Application Security

I found a useful resource containing a whole list of academic papers on web-application security. This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication. Hacking web applications has become a big thing in the last 5 years, just look at the number […]

Continue Reading


28 May 2006 | 7,378 views

MySpace Hackers in Police Custody

MySpace owned again..let’s quote them for a penetration test or vulnerability assessment haha. TWO New York teenagers are reportedly in police custody after allegedly threatening to give out the personal information of users of MySpace.com unless they are paid $US150,000 ($200,000). Associated Press reported Shaun Harrison, 18, and Saverio Mondelli, 19, of Suffolk County, face […]

Continue Reading


20 May 2006 | 14,863 views

The Biggest Web Defacement Ever

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle […]

Continue Reading


19 May 2006 | 10,447 views

Paros Proxy 3.2.12 Released – MITM HTTP and HTTPS Proxy

Paros 3.2.12 is released. This version is a maintenance release which fix a potental 100% cpu consumption issue. All users are recommended to upgrade to this version. The changes are: – Use newest external library for HTTP handling. – Enable/disable spider to POST forms in options panel to avoid generating unwanted traffic (default to enable). […]

Continue Reading


18 May 2006 | 11,223 views

Sprajax – An Open Source AJAX Security Scanner

Denim Group Ltd. announced today the public release of Sprajax, an open source web application security scanner developed to assess the security of AJAX-enabled web applications. Sprajax is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Denim Group, an IT consultancy specializing in web application security, recognized that […]

Continue Reading