Archive | Web Hacking


28 May 2006 | 7,377 views

MySpace Hackers in Police Custody

MySpace owned again..let’s quote them for a penetration test or vulnerability assessment haha. TWO New York teenagers are reportedly in police custody after allegedly threatening to give out the personal information of users of MySpace.com unless they are paid $US150,000 ($200,000). Associated Press reported Shaun Harrison, 18, and Saverio Mondelli, 19, of Suffolk County, face [...]

Continue Reading


20 May 2006 | 14,856 views

The Biggest Web Defacement Ever

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle [...]

Continue Reading


19 May 2006 | 10,439 views

Paros Proxy 3.2.12 Released – MITM HTTP and HTTPS Proxy

Paros 3.2.12 is released. This version is a maintenance release which fix a potental 100% cpu consumption issue. All users are recommended to upgrade to this version. The changes are: – Use newest external library for HTTP handling. – Enable/disable spider to POST forms in options panel to avoid generating unwanted traffic (default to enable). [...]

Continue Reading


18 May 2006 | 11,202 views

Sprajax – An Open Source AJAX Security Scanner

Denim Group Ltd. announced today the public release of Sprajax, an open source web application security scanner developed to assess the security of AJAX-enabled web applications. Sprajax is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Denim Group, an IT consultancy specializing in web application security, recognized that [...]

Continue Reading


09 May 2006 | 4,013 views

ASP.NET Memberships and Roles

If your familiar with asp.net, you’ll know the feeling of wasting hours searching through countless settings to get an app working, and then the many more hours it takes to tweak IIS to get your site running smoothly. But this is nothing compaired to getting authentication and domain controllers properly integrated. On Microsofts asp.net newsgroup [...]

Continue Reading


28 April 2006 | 20,711 views

Paros Proxy 3.2.11 Released – MITM HTTP and HTTPS Proxy

Paros 3.2.11 has been released. This version is a maintenance release with a useful feature requested by various users. All users are recommended to upgrade to this version. One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite). Paros labels itself as MITM Proxy + Spider + Scanner plus anything [...]

Continue Reading


14 April 2006 | 53,700 views

bsqlbf 1.1 – Blind SQL Injection Tool

bsqlbf is a tool for Blind SQL Injection attacks, a pretty nifty one too! The author says there are similar tools about, but he’s tried to combine all the techniques into one compact but complete tool. # CHANGELOG: # -get now support resume (with -start option) # -get to fetch files (thank you ilo AGAIN) [...]

Continue Reading


12 April 2006 | 21,696 views

Paros Proxy 3.2.10 Released – MITM HTTP and HTTPS Proxy

One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite). I’ll definately talk more about the Burp Suite later as it’s excellent for testing anything web-based. Paros labels itself as MITM Proxy + Spider + Scanner plus anything else you want it to be, it is a pretty neat piece [...]

Continue Reading


05 April 2006 | 119,103 views

AJAX: Is your application secure enough?

Introduction We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object. Webmail applications use it to quickly update the list of [...]

Continue Reading


01 April 2006 | 16,813 views

P*rn Database Hacked – Buyers Exposed!

Haha, well serves them right, get out and get laid guys. Online payment company iBill on Thursday said a massive cache of stolen consumer data uncovered by security experts did not come from its database. “I’m the first person that would have taken this to the FBI and the first person to have gone on [...]

Continue Reading