July 3rd, 2008

ratproxy - Passive Web Application Security Audit Tool

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

April 4th, 2008

ProxyStrike - Active Web Application Proxy

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.
Right now it has available SQL [...]

March 24th, 2008

SecurityCompass Exploit-Me - Firefox Web Application Testing Tools

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.
The Exploit-Me series was [...]

March 27th, 2007

JBroFuzz 0.5 from OWASP - Stateless Network Protocol Fuzzer

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, [...]

February 22nd, 2007

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs.
A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment.
So if [...]

February 19th, 2007

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought).
Once again an XSS flaw shows up in MySpace.

digi7al64 found yet another hole in myspace using non-alpha-non-digit exploit. Again, [...]

December 20th, 2006

XSS Shell v0.3.9 - Cross Site Scripting Backdoor Tool

XSS Shell is a powerful XSS backdoor which allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. Demonstrates the real power and damage of Cross-site Scripting attacks.
WHAT IS XSS SHELL ?
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy (http://xss-proxy.sourceforge.net/). Normally in XSS [...]

July 30th, 2006

Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability

Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service.
It seems the attacker did report the flaw to them repeatedly but they didn’t heed and ignored it, so he performed the XSS all over the site.

eplawless stated the following:
It was me. I did it. C’est [...]


Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This