Tag Archive | "cross-site-scripting"


30 July 2014 | 3,331 views

XSSYA – Cross Site Scripting (XSS) Scanner Tool

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2″ which searches for the payload decoded in the [...]

Continue Reading


23 February 2011 | 14,607 views

Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements

We wrote our first review of Acunetix WVS 6 back in January 2009 and published an update about the release of Acunetix Web Vulnerability Scanner (WVS) 6.5 in June 2009. The team over at Acunetix have been working hard on version 7 for quite some time and released a new build with added features earlier [...]

Continue Reading


07 May 2010 | 8,292 views

Jarlsberg – Learn Web Application Exploits and Defenses

This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is [...]

Continue Reading


22 April 2010 | 15,381 views

PayPal Patches Critical Security Vulnerabilities

PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. [...]

Continue Reading


13 April 2010 | 7,488 views

x5s – Automated XSS Security Testing Assistant

x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 encodings [...]

Continue Reading


12 March 2010 | 10,808 views

Vicnum – Lightweight Vulnerable Web Application

Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, [...]

Continue Reading


18 February 2010 | 5,401 views

Google Buzz Patches XSS Flaw In Mobile Version

You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of you [...]

Continue Reading


04 January 2010 | 5,047 views

Researcher Uncovers XSS Flaws In Twitter and Google Calendar

More flaws discovered in Twitter and Google Calender during the holiday season. Once again XSS flaws have been discovered in popular web apps, but at least they were reported and not used nefariously this time. Fixes have been issued promptly by both Google and Twitter so there is not much cause for concern this time [...]

Continue Reading


14 December 2009 | 6,783 views

Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual [...]

Continue Reading


27 October 2009 | 4,449 views

Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question. [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·