[ad] Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has […]
Search Results for: xss
Serious Exploit in Windows Media Player (WMP)
[ad] Oh look! Another 0-day in Windows…this time in Media Player, there was a few in Word lately and the latest thing that just hit is an XSS flaw in PDF files online. I’ll report more on those later. The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling […]
Backframe (Formerly Backweb) JavaScript Attack Console
There has been a recent release of Backframe (Formerly Backweb) Attack Console. Backframe Attack Console was started as an experiment to create a full featured attack console for exploiting web browsers, web users and remote applications. Those who are familiar with XSS Proxy or even BEEF might already be familiar with the core principles of […]
Wapiti – Web Application Scanner / Black-box testing
[ad] Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a […]
Paros Proxy 3.2.11 Released – MITM HTTP and HTTPS Proxy
Paros 3.2.11 has been released. This version is a maintenance release with a useful feature requested by various users. All users are recommended to upgrade to this version. One of my favourite proxy options, along side the Burp Proxy (evolved into Burp Suite). Paros labels itself as MITM Proxy + Spider + Scanner plus anything […]