We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]
XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2” which searches for the payload decoded in the […]
We wrote our first review of Acunetix WVS 6 back in January 2009 and published an update about the release of Acunetix Web Vulnerability Scanner (WVS) 6.5 in June 2009. The team over at Acunetix have been working hard on version 7 for quite some time and released a new build with added features earlier […]
Tags: acunetix, acunetix review, acunetix scanner review, acunetix wvs, acunetix wvs review, acusensor, AJAX-Security, blind-sql-injection, cross-site-scripting, Hacking Tools, http fuzzer, penetration-testing, sql-injection, web vulnerability scanner, web-application-security, wvs
Posted in: Advertorial, Database Hacking, Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment
This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]
Tags: codelab, cross-site-scripting, csrf, denial-of-service, information disclosure, jarlsberg, learn web application security, learn web hacking, remote code execution, security bugs, vulnerable web app, vulnerable web application, web application codelab, web application defense, web security bugs, web-application-security, XSS
Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking | Add a Comment
PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. […]
Tags: avnet, cross site forgery request, cross-site-scripting, csrf, nir goldshlager, paypal csrf, paypal exploit, paypal security, paypal vulnerability, paypal xss, paypay privacy, web privacy, web-application-hacking, web-application-security, web-security, XSS
Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment
x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 encodings […]
Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, […]
You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of you […]
Tags: buzz, buzz privacy, buzz security, cross-site-scripting, exploit, google, google buzz, google buzz exploit, google buzz privacy, google buzz security, google buzz vulnerability, google-security, trainreq, vulnerability, web privacy, web-security, XSS
Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment
More flaws discovered in Twitter and Google Calender during the holiday season. Once again XSS flaws have been discovered in popular web apps, but at least they were reported and not used nefariously this time. Fixes have been issued promptly by both Google and Twitter so there is not much cause for concern this time […]
CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual […]
Tags: .net auditing tool, .net security, application-security, binary code analysis, binary-analysis, cat.net, code-auditing, Countermeasures, cross-site-scripting, microsoft security, Programming, software-security, source code auditing tool, sql-injection, static analysis, visual studio ide, Visual-Studio, windows-security, xpath injection, XSS
Posted in: Programming, Security Software, Windows Hacking | Add a Comment
