DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. […]
Tags: brute force directories, brute force file names, dirbuster, directory brute forcing tool, directory discovery tool, file name brute forcing tool, information collection, information disclosure, owasp, penetration-testing, web mapping tool, website mapping tool
Posted in: Hacking Tools, Web Hacking | Add a CommentThe File Disclosure Browser takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. The author wrote it after […]
Something which caused some kind of stir last week was the hacking of the Canadian dating site Plenty of Fish (sometimes known as PoF) which rose to fame on the Webmaster forums for SEO due to a picture of Markus Frind holding an Adsense cheque for $132,000 for two months earning. For anyone not familiar […]
Tags: brian krebs, chris russo, dating site security, dating sites, hacking-websites, information disclosure, markus frind, plenty of fish, plenty of fish security, plentyoffish, plentyoffish.com, pof, privacy disclosure, sql-injection, web hack, Web Hacking, web-application-security, web-security
Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy, Web Hacking | Add a CommentThis is actually a very old flaw as it’s part of the core HTTP standards, it’s exploiting the very way in which the Internet works. Basically most browsers expose browsing history if probed in the right way, the fact was that it was just too resource intensive to get any useful data. Someone has refined […]
Tags: browser history, browser history attack, browsing history, expose browsing history, expose postcode, expose viewing habits, expose zip code, exposing browser history, exposing browsing history, firefox 4, information disclosure, information disclosure vulnerability, Privacy, privacy disclosure, viewing habits, what the internet knows about you, whattheinternetknowsaboutyou
Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a CommentThis codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]
Tags: codelab, cross-site-scripting, csrf, denial-of-service, information disclosure, jarlsberg, learn web application security, learn web hacking, remote code execution, security bugs, vulnerable web app, vulnerable web application, web application codelab, web application defense, web security bugs, web-application-security, XSS
Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking | Add a Comment
