SoftRatty: tag: xss

XSS Methods Also Seen Being Used in Mass Compromises

2008-06-01 14:50:32 by manunkind in PC Sympathy

XSS (Cross-Site Scripting) Very Much Alive and Kicking We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that...

Tags: attacks, inject xss attacks, xss, xss attacks, xss attacker, xss issues, xss vulnerabilities, web, mislead web applications

Major security sites hit by XSS bugs

2008-06-12 12:03:32 by manunkind in PC Sympathy

...XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could be used to launch scams or implant malicious code on the systems of visiting users, according to XSSed Recent research has shown that attackers are increasingly - even predominantly - now using legitimate sites to...

Tags: xss, sites, flaws, xss flaws, symantec sites, symantec, malware distribution sites, malware, malware links

Cross-Site Scripting (XSS) - A Real-World Example

2008-06-14 13:56:39 by manunkind in PC Sympathy

...XSS) is an attack thats pretty basic to detect, pretty basic in execution, and youd think that it would be rather simple to understand. Unfortunately this is apparently not the case. I wont go into the details of Cross-Site Scripting because others have beat that to death - but rather Im going to go through a little real-world exercise for...

Tags: xss, cross-site, wide-spread xss, pretty basic, xss methods, url, non-malicious checks, malicious, actual url

Stop XSS attacks with SafeHTML

2008-04-30 11:42:33 by manunkind in PC Sympathy

...XSS HTML parser, written in PHP Source: Hackszine Related posts Vulnerability in Google spreadsheets allows cookie stealing The Snare Of Unauthorized Requests Second mass hack exposed SANS solves mystery of mass Web site infections Content Injection: Hack the Hacker

Tags: safehtml, safehtml object, inputfield, inputfield parameter, html, safehtml filter, html input, inputfield post, object tags

PayPal XSS vulnerability affects EV SSL

2008-05-17 00:13:09 by manunkind in PC Sympathy

...XSS attack on Barack Obamas Web site in April, said his vulnerability also affected EV SSL pages In response, a PayPal representative said: At PayPal, we take safety and security very seriously. As soon as we were informed of this exploit, we began working very quickly to shut it down. To our knowledge, this exploit was not used in any...

Tags: paypal, paypal account, weeks ago paypal, paypal representative, vulnerability, ssl, ensure security, security, page

Verisign, McAfee and Symantec sites can be used for phishing due to XSS

2008-06-09 15:38:00 by manunkind in PC Sympathy

...XSS Methods Also Seen Being Used in Mass Compromises Whale Phishing Symantec Launches Online Fraud Protection New Adobe Flaw Being Used in Attacks Hackers exploit poor website code

Tags: xss methods, online users, mass compromises, adobe flaw, security companies, attacks, story, rest, possibilities

Microsoft Outlook Web Access XSS (MS08-039)

2008-07-17 18:11:49 by manunkind in PC Sympathy

...XSS Methods Also Seen Being Used in Mass Compromises The Snare Of Unauthorized Requests Microsoft Unveils New Internet Explorer Security Features Firefox developers tinker with new security protections Cross-Site-Scripting with Morse code

Tags: outlook web access, access, victims e-mail account, victims, control, persistent control, firefox developers tinker, attacker, javascript root-kits

Symbiotic Vs Parasitic Computing

2008-03-15 14:23:31 by RSnake in ha.ckers.org web application security lab

...XSS worms, CSRF, SQL injection, etc None of which have any positive effects on the host system But each of those classes of vulnerabilities also share one other thing - with the exception of persistent XSS/HTML injection or changes to the database they each have very little longevity compared to OS compromises. Adding an account in a database...

Tags: parasitic, conference, first-time conference, persistent, persistent xss, symbiotic, host, host system, machine

Interview with Jeremiah Grossman on LearnSecurityOnline.com

2008-04-10 18:01:00 by CG in Carnal0wnage Blog

...XSS a lot more. The malware guys will continue defacing highly trafficked and trusted websites to exploit their visitors Web browsers. And the high-end espionage attack types will go for the Intranet hacking stuff using JavaScript malware. Its the latter thatll be hard to track, measure, and defend LSO Can you compare/rate the criticality of...

Tags: visitors web browsers, web browsers, web, web development background, web servers, web application pen-tester, web language, language, web security takes

ASP.NET 1.1 vs 2.0

2008-04-23 14:44:23 by RSnake in ha.ckers.org web application security lab

...XSS protection . Surprisingly, its actually gotten quite a bit worse between the two versions. So much so that all the event handlers are now wide open, directives are wide open, and style sheets are wide open. I havent tested this myself yet, but if Michaels diagnosis is correct thats spelling bad news for

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo