March 02, 2010
Posted by: Joy : Category:
Vulnerability
Status : Active
Multiply is a social networking service with an emphasis on allowing users to share media - such as photos, videos and blog entries - with their “real-world” network. The website was launched in March 2004 and is privately held with backing by VantagePoint Venture Partners, Point Judith Capital, Transcosmos, and private investors. Multiply has over 11 million registered users. The company is headquarterd in Boca Raton, Florida.
Multiply is also known for stronger user security than most social networking sites. Users can limit if their item can be viewed by setting security settings to Public, Private (network only), or Private (invite only) for each item on their site.
Read more…
March 02, 2010
Posted by: Joy : Category:
Vulnerability
Status : Active
Tagged is the 3rd largest social network in the US, and has over 80 million members worldwide. Lately i have also found a hole to insert XSS vector on their profile page. You can see it live on this page
Screenshot:
Read more…
February 14, 2010
Posted by: Joy : Category:
Vulnerability
Status :
Active, Partially Patched (> March 2010)
As the slogan of this blog says there’s always a crack in everything, that’s how the light gets in, yes, it’s true, even on Facebook, there’re some holes left. The secret is left behind their application module. Around last November, 2009, holes for tweaking facebook found when i was looking for bugs, and the XSS was firstly only for IE + old Fx browser only.
Screenshot :
Read more…
August 28, 2009
Posted by: Joy : Category:
Vulnerability
Here, we’re gonna show you XSS (Cross Site Scripting) and XFS (XSS From SQLi) bugs on some Indo TV Stations Websites.
As you might already know that Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack everything looks fine to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss (Taken from wikipedia).
Here are some examples of their vulnerable URL :
Read more…
April 09, 2009
Posted by: Joy : Category:
Vulnerability
In my country, we can easily find lots of bugs on some big education institution websites, lets just say ITB (Institut Teknologi Bandung), UGM (Universitas Gadjah Mada), UI (Universitas Indonesia) or maybe like IPB (Institut Pertanian Bogor/Bogor Agricultural University). How could they miss it while in case they have quite good standard in computer and information technology, they have Computer Science Faculty, havent they? I can even still remember about the sql injection thingy on IPB site last two months a go. It’s a good thing they have fixed the bug, but if i’m not mistaken, it took them around one or two week to fixed it since we informed them about it, lolz.. Where’s the admin anyway?
OK, let’s just go straight to the topic, XSS. Here are some examples of their XSS thingy :
Read more…
Loading ...
Media-Box
