August 28, 2009
Posted by: Joy : Category:
Vulnerability
Here, we’re gonna show you XSS (Cross Site Scripting) and XFS (XSS From SQLi) bugs on some Indo TV Stations Websites.
As you might already know that Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack everything looks fine to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss (Taken from wikipedia).
Read more…
August 10, 2009
Posted by: Joy : Category:
Web Development
The view-source protocol is a URI scheme used in HTML to display the source code of a web page. Firefox and Internet Explorer both supported the view-source protocol, but support was dropped from Internet Explorer in Windows XP SP2 due to security problems. Firefox also suffered a similar security issue (by combining the view-source: and javascript: protocols), but still supported the protocol in Firefox 1.5 after being fixed.
In 2009 a new discovered bug was fixed in Firefox 3.0.9. Additionally, the protocol is also supported on google chrome. OK, let’s just try it, for example, this URL shows the source of crazydavinci home page (try it on firefox or chrome) :
Read more…
April 09, 2009
Posted by: Joy : Category:
Vulnerability
In my country, we can easily find lots of bugs on some big education institution websites, lets just say ITB (Institut Teknologi Bandung), UGM (Universitas Gadjah Mada), UI (Universitas Indonesia) or maybe like IPB (Institut Pertanian Bogor/Bogor Agricultural University). How could they miss it while in case they have quite good standard in computer and information technology, they have Computer Science Faculty, havent they? I can even still remember about the sql injection thingy on IPB site last two months a go. It’s a good thing they have fixed the bug, but if i’m not mistaken, it took them around one or two week to fixed it since we informed them about it, lolz.. Where’s the admin anyway?
OK, let’s just go straight to the topic, XSS. Here are some examples of their XSS thingy :
Read more…
