Feed on Posts or Comments | Font Size: Decrease Font Size Increase Font Size 19 March 2024

Monthly ArchiveMarch 2007



Phishing &Privacy &Security News &XSS D1m on 28 Mar 2007

Cross-Site Framed?

Have you heard of cross-site framing? The past few days I saw listed on our archive, several websites vulnerable to cross-site framing – listed as frame redirection. I will briefly describe a possible exploitation scenario, concluding with more emphasis on the negative impact that this type of vulnerability can have to the privacy of innocent individuals who are users of the affected websites.

Continue Reading »

Exploits &Penetration Testing &Security Articles D1m on 17 Mar 2007

Pen-Test Paper: How An Internal Network Becomes External

My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios – including network architecture diagrams – and goes into great technical details about them.

Continue Reading »

Exploits &Phishing &XSS D1m on 15 Mar 2007

Internet Explorer 7: Phishing Using Local Resource Vulnerability

Aviv Raff has published on his blog an interesting proof of concept of the vulnerability affecting Internet Explorer v7: a cross-site scripting in the navcancl.htm local resource.

Continue Reading »

Defacements &Security News &XSS D1m on 06 Mar 2007

XSSed.com: What, Who, Why?

The goals of XSSed.com are to provide informative resources on cross-site scripting(XSS) vulnerabilities and exploitation methodologies, and to archive XSS vulnerable websites for statistic purposes. Mirroring websites is a way to prove to vendors and webmasters that the vulnerability really existed – in case of denial. Users will become more aware on protecting themselves on some websites, as XSS vulnerabilities are mostly targeting the users and not the websites.

XSSed.com is also an attempt to spread education and awareness about XSS to IT professionals and amateurs involved or interested in secure web application development.

Continue Reading »