2007 February ~ mybeNi websecurity, web security and hack stuff.

Archive for February, 2007

A Swedish Thing..websecurity

Saturday, February 17th, 2007

Jesper wrote an article about the issues I described in the last posts, regarding several security vulnerabilities in Swedish news sites, ironically some even on the same document with login forms. But - thumbs up - they fixed the issues within one (I’m writing “1″ !) day thats even faster as Google fixing the XSS [...] Read on »

A Swedish Thing..
has been posted in Websecurity, Full Disclosure | No Comments »

Swedish news sites disappointwebsecurity

Saturday, February 17th, 2007

The past few days I had a nice email conversation with Jesper Lind, a Swedish web developer and he was wondering about the security (with an special focus on XSS) of some popular Swedish websites. Of course I directly asked him to give me a list of the most popular ones in order to have a [...] Read on »

Swedish news sites disappoint
has been posted in Full Disclosure | 1 Comment »

How to play with an Wordpress Adminwebsecurity

Saturday, February 17th, 2007

Just found some XSS which could affect every Wordpress.com Blog Admin out there, the link’s on the bottom of this Post. Some hours later I stumbled over another interesting flaw, a Redirection Script inside Wordpress, just add /wp-login.php?action=logout&redirect_to=http://mybeni.tk to the blog root and you can send people anywhere you want (I’m sad this doesnt work with the [...] Read on »

How to play with an Wordpress Admin
has been posted in Websecurity, Full Disclosure | No Comments »

PHP: Nur Zahlen als Parameterwertwebsecurity

Saturday, February 17th, 2007

Die Funktion preg_replace() in PHP kann anhand von Regulären Ausdrücken Veränderungen an einer Variable vornehmen. Mit 2 Zeilen Code filtert sie bereitwillig alles bis auf Zahlen aus einer Variable und raubt einem Angreifer somit jede Chance, mit seinem Schadcode bis zur Datenbank (bei SQL-Injection) oder bis zum User (bei XSS) vorzudringen. <?php /* ‘id’ wurde [...] Read on »

PHP: Nur Zahlen als Parameterwert
has been posted in Programming, Websecurity | No Comments »

Yahoo indexes XSSwebsecurity

Saturday, February 17th, 2007

Just had a look at the SERPs for mybeNi on Yahoo and I noticed that their robot indexed a couple of XSS demonstration links on my homepage, pretty interesting: Yahoo .com search results directly pointing at XSS Flaws –beNi Read on »

Yahoo indexes XSS
has been posted in Websecurity | No Comments »

Hello world!websecurity

Friday, February 16th, 2007

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging! Even Seoblackhat.com is linking me, thats great! –beNi Read on »

Hello world!
has been posted in XSS List, Websecurity, Full Disclosure | 1 Comment »

web securitymybeNi websecurity

Archive for February, 2007

A Swedish Thing..websecurity

Swedish news sites disappointwebsecurity

How to play with an Wordpress Adminwebsecurity

PHP: Nur Zahlen als Parameterwertwebsecurity

Yahoo indexes XSSwebsecurity

Hello world!websecurity

Categories

Old Web Security Posts

Tutorials

Blogroll

Top Incoming Searches (194)

Google Traffic (7 days)