Benjamin Flesch = definitely rocks.”> 2007 March ~ mybeNi websecurity, web security and hack stuff.

web securitymybeNi websecurity

Archive for March, 2007

 

Digg, Delicious, Netscape & Technorati Hackedwebsecurity

Saturday, March 31st, 2007
or “A Javascript To Rule Them All“ LMAO I didn’t look at the date, excuse me but this is no April Joke Hello visitor! I am very proud to present you the work I’ve done during the last few months: The Creation of a new XSS Worm affecting the popular Social Bookmarking and Blogging [...] Read on »

Digg, Delicious, Netscape & Technorati Hacked
has been posted in Programming, XSS List, Websecurity, Full Disclosure | 11 Comments »

Alexa Top50 XSS, possible? (Update)websecurity

Wednesday, March 28th, 2007
Hello World, for a future project I’ll release within the next two weeks, I am going to search XSS vulnerabilities in Alexa’s 50 most popular homepages out there. My approach will be documented here, let’s see how far I’ll get UPDATE: Only 19 homepages left! yahoo done by potti MSN Google YouTube done by potti MySpace done Windows Live Orkut Microsoft Megaupload done Blogger Ebay done hi5 done Rapidshare Facebook Amazon [...] Read on »

Alexa Top50 XSS, possible? (Update)
has been posted in XSS List, Websecurity, Full Disclosure | 5 Comments »

hi5 Antiphishing Departement (Update)websecurity

Saturday, March 24th, 2007
This evening I was searching for another “Social Community Platform” to abuse err… play with, and I found hi5, Alexa’s current #17 in traffic raking. After some time I had set up a fresh user account and a couple of minutes later I found the first XSS vulnerability, which allowed me to execute my own Javascript [...] Read on »

hi5 Antiphishing Departement (Update)
has been posted in Programming, Websecurity, Full Disclosure | 2 Comments »

One-time executing JavaScript Payloadwebsecurity

Wednesday, March 21st, 2007
Lately I was preparing a larger hack and I needed a Javascript code which is executed only once per user and IP address, no matter how often the box is going to visit my homepage. I haven’t seen such a script anywhere before, so I thought sharing my solution with others who might have the [...] Read on »

One-time executing JavaScript Payload
has been posted in Programming, Websecurity | 2 Comments »

myspace Antiphishing Departementwebsecurity

Saturday, March 17th, 2007
In the last few months, very many social networking sites added features allowing the users to create a custom link to their profiles, for example having URLs like http://www.myspace.com/<yournickgoeshere> for user <yournickgoeshere>’s profile. Overall, a pretty nice idea, but huh? What if someone would use this for bad purposes? Would you trust content placed at a [...] Read on »

myspace Antiphishing Departement
has been posted in Websecurity | 3 Comments »

GMail Information Disclosurewebsecurity

Wednesday, March 14th, 2007
Some time ago whilst playing around with some of the Google Services, I found a pretty nice XML document which is revealing very much information about the user who is currently logged in. That means: All Contacts you’ve ever mailed (Name and Email address) Your Google Authentication Token (!!) A boolean variable telling if there’s someone logged in [...] Read on »

GMail Information Disclosure
has been posted in Websecurity, Full Disclosure | 16 Comments »

Google Traffic (7 days)

250
200
150
100
50
196
190
190
199
219
173
119
38.107.191.100