!!! It is in the public's best interest to make our
findings accessible to vast majority of people, simply because it is proven
that the more people know about a certain problem, the better.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org http://www.hakiri.com
- http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
this means a lot today :) if you haven't noticed!
On Nov 8, 2007 10:00 PM, silky [EMAIL PROTECTED] wrote:
On 11/9/07, pdp (architect) [EMAIL PROTECTED] wrote:
well this XSS can lead to so much data being stolen that it is not even
funny!
orly?
--
pdp (architect) | petko d. petkov
/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure
comments inlined
On Nov 5, 2007 12:07 AM, reepex [EMAIL PROTECTED] wrote:
On Nov 4, 2007 4:43 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
lets say 1 servers are running a vuln ftpd and another 1 are
running
the same open source web app. Which would you rather have
.
any bug that requires another (form of) bug to be useful or that requires
user interaction is inherently weaker then then other any time bugs like
bof/sql injection/whatever
On Nov 4, 2007 5:16 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
well valid point. XSS can alway be used
7424 6122 BB83 B8CB
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
[EMAIL PROTECTED] wrote:
Pdp architect and I have been emailing back and forth about whether xss has
a place in fd, bugtraq, or the security research area at all. He decided
that we should start a discussion about in on here and gets peoples
unmoderated opinion. This discussion should
in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http
comments inlined...
On Nov 4, 2007 9:26 PM, reepex [EMAIL PROTECTED] wrote:
i seemed to reply to nexxus as you were writing your original reply which
ive since replied to. about this email though...
On Nov 4, 2007 3:13 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
XSS today is where
11:07 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 11/4/07, reepex [EMAIL PROTECTED] wrote:
On Nov 4, 2007 3:13 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
This
is not very offline.
So you are taking peoples offline conversations and posting them
against their wishes?
Are you
as valid as well.
Nate
Sent via BlackBerry from T-Mobile
-Original Message-
From: reepex [EMAIL PROTECTED]
Date: Sun, 4 Nov 2007 13:26:17
To:full-disclosure@lists.grok.org.uk, pdp (architect) [EMAIL PROTECTED]
Subject: [Full-disclosure] on xss and its technical merit
Pdp
comments inlined! I have to cuz you inlined yours
On Nov 4, 2007 9:04 PM, reepex [EMAIL PROTECTED] wrote:
On Nov 4, 2007 2:41 PM, pdp (architect) [EMAIL PROTECTED]
wrote:
1) XSS isnt techincal no matter how its used
Also, as buffer overflows and other attacks, which are more or less
requires of you?
[1] http://seclists.org/dailydave/2007/q4/0016.html
On 10/14/07, pdp (architect) [EMAIL PROTECTED] wrote:
I really don't know what you refer to as an exploit.. :) and more
over, it is obvious that you have a lack of knowledge on what's more
valuable nowadays. don't
you win man... I must have been mad to challenge you... check this
out.. you are my hero of the day:
http://www.gnucitizen.org/about/pdp#comment-58407
On 10/14/07, phioust [EMAIL PROTECTED] wrote:
On 10/14/07, pdp (architect) [EMAIL PROTECTED] wrote:
military grade exploits? :) dude, I am
in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http
: pdp (architect) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 10, 2007 4:15 AM
To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]
Subject: Remote Desktop Command Fixation Attacks
http://www.gnucitizen.org/blog/remote-desktop-command-fixation-attacks
Security in depth does not exist
into a balanced mix which as you said, while under attack, it
does not give away the keys to the kingdom.
thanks
On 10/11/07, gboyce [EMAIL PROTECTED] wrote:
On Thu, 11 Oct 2007, pdp (architect) wrote:
Thor, with no disrespect but you are wrong. Security in depth does not
work and I am not planning
. Hope that this is useful and at
the same time eye opening, not that it is something completely
amazing. But it does work and it works well.
cheers.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe
at CITRIX to react. Currently, I am not aware of any remedy
against the attack. Given CITRIX's popularity among corporations and
big organizations, it is highly recommended to take this warning with
extra caution.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
hurt :)
--Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced
from Satellite Nothing but the Internet
- Original Message
From: pdp (architect) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Sent: Thursday, September 20, 2007 6
Adobe Reader 8.1, although previous versions and
other setups are also affected.
A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure
My upcoming research feature everything regarding this and the issue you
have
already discussed.
really :).. which one... the one from last year?
On 9/20/07, Aditya K Sood [EMAIL PROTECTED] wrote:
pdp (architect) wrote:
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
I am closing
back online... too many visitors lately
On 9/19/07, Rahul Mohandas [EMAIL PROTECTED] wrote:
Could someone send me the POC's please if you have a local copy.
Gnucitizen.org is not accessible for me.
Thanks
- Original Message -
From: pdp (architect) [EMAIL PROTECTED
://www.gnucitizen.org/projects/backdooring-windows-media-files/poc02.asx
On the other hand Media Player 11 (Vista by default) is not exposed to
these attacks.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe
to latest available from M$ Update.
Sincerely,
Aras Memisyazici
IT/Security/Dev. Specialist
Outreach Information Services
Virginia Tech
-Original Message-
From: pdp (architect) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 18, 2007 11:58 AM
To: [EMAIL PROTECTED]; full-disclosure
are after your money not your pictures or
school essays. Think about this for a second.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
for demonstration and more information how the
exploit works.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
guys can find a XSS issue on
your site/application - they can and they will. The question is what
sort of things they can do with it.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http
techniques that are
described within the story context.
Cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
suggest to contact the Facebook straightaway.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
http://www.gnucitizen.org/blog/intel-video-ad-on-security-directed-by-christopher-guest
the video is quite interesting I must say.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http
]
___
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
://www.owasp.org
On 7/21/07, pdp (architect) [EMAIL PROTECTED] wrote:
Hi there,
GC has released a new version of XSSDB
(http://www.gnucitizen.org/xssdb). The current version contains an XSS
testing tool which is there to try each payload against the
applications your are testing. You can
sure hope that corporate does
not go this route.
Regards,
George
Greenarrow1
InNetInvestigations-Forensic
- Original Message -
From: pdp (architect) [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk; OWASP Leaders
[EMAIL PROTECTED]; WASC Forum [EMAIL PROTECTED]
Sent
queries while being logged into Google or you have the
Google Browser Toolbar installed.
I am not saying that GOOGLE is bad. All I am saying is that someone
can use this interface to harm others. It makes the process so much
easier.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
for the following couple of weeks.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Message -
From: pdp (architect) [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk; OWASP Leaders
[EMAIL PROTECTED]; WASC Forum [EMAIL PROTECTED]
Sent: Saturday, July 21, 2007 2:04 AM
Subject: [WEB SECURITY] digital stalking, Google SearchHistory RSS Interface
http://www.gnucitizen.org
and also find new vulnerabilities on
their own.
Don't be evil. Use the POC for educational and demonstration purposes only.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http
,
I am not responsible for your actions.
I am planning to write a follow up post on how we can make basic
client-side XSS scanner on the top of this spider, so stay tuned.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure
* Circumvent the ignorance
* CSO's nightmare
very interesting!
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
:)
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
that shows
what can be achieved with minimal efforts and good understanding of
Web2.0 engineering. Drop us an email or leave a comment on post, to
tell us what do you think.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full
brought some interesting points. Hava a look. Cheers.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
Conference
2007 in Italy. The articles covers:
Yahoo Pipes
Dapper
Feed43
Zoho Creator
Google Reader
enjoy
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
and in general
provide the best quality of service available today. We are proud of
what we've got so far.
SECURLS IS NOT A SPLOG. THE SITE RANKING WONT BENEFIT FROM THE
GATHERED/COLLECTED CONTENT.
So, this is it. If you find it interesting, please drop us an email.
--
pdp (architect) | petko d
http://www.gnucitizen.org/blog/one-drop-on-a-spider-web
just another way of doing XSS
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
http://www.gnucitizen.org/blog/a-brief-history-of-myspace
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
Google's dominant position on the global
market, before it is too late. In the months to follow, I am going to
present a serious of posts on how Google has transformed from the
don't be evil search engine company to the true hacker platform.
--
pdp (architect) | petko d. petkov
http
Mayhem article, which was published not that long time ago.
The real question is: if Facebook has access to so much information,
what hackers have access to? Hmmm…
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We
welcome everyone who has ideas
how to stop these types of attacks to do so by sending an email or
posting a comment. We do really need to start thinking about how to
fight back and start developing strategies that can apply.
cheers
--
pdp (architect) | petko d. petkov
http
so by sending an email or
posting a comment. We do really need to start thinking about how to
fight back and start developing strategies that can apply.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We
.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://www.gnucitizen.org/blog/the-web-has-betrayed-us/
http://www.gnucitizen.org/
This is a short explanation of the Advanced Web Hacking talk for
OWASP. The post outlines some of the important aspects that were
covered. There is a lot more into it, but it is a good start I
believe.
--
pdp
:
http://www.gnucitizen.org/blog/2057-the-city
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
hope that you find the post useful.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
http://www.gnucitizen.org/blog/application-layer-anti-virusfirewall
I wrote a small article on application Layer Ant-virus/Firewall
solution that I have in mind. I am not sure if that will be useful to
anyone but it is still an interesting thing to think about.
--
pdp (architect) | petko d
is
possible.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://www.gnucitizen.org/blog/preventing-csrf
I briefly covered how simple it is to prevent CSRF attacks. Hope that
you find it useful.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter
probably there are no attached clients. For testing purposes, open
another browser (different from the one you use for ZombieMap) and
point it to here. Have fun!
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We
.
Thanks.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
:
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability
.aspx
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp
in documenting
some of the features, please contact us.
There is a also a simple bookmarklet that you can use to load
AttackAPI on any page. You can install it from here:
http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
that should be kept in mind.
cheers
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/20070228/steal-browser-history-without-javascript/
-RSnake
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d
catch.
/mz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
to precisely detect whether you are logged into your
router management interface. They can use this hack to detect your
router type and version as well. Based on this information, they might
be able to compromise the integrity of your network.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
I have no idea. I have tested it on 2.0.0.1.
On 2/23/07, Michael Silk [EMAIL PROTECTED] wrote:
On 2/23/07, pdp (architect) [EMAIL PROTECTED] wrote:
http://www.gnucitizen.org/projects/hscan-redux/
doesn't work, win 2k3, ff 1.5.0.9
-- mike
--
pdp (architect) | petko d. petkov
http
as well be quite high or at
least medium.
cheers
On 2/22/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Thu, 22 Feb 2007, pdp (architect) wrote:
michal, is that a feature or a bug? maybe it is not obivous to me what
you are doing but it i feel that it is almost like asking the user
://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://www.gnucitizen.org/blog/firefox-offline
This post is probably totally useless and most likely waste of your
time and my time but it brings some points that you may find
intriguing.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
: namespace.
I did not research them any further, so I can't say if they're
exploitable - but you can see a demo here, feel free to poke around:
http://lcamtuf.coredump.cx/fftests.html
Cheers,
/mz
http://lcamtuf.coredump.cx/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
weird, firefox slowly dies out
t2.html
html
body
iframe src=t1.html/iframe
/body
/html
t1.html
html
body
scriptlocation.hostname=blog.com;/script
/body
/html
On 2/15/07, pdp (architect) [EMAIL PROTECTED] wrote:
the first one runs
://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
try this
input id=foo type=text/
script
setInterval(function () {
document.getElementById('foo').focus();
},1);
/script
:) the address bar is disabled...
On 2/11/07, pdp (architect) [EMAIL PROTECTED] wrote:
phh :), I found something very interesting when testing your IE
example... every time
we want.
On 2/11/07, pdp (architect) [EMAIL PROTECTED] wrote:
try this
input id=foo type=text/
script
setInterval(function () {
document.getElementById('foo').focus();
},1);
/script
:) the address bar is disabled...
On 2/11/07, pdp (architect) [EMAIL PROTECTED] wrote:
phh :), I found
receives a complain that his input is
incorrect. The attacker repeats the process until all required
characters are entered into the FILE INPUT box.
simple.
On 2/11/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Sun, 11 Feb 2007, pdp (architect) wrote:
here is an idea... we can combine both
by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Il giorno ven, 09/02/2007 alle 16.23 +, pdp (architect) ha scritto:
http://www.gnucitizen.org/blog/plain-old-webserver
Must have Firefox Extension that allows you to do all sorts of crazy stuff.
https://addons.mozilla.org/firefox/3002/
--
...oOOo...oOOo
Stefano Di Paola
http://www.gnucitizen.org/blog/the-machine-is-using-us
Interesting video that shows some of the reasons why the web has
become so dangerous
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter
http://www.gnucitizen.org/blog/plain-old-webserver
Must have Firefox Extension that allows you to do all sorts of crazy stuff.
https://addons.mozilla.org/firefox/3002/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full
http://www.gnucitizen.org/blog/playing-in-large
Basically this article is about how to squeeze more data into size
restricted, unsanitized field. This technique can also be used to hide
attackers activities.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
Amit,
:) This is not about who did it first. BTW, your example is broken.
location.search does not include the fragment identifier.
Cheers
On 2/7/07, Amit Klein [EMAIL PROTECTED] wrote:
pdp (architect) wrote:
http://www.gnucitizen.org/blog/playing-in-large
Basically this article is about
Hei Amit,
On 2/7/07, Amit Klein [EMAIL PROTECTED] wrote:
pdp (architect) wrote:
Amit,
:) This is not about who did it first.
Agreed. But it would be nice to receive the credit ;-)
Sorry man. I knew that you have discussed this before I would
definitely give you the credits. :)
BTW
it is mostly usable and quite stable.
If you have a proposal, question, suggestion or correction, please contact us.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
http://www.gnucitizen.org/blog/what-happens-to-your-computer-if-you-mispell-googlecom
it is worth seeing this
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
The purpose of this database is to collect and discuss useful attack
snippets (atoms) which can be employed when performing WEB Application
Security testing.
http://www.gnucitizen.org/topics/atom-database
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
It is simple, It is lame, Yet very interesting. This kind of stuff
rise a lot of questions.
http://www.gnucitizen.org/projects/greasecarnaval
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe
-pdf-xss-after-party/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
]
___
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full
%20%20%20%20%20%20alert(xhr.responseText);};xhr.open('GET',%20'http://www.google.com',%20true);xhr.send(null);
More on the matter can be found here:
http://www.gnucitizen.org/blog/danger-danger-danger/
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
--
pdp (architect) | petko d
no worries, the vulnerability details presented on my blog post were
updated. good work.
On 1/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Quoting pdp (architect) [EMAIL PROTECTED]:
This finding was originally mentioned by Sven Vetsch, on his blog.
This is a very good and quite
and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
just for Christmas, there is a new backframe release:
http://www.gnucitizen.org/backframe/
http://www.gnucitizen.org/projects/backframe/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter
applications and communities protect themselves. This is much
better than just sitting in our comfy chairs and laughing at people's
mistakes.
Many thanks.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe
things start happening.
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
1 - 100 of 132 matches
Mail list logo