Exploitation

Tue
28
Feb

XSS Attacks FAQ

Contributed by Aelphaeis Mangarae a.k.a. Chris Morganti

XSS attacks are becoming a big problem and are going to become an extremely big problem if people do not educate themselves about XSS attacks and vulnerabilities, XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites, a lot of administrators fail to pay attention to XSS attacks because they either don't know much about them or they do not see them as a threat, an XSS vulnerability when exploited by a skilled attacker or even a novice can be a very powerful attack. This paper details XSS attacks and hopes to educate you on what they are, how attackers use them and of course how you can prevent them from happening.

This document is in PDF format. To view it click here.

Tue
28
Feb

Understanding Cross Site Scripting

Contributed by Hardik Shah

There are many techniques which a intruder can use to compromise the web applications. One such techniques is called XSS or CSS or cross site scripting. With the help of such vulnerability intruder can easily use some social engineering trick to PHISH the important data of a user. It can also invoke an automated script to perform some operations.

In this article I will try to show you how such attacks are performed and what precautions you need to maker sure that you don’ t lost you valuable details and other important information.

This document is in PDF format. To view it click here.

Mon
22
Aug

Hacking Techniques: Web Application Security

Contributed by Shynlie Simmons

This paper focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. The paper will define a web application and discuss the architecture of the web application, as it will explain the multiple tier theory. The paper will discuss security in web applications and will look at basic rules in information security planning. The paper will look at seven steps in web application hacking and the top ten vulnerabilities that criminals can exploit in order to gain access and take control of a computer system. It is hoped that security professionals will take a close look at this seriously dangerous security risk in order to help close the security holes that could and do exist in web applications.

Mon
11
Apr

Google UI-Redressing Bug That Discloses The User's Email Address

Contributed by Mazin Ahmed

In this post, I will be talking about an interesting bug that affects Google Blogger. This security bug has been left undiscovered since almost 2007. The bug allows an attacker to trick the victim into revealing his email address using UI-Redressing techniques.

This document is in PDF format. To view it click here.

Fri
08
Apr

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

Contributed by Mazin Ahmed

NoScript Security Suite is a powerful security add-on for Firefox, Seamonkey and other Mozilla-based browsers. Its main task is to block Javascript, Flash, Java, as well as many other plugins from executing untrusted code on the user’s browser through blocking it and only allowing certain trusted whitelisted sites.

This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Exploitation