|
As you may have noticed here through our partner website news, a 17-years old promoted his own website (StalkDaily) through a JS worm that infected several profiles in the Twitter network.
The author released a short interview for BNO News where he claims the responsability for the worm activity and explain few things. You can now find the Worm source code in our Worms Database to view and analize it. The XSS Cheats section has been just lightly updated with a couple of new features included you can now:
• Use the "export list" function which permits you to get the whole list of published XSS vectors submittes by the users, useful for fuzzing for example, • You can now test with the "Test it!" link each vector in the page and check how it acts towards a real XSS vulnerability. Enjoy and have fun! and Merry (late) Christmas and Happy new Year! ;-) I wanted to remind everyone that submission of websites' vulnerabilities will be rejected since they are not in-line with our publishing policies: we ONLY accept advisories concerning Applications flaws such as CMS, Forums, Wikis and every WebApp that is public and released.
If you want to notice a vulnerability in a specific website you can submit your discover to our partner's website: www.xssed.com. Thank you for your comprehension.A new version of Seride (SEssion RIding DEfender), a PHP library for CSRF prevention, as been released and hit the 0.2 status point.
This new version introduces several new features and fixes stated in the CHANGELOG file as following:
You can find additional infos on the project and the download link at the following address: TheDefaced.org team contacted our partner XSSed.com to communicate their last discovered vulnerability in the well-known Justin.TV broadcasting website and have released a JavaScript Worm that is presented by XSSing.com in our XSS Worms section.
Here's a statement from XSSed news about the discovery:
You can find the Worm source code at this address: http://www.xssed.com/news/75/Justin.tv_non-malicious_cross-site_scripting_worm/ After an inactive period the forums are finally back with some fix and modifications in order to make it more useable from all the users that alwawys proved their support to XSSing.com and its activities.
The spam issue has always ruined the forum activity so now it's up with two new features that should help in this way: It will probably get some false positive and disable legitimate posts and ban unguilty users: if this happens to you just contact us and clarify the problem and we'll restore your account. Hope you enjoy and strike back to the forum!Stay tuned. Today a new vulnerability advisorie on PunBB Password Change and Cross Site Scripting has been published.
As you may know our Forum is using that Bulletin Board and in order to keep the data safe we already updated the software to the latest patched version 1.2.17, which solved this and other security issues affecting the previous versions. The Cascading Style Sheet files will be restored within today, but if you notice any malfunctioning feel free to contact us.With the new update of the website a new important feature has been added: RSS Feeds for the most important sections.
It was already planned from the beginning of the development but has been introduced only now for timing problems; the sections are: - News - XSS Cheats - XSS Worms - Docs - Vulns
You can find an "RSS" link on the top-right corner of each page featuring it. Gnuciticen is organizing a Routers Hacking Challenge open to everyone interested in joining it!
It simply consists in a very flexible challenge where anyone can submit their discoveries about their own home Routers security flaws: Buffer overflow, XSS, CSRF.. everything is allowed! |
◊
Login
"></title><script>al... by sisos
>"><script>alert(/xss/)... by sisos
" style="background:url(javasc... by sisos
>"'><img src="ja... by sisos
<img src='java\nscript:alert(\&q... by fallingmidget
Clickjacking: beware the click added by Nexus
Listed below are the latest discovered websites' XSS flaws from xssed.com:
|
