Archive for the ‘Security’ Category

July 5, 2011 0

Fuzzers!

By in Honeypot, Security

Quick Honeypot Update ADDED: Completely new layout to match my main site. I also broke the page down into sub-section for a few reasons such as readability and reducing the server load. ADDED: A new section called Top commands issued which, as the name implies, outputs a list of the top 30 commands issued! Handy [...]

Tags: , , ,

June 22, 2009 3

domRecon Tool

By in Networking, Security

I have decided to port a script I done in C to PHP which I have made available online. I called it domRecon, it basically “hunts” for sub-domains for a domain that you provide. It works by trying to get lucky by preforming a DNS zone transfer (AXFR) but on most domains this will fail. [...]

Tags: ,

March 6, 2009 0

Star Article Vulnerability

By in Security

Star Article is a “Ready to use article, news, joke, tutorial site script with more features than you can think of”. Leads to full administration rights on the CMS admin panel via insecure cookie handling. Name – admin_user Content – admin Path – / Proof of Concept: javascript:document.cookie=”admin_user=admin; path=/” Vendor was contacted three times over [...]

Tags: ,

March 5, 2009 0

PHP SiteLock Vulnerability

By in Security

PHP Site Lock A highly secure website (Ed: haha) login script which has features like User Authentication & Management, Website Password Protection , protection of pdf , images , etc. The Vulnerability leads to full administration rights of the admin panel. Proof of Concept: javascript:document.cookie=”user_type=admin; path=/” javascript:document.cookie=”login_name=admin; path=/” javascript:document.cookie=”login_id=0; path=/” Vendor was contacted three times [...]

Tags: ,

March 3, 2009 0

Million Dollar Text Links Vulnerability

By in Security

Next up is Million Dollar Text Links which is a link exchange application. No authentication checks on the admin home page allows anyone to just browse to the admin contol panel and bypass the login procedure. This will allow full access to the admin panel. Proof of Concept: http://sitename[applicationpath]/admin.home.php Vendor was contacted twice over a [...]

Tags: ,

Older Entries
Newer Entries