hacker safe
Here's a little clip showing a cross site scripting attack against a " Hacker safe" site. This has been the subject of a lot of news lately. Our very own ReL1k had this to say in a recent artical. Just thought this may be of some interest to security professionals who deal with web applications.
Heh, thats nice. Such a simple line of code, such an after affect that it causes.
When a company puts a 'Hacker-Safe' badge on it's site it gives people a false sense of security. Unless otherwise stated within their Terms and Conditions/Agreement [if any], stating that you will be 'hacker safe'; you could sue them.
Yeah true what The_Deny says, but american laws are different than other laws in
the world. Keep in mind it is a lot harder to win a case when it gets outside USA.
We don't sue here except if there's a really good reason. :P
But if the site had very personal informations on it, i bet the site would get sued. =)
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
If Hillary wins, let me know where you are. I might defect.Originally Posted by MaXe Legend
Yeah true what The_Deny says, but american laws are different than other laws in
the world. Keep in mind it is a lot harder to win a case when it gets outside USA.
We don't sue here except if there's a really good reason. :P
But if the site had very personal informations on it, i bet the site would get sued. =)
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
A girl for president? C'mon even though i don't live in usa, i heard Bill Clinton is going
for president too wtf? How many is he going to have sex with this time i'm just wondering.. ;D hehe
Edit:
Okay, i forgot he didn't sleep with anyone except his wife
Edit:
CIA came and blasted my door in, i've taken over one of their computers... xD
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
What's wrong with that, Germany has a female chancelor too.
Oh wait, now I know what's wrong ...
Tiocfaidh ár lá
Appreciate it
Appreciate the shout-out! It's ridiculous, its a Nessus Scan for vulnerability identification. They don't even touch the web application layer...One of the clients we were working for has XSS on their main search bar on the main page. Ended up completely compromising that same site through SQL Injection and gaining a reverse shell outta em. The "shields" are now more of a target then a compensating control.
Obviously, whomever is running HackerSafe, needs to hire better Hackers.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
"...HackerSafe Announces they are changing their name to ScriptKiddie and emo Safe... "
Nobody is safe from those emo kids..
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
Posting Permissions
