Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: hacker safe

  1. #1
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default hacker safe

    Here's a little clip showing a cross site scripting attack against a " Hacker safe" site. This has been the subject of a lot of news lately. Our very own ReL1k had this to say in a recent artical. Just thought this may be of some interest to security professionals who deal with web applications.

  2. #2
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Heh, thats nice. Such a simple line of code, such an after affect that it causes.

    When a company puts a 'Hacker-Safe' badge on it's site it gives people a false sense of security. Unless otherwise stated within their Terms and Conditions/Agreement [if any], stating that you will be 'hacker safe'; you could sue them.

  3. #3
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Yeah true what The_Deny says, but american laws are different than other laws in
    the world. Keep in mind it is a lot harder to win a case when it gets outside USA.

    We don't sue here except if there's a really good reason. :P
    But if the site had very personal informations on it, i bet the site would get sued. =)
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by MaXe Legend View Post
    Yeah true what The_Deny says, but american laws are different than other laws in
    the world. Keep in mind it is a lot harder to win a case when it gets outside USA.

    We don't sue here except if there's a really good reason. :P
    But if the site had very personal informations on it, i bet the site would get sued. =)
    If Hillary wins, let me know where you are. I might defect.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  5. #5
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    A girl for president? C'mon even though i don't live in usa, i heard Bill Clinton is going
    for president too wtf? How many is he going to have sex with this time i'm just wondering.. ;D hehe

    Edit:
    Okay, i forgot he didn't sleep with anyone except his wife

    Edit:
    CIA came and blasted my door in, i've taken over one of their computers... xD
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  6. #6
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    What's wrong with that, Germany has a female chancelor too.

    Oh wait, now I know what's wrong ...
    Tiocfaidh ár lá

  7. #7
    Member
    Join Date
    Feb 2006
    Posts
    167

    Default Appreciate it

    Appreciate the shout-out! It's ridiculous, its a Nessus Scan for vulnerability identification. They don't even touch the web application layer...One of the clients we were working for has XSS on their main search bar on the main page. Ended up completely compromising that same site through SQL Injection and gaining a reverse shell outta em. The "shields" are now more of a target then a compensating control.

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Obviously, whomever is running HackerSafe, needs to hire better Hackers.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Quote Originally Posted by streaker69 View Post
    Obviously, whomever is running HackerSafe, needs to hire better Hackers.
    "...HackerSafe Announces they are changing their name to ScriptKiddie and emo Safe... "

  10. #10
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by BOFH139 View Post
    "...HackerSafe Announces they are changing their name to ScriptKiddie and emo Safe... "
    Nobody is safe from those emo kids..
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •