Filed under IT – Security

XSS 3

 the CGI simply responds, “No information for dinosaur.” However, this result is more interesting than the previous one from the point of view of cross-sitescripting. Nowhere in the previous query (apart from in the rows of the result set) did the keyword we search for appear in the dynamic page returned by the CGI. However, searching … Continue reading

XSS

Detecting Cross Site Scripting vulnerabilities in web applications Cross Site Scripting vulnerabilities allow attackers to spoof content, steal user cookies, and even execute malicious code on the user’s browsers. There are even advanced exploitation frameworks such as Beef that allow attackers to perform complex attacks through JavaScript hooks. Web pentesters can use Nmap to discover these vulnerabilities in web servers in an automated manner. … Continue reading

Password hashing –

If the password is plain, using a network monitor tool can ‘snip’ it out. Unix has salt, Windows does not. As a result it is easy to guess the password. Even though the algorithm is strong, they will always encrypt to the same if password is the same. Also you can ‘guess’ the password using … Continue reading