Part of Jaimie Sirovich's adventure in SEO, Black Hat SEO, Security
Archived; click post to view.
Excerpt: I guess I think like a hacker, because I thought of this before seeing RSnake's post about finding vulnerabilities with Google Code Search.If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:lang:php (print\(|echo)\s\$_(GET|REQ ...
Part of Jaimie Sirovich's adventure in SEO, Black Hat SEO, Security
Archived; click post to view.
Excerpt: This recent article mentions that XSS and HTML injection are quickly eclipsing the traditional stack smashing and SQL tainting attacks in popularity. But why? I posit that the reason is simple -- XSS & HTML injection vulnerabilities are frighteningly trivial to find. I will dem ...
Part of Jaimie Sirovich's adventure in SEO, Black Hat SEO, Security, Spam
Archived; click post to view.
Excerpt: I was playing around with the What is Hosted on that IP? tool I just published, and some of what I found is a bit scary. I see cases where there are a few relatively legitimate sites nestled on the same IP with hundreds of spammy sites. Needless to say, this is a liability.Suppose I am a ...
Part of Jaimie Sirovich's adventure in SEO, Security
Archived; click post to view.
Excerpt: Most deployed versions of Apache are potentially exploitable, as mod_rewrite has been found to be vulnerable to a stack smashing attack. It is somewhat muted by the fact that only certain rules cause the problem. The vulnerability is caused by an off-by-one error -- the mo ...
Part of Jaimie Sirovich's adventure in Black Hat SEO, Security
Archived; click post to view.
Excerpt: Note: the code for the auditing script is located here.
As a programmer, I cannot stress it enough. What is it? Escaping all data processed by your web application's code! It's a common security issue, but most people are only accustomed to it, these days, in the context of SQL. Every program ...
