Hey look everyone, yet another demonstration of how cross-site scripting (XSS) can be used for evil. This time we find ourselves at ustream.tv and yet ... Continue Reading
CloudKick TakeoverThis video demonstrates a flaw found in a large number of sites. It still makes me chuckle that the cloud is supposed to be this ... Continue Reading
Kayako SupportSuiteHere is a quick video demonstrating a fun cross-site scripting I found in Kayako SupportSuite. It shows an interesting side of XSS that scanners rarely ... Continue Reading
Rackspace CloudThis video is a follow-on to the previous Rackspace cloud video on stealing Rackspace API keys using XSS.
In the Rackspace cloud when you ... Continue Reading
Ever wanted to know what somebody is hiding in their Rackspace cloud files account? The vulnerability that is demonstrated here is cross-site scripting (xss) due ... Continue Reading
Basecamp 0wn3dSo it's possible to compromise a Basecamp account when the victim, with a valid session, clicks on a link. I think this is a bad ... Continue Reading
Open-Realty TakeoverOpen-Realty combined with a misconfigured web server provides for a really bad day if an agent goes rogue or if an agents account is compromised. ... Continue Reading
evilpacket is an awesome public service of nGenuity Information Security. Note: not actually evil.
Site by &yet Web Design