After announcing a breach of payment information and an audit from a leading security firm, GoGrid's enhanced login page contained a cross-site scritping vulnerability that ... Continue ReadingStealing Bitcoins Django info leak
The Django admin in releases 1.1.2, 1.2.3 and earlier have a information leakage vulnerability.
Here is a theoretical setup, similar to the video to explain ... Continue Reading
Nagios XI 2009R1.2B is vulnerable to multiple cross-site request forgery (CSRF) vulnerabilities. All of the privileged actions tested were vulnerable to CSRF.
Exploiting the identified ... Continue Reading
rd.io is a bad ass music app. When it first released I didn't have a beta invite. Everyone it seemed was talking about it, but ... Continue ReadingGowalla Decloak
This video should be pretty self explanatory. Gowalla gives users the option to make private passports (profiles) so that only their friends can see checkins ... Continue ReadingMiFi GeoPwn Ustream.tv Show Pwn
Hey look everyone, yet another demonstration of how cross-site scripting (XSS) can be used for evil. This time we find ourselves at ustream.tv and yet ... Continue ReadingCloudKick Takeover
This video demonstrates a flaw found in a large number of sites. It still makes me chuckle that the cloud is supposed to be this ... Continue ReadingKayako SupportSuite
Here is a quick video demonstrating a fun cross-site scripting I found in Kayako SupportSuite. It shows an interesting side of XSS that scanners rarely ... Continue ReadingRackspace Cloud Rackspace
Ever wanted to know what somebody is hiding in their Rackspace cloud files account? The vulnerability that is demonstrated here is cross-site scripting (xss) due ... Continue ReadingBasecamp 0wn3d
So it's possible to compromise a Basecamp account when the victim, with a valid session, clicks on a link. I think this is a bad ... Continue ReadingOpen-Realty Takeover
Open-Realty combined with a misconfigured web server provides for a really bad day if an agent goes rogue or if an agents account is compromised. ... Continue Reading