1. Adikteam 3Xss / Acapulco 2011.


    from Nosekoner / Added

    144 Plays / / 0 Comments

    + More details
    • Apps.ccbill.com XSS Vulnerability


      from Osman Dogan / Added

      26 Plays / / 0 Comments

      + More details
      • A Tale of an Unbreakable, Context-specific XSS Sanitizer


        from Deepsec Conference / Added

        At DeepSec 2014 Ashar Javed (Ruhr University Bochum) presents a way to sanitise XSS: „Cross-Site Scripting - `An epidemic` nowadays, developers' nightmare, but my love. This talk will present an unbreakable, context-specific (supports five common contexts i.e., HTML, script, attribute, URL and style), practical and easy to use XSS sanitizer. For HTML, script, attribute and style context, I only control 11 meta characters and for URL context, 3 regular expressions and `JOB DONE`. But before telling you that 78,000+ recorded XSS attack attempts were unable to bypass the sanitizer in five common contexts ... this talk will present context-aware XSS attack methodology and then I will show how I leverage the attack methodology for the development of an unbreakable sanitizer. In fact, I will demonstrate that by looking at the context-specific attack methodology (e.g., XSS attack methodology related to `style` context is a four step process), even a child can code this sanitizer. I will also share the logs of 78K+ XSS attack attempts. The timing, mutation, script-less, browser quirks and Unicode tricks fail here.“

        + More details
        • Attaques cross-domain


          from Luca De Feo / Added

          5 Plays / / 0 Comments

          Applications Web et Sécurité (Cours M1 Informatique) defeo.lu/aws Amphi du 16 avril 2014

          + More details
          • BeEF RESTful API Demo


            from Heather / Added

            27 Plays / / 1 Comment

            This is a video demonstrating the REST functionality of BeEF to get browser information, send modules, and check results via command line. For more information about BeEF, check the blog at http://blog.beefproject.com or https://www.github.com/beefproject

            + More details
            • Before and After: Installing Prevoty Plug-In for Java


              from Prevoty / Added

              174 Plays / / 0 Comments

              Prevoty Plug-ins enable enterprises to give existing published, legacy and third party applications an injection of security without requiring access to source code or having developers make any changes to the applications whatsoever. Using a Java app as an example, Prevoty CTO Kunal Anand demonstrates how easy it is to implement the Plug-In: a single install script will add Prevoty capability to the application - for Java this is implemented via a servlet filter.

              + More details
              • Browser exploitation with BeEF and Metasploit


                from Michele "antisnatchor" Orru' / Added

                1,585 Plays / / 0 Comments

                Presented the 20th January 2010 during my latest security seminar at Ludwig MaximiliansUniversität in München (Germany). It shows how to combine BeEF and Metasploit to exploit some Internet Explorer 6 bugs and take full control of the victim machine that runs the vulnerable browser, all in an semi-automated and fashion way.

                + More details
                • Cloud Penetrator Vulnerability Scanner Information


                  from secpoint / Added

                  5 Plays / / 0 Comments

                  http://www.secpoint.com/cloud-penetrator.html Learn more about SQL Injection XSS Cloud Penetrator Vulnerability Scanner

                  + More details
                  • Cloud Web Vulnerability Scanner


                    from secpoint / Added

                    9 Plays / / 0 Comments

                    http://www.secpoint.com/cloud-penetrator.html Cloud Web Vulnerability Scanner New Version released SQL Injection Xss Cross SIte Scripting

                    + More details
                    • Cracking into Drupal - XSS Demo


                      from Ben Jeavons / Added

                      5,411 Plays / / 1 Comment

                      A Cross Site Scripting (XSS) demo on Drupal. A malicious user is allowed to enter Javascript into comments that is not filtered when output. An administrator views the malicious comment and the Javascript executes on their browser, changing admin-only settings like passwords and puts the site offline. Be sure to audit your configuration for what untrusted visitors (like anonymous) are allowed to do. If they're allowed to use the Full HTML input format then your site is vulnerable. Read the blog post at http://drupalscout.com/knowledge-base/anything-you-can-do-xss-can-do-better

                      + More details

                      What are Tags?


                      Tags are keywords that describe videos. For example, a video of your Hawaiian vacation might be tagged with "Hawaii," "beach," "surfing," and "sunburn."