I declare Bagel_Blog4.0 ACTIVE!

2009-05-03 01:05:45 • Full Post / Permalink

I hereby declare that humanbagel.com v3.0 and Bagel_Blog4.0 officially live!...

Read More

Logout CSRF = new annoyance

2009-05-03 01:05:17 • Full Post / Permalink

Fri, 10 Apr 09 18:39:40 -0600

Observe:
Log Out of Myspace

Didn't see anything?
Good. You are now logged out of MySpace.

Juvenile, yes, but it highlights a problem with many websites security: CSRF (Cross Site Request Forgery).

Basically, I just made a .htaccess file that redirects a random image to the myspace logout page and made the image invisible.

I could have just pasted the url into the src attribute, but this method is much more useful because











...

Read More

Hidden CSRF, common but deadly

2009-05-03 00:05:57 • Full Post / Permalink

Fri, 03 Apr 09 19:19:35 -0600

CSRF, or Cross Site Request Forgery is a simple exploit where an html form is made to automatically make a fraudulent request to another website.

A simple example script:


<form action="http://example.com/users/changepassword.jsp" method="post>

<input type="hidden" name="newpassword" value=[[new password]]">

</form>

<script> document.forms[0].submit();</script>



Simply, this script will automatically
















...

Read More

Why I don't like cPanel anymore

2009-05-03 00:05:56 • Full Post / Permalink

Thu, 12 Mar 09 17:06:33 -0600

My server (run by HostGator) has cPanel installed by default.

For those of you that don't know, cPanel is a server management software that makes normal server tasks very, very simple.

For example, if I wanted to password protect a directory, or make a sub domain, it is just a few clicks away. This is highly convenient.

However, in all my life, all my pen testing, all my hacking life, I have never seen a more critically vulnerable web application.

Honestly, where do I begin?









...

Read More

How I hack numerous computers with my iPod

2009-05-03 00:05:36 • Full Post / Permalink

Sun, 01 Mar 09 17:33:55 -0700

Most people think hacking with an iPod is absurd. Much less rooting a network and compromising all the computers on it, however this is much more simple than anyone would like to believe.

No, my iPod Touch is not hacked or modified in any way (anymore) and there is no special app that I use.

I simply do it with the default Safari browser.

How?

Well, I go to a public place, a restraunt, coffee shop, tea shop, whatever. Any place with open wifi.

I then type "192.16











...

Read More


1,2,3,4,5,6,7,8
 
Post A Comment!