GreaseMonkey:: Web Security Toolkit

By YGN Ethical Hacker Group -

A collection of our Greasemonkey scripts that aim to provide security for you and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility. Send suggestions and bugs via our contact form at our home page. Feel free to modify codes to adapt your need.

  • phpinfo() Security Checker
    Description: Whenver the script detects a phpinfo() page, it fingerprints it for how much secure that phpinfo page. It's a combination of my security thoughts and phpinfosec.com's project. Use it for security and performance issues. Ideal for web masters and web server admins who are a bit confused with phpinfo() page's numberous configuration items.
    Date: July 2008

  • WebPageFingerPrint (aka. Hacking Script)
    Description: Although the initial release v.01 was for fingerprinting web page, this v0.2 version is integrated with JS-file fingerprinting, fuzzing, bruteforcing [version 0.1] WebPageFingerPrinting script without having to view html source. Sometimes, clicking each in WebDeveloper Toolbar is tedious.I'd like to read a summerized view of current web page first. Here this script comes in.
    Warning: Use it only for lawful purposes as the script has vulnerability scanning which invokes IDS detection.
    Date: July, 2008

  • Malware Script Detector v2
    Description: The version 2 is similar to XSS warning addon. Look for URL string for XSS payloads. Detect and stop XSS attacks from evil bad guys to you in addition to detection of Malicious JavaScript embedded in malicious sites. This script has been tested for false positives thoroughly. False positives may occur at those sites which use crypto strings like order.php?token={a:xC2;id:ac3f52233;[]} and Squirrel mail sites which use URL strings like compose.php?to=John. We can't fix it for the sake of security. If you know this one, you can feel assured this is safe to accept and go on.
    Resource: Introducing MSD
    Date: March 2008

  • Malware Script Detector v1
    Description: Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as obfuscation but I'm sure it protects you from casual attackers.
    Date: Feb 2008

Popular posts from this blog

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

By YGN Ethical Hacker Group -
1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.0.20 and lower (aka 3.0.x family) 5. Affected URLs and Parameters /admin/adminusers/permissions.php (adminId parameter) /admin/categories/index.php (cat_name parameter) /admin/categories/languages.php (cat_master_id parameter) /admin/customers/ (
Read more

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

By YGN Ethical Hacker Group -
1. OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting (XSS). 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site developers since 2002. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.x 5. PROOF-OF-CONCEPT/EXPLOIT /admin/ajax.php (parameter: title, full_desc, ta) /////////////////////////////////////////////////////// POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1 Host: localhost Content-Length: 574 Origin: http://localhost X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded
Read more

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

By YGN Ethical Hacker Group -
1. OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people with a well-coded, user-friendly software platform for social needs. It is easy to set up, configure and manage Oxwall while you focus on your site idea. We are testing the concept of free open source community software for complete (site,sub-site setups) and partial (widgets,features) community and collaboration solutions for companies and individuals. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 1.1.1 and lower 5. PROOF-OF-CONCE
Read more