Showing posts from August, 2009

Hacker Web Search Aggregator Update

- Added some searches - Added Category & site selection q = query string c = category s = site

Pentest Wordlists Pentest Wordlists from wfuzz tool. We host them for quick online reference. Note they are not comprehensive but rather enough. They are implemented as client-side scanning word lists in our WebPageFingerprinting script. /injections xss_basic.txt xss_rsnake.txt xss_all.txt XML.txt SQL.txt Traversal.txt /stress alphanum_case.txt alphanum_case_extra.txt char.txt doble_uri_hex.txt test_ext.txt uri_hex.txt /general|crack names.txt userlist.txt big.txt big2.txt catala.txt common.txt dic1.txt euskera.txt medium.txt passlist.txt common_pass.txt spanish.txt weak_passwords_module_passlist.txt weak_passwords_module_userlist.txt extensions_common.txt mutations_common.txt subdomains.txt /vulnerability apache.txt cgi.txt cgis.txt coldfusion.txt debugs.txt domino.txt fatwire.txt fatwire_pagenames.txt frontpage.txt iis.txt iplanet.txt jrun.txt netware.txt oracle9i.txt php.txt sharepoint.txt sunas.txt tests.txt tomcat.txt vignette.txt weblogic.t

Hacking Rapidshare Account With XSS

Download: MP4 | SWF Description: This movie shows how an attacker exploits an XSS vulnerability in and steals current logged in Rapidshare user's cookie which is then sent to his mailbox. Demonstrating with sample vulnerable XSS page seldom enlightens people with the real danger of XSS.We hope using the real site may make people(developers) greater awareness on the XSS threat. No doubt, we have reported this vulnerability to the Rapidshare team and they have fixed it.

PHP Charset Encoder Update

- Added Text FX, Encrytion/Hashing