Shreeraj Shah
Colapse all |
Post comment
Hacking Web 2.0 Applications with Firefox
2006-10-12
Anonymous
Anonymous
Though information is passed through the querystring for the server requests shown in this article, that does not make the web application vulnerable to SQL injection techniques. Potentially, vulnerable, yes. Actual vulnerability depends on how the server is validating the data. Though certainl...
[ more ] [ reply ]
[ more ] [ reply ]
Hacking Web 2.0 Applications with Firefox
2006-10-12
Zachary Richmond (1 replies)
Zachary Richmond (1 replies)
"For example, again using the above case, the parameter ?date? is vulnerable to an SQL injection attack."
I am not sure how one can tell this from the .js function code. Is there something I am missing? It seems to me that it is more likely "maybe vulnerable" instead of "is vulnerable", since ...
[ more ] [ reply ]
I am not sure how one can tell this from the .js function code. Is there something I am missing? It seems to me that it is more likely "maybe vulnerable" instead of "is vulnerable", since ...
[ more ] [ reply ]
Hacking Web 2.0 Applications with Firefox
2006-10-12
Steve McDonald
Steve McDonald
I haven't tested it, but I think that much of the risks involved with technology like AJAX could be dodged completely using a technique like FJAX (that's Flash, JavaScript and Asynchronous Xml) which encapsulates all of the XML processing, XHR calls and presentation logic within a compiled Flash SWF...
[ more ] [ reply ]
[ more ] [ reply ]
Hacking Web 2.0 Applications with Firefox
2006-10-15
Anonymous
Anonymous
How to delete all cookies in Firefox on closing, EXCEPT for those from selected domains!
http://mungobah.blogspot.com/2006/09/how-to-delete-all-cookies-in-firefox-on.html
Firefox doesn?t seem to have a ?Delete all cookies except the following? feature under a fancy button entitled ?Delete all cook...
[ more ] [ reply ]
http://mungobah.blogspot.com/2006/09/how-to-delete-all-cookies-in-firefox-on.html
Firefox doesn?t seem to have a ?Delete all cookies except the following? feature under a fancy button entitled ?Delete all cook...
[ more ] [ reply ]
Hacking Web 2.0 Applications with Firefox
2006-10-18
Lizard (2 replies)
Lizard (2 replies)
"Here we have identified the resource location for the backend web services:
http://example.com/2/auth/ws/login.asmx/getSecurityToken?username=amish&password=amish"
-----------------
Won't I see this same info using Ethreal?...
[ more ] [ reply ]
http://example.com/2/auth/ws/login.asmx/getSecurityToken?username=amish&password=amish"
-----------------
Won't I see this same info using Ethreal?...
[ more ] [ reply ]
Re: Hacking Web 2.0 Applications with Firefox
2006-11-07
Shreeraj Shah (1 replies)
Shreeraj Shah (1 replies)
You need a in-browser plugin or SSL proxy to see HTTP over SSL interaction. At the same time objective over here is to link HTTP traffic to XHR object as well....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Hacking Web 2.0 Applications with Firefox
2006-11-24
Cd-MaN
Cd-MaN
Actually you can use Paros proxy (http://www.parosproxy.org/) to intercept SSL traffic, because it can perform a man-in-the-middle "attack" (it decrypts the traffic and reencrypts it with its own certificate). Of course you'll get a warning in the browser but (supposedly) you know what you are doing...
[ more ] [ reply ]
[ more ] [ reply ]
Hacking Web 2.0 Applications with Firefox
2008-01-10
Jonathan Crow
Jonathan Crow
Interesting stuff, but there seems to be an assumption that Web 2.0 = AJAX, and that isn't the case. I am not a security expert, and have a hard time understanding the technical details. But I am very interested in the implications of hacking Web 2.0 apps. The question I have is how easy is it to ha...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]