Hell - Spy . De » Sec http://www.hell-spy.de Anyone who has never made a mistake has never tried anything new. - Albert Einstein Sat, 29 Oct 2011 10:23:41 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Wie “hackt” man nen Koffer? http://www.hell-spy.de/2011/08/wie-hackt-man-nen-koffer/ http://www.hell-spy.de/2011/08/wie-hackt-man-nen-koffer/#comments Wed, 03 Aug 2011 18:30:59 +0000 admin http://www.hell-spy.de/?p=112

So machen die Sec-Leute am Flughafen deinen Koffer auf:

]]> http://www.hell-spy.de/2011/08/wie-hackt-man-nen-koffer/feed/ 0 PHP Web Stat XSS http://www.hell-spy.de/2009/05/php-web-stat-xss/ http://www.hell-spy.de/2009/05/php-web-stat-xss/#comments Sat, 16 May 2009 09:19:50 +0000 admin http://www.hell-spy.de/?p=51

The newest version of PHP Web Stat (3.6.28) is vulnerable to a Cross Site Scripting attack, allowing code injection by malicious users. You can find my Proof of Concept here.

]]> http://www.hell-spy.de/2009/05/php-web-stat-xss/feed/ 0 Lansuite / phgstats XSS http://www.hell-spy.de/2009/05/lansuite-xss/ http://www.hell-spy.de/2009/05/lansuite-xss/#comments Sun, 03 May 2009 19:32:32 +0000 admin http://www.hell-spy.de/?p=43

Looks like it’s blogging time. For unknown reasons (unknown my ass – boredom and lack of beer), I took a deeper look at Lansuite. The last version (v3.someting CVS) was full of XSS and SQL injection bugs but after reporting it they fixed many, but not all of them. There are still 3 XSS bugs. Well they don’t directly affect Lansuite but phgstats. You can find a few details about it here. Have fun.

]]> http://www.hell-spy.de/2009/05/lansuite-xss/feed/ 0