Description: A video demonstration of a way a security flaw I found in The New York Times' website.
This is unpatched as of 4/7/11 (dd/mm/yy)
Tags: hack , xss , web , application , newspaper , sql , injection , large , company , fortune , 500 , new , york , ny , times , nervcanhasloaf , phizo , srblche , attack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Hi Nerv,
could you please tell me or write tutorial about XSS and tools you use to determine this exploit
Hi Nerv,
could you please tell me or write tutorial about XSS and tools you use to determine this exploit
I didn't use any tools to determine the flaw.
I do all of my pentests manually, tools often miss flaws which wouldn't be found otherwise.
Also there is plenty of XSS Tutorials available on various blogs, websites and forums.
ohh,
thanks for information
Hey Nerv - Would you mind sharing the name of the firefox add-on were you using there?
Hope you've also done a disclosure to them :)
Yes, I told them. They didn't seem like they cared too much.
Also the addon I used was named hackbar. It's just helpful for sql injection and other url based web attacks.