Ronald has started a router hacking challenge over on 0×000000.com. It’s an interesting topic, and something I have explored in the past with good results. Take a look and send him your findings.
Posts Tagged “hacking”
13
Dec
2007
 
Hacking AOLPosted by: Gerry Eisenhaur in Content, tags: 0day, exploit, hacking, webappsec, xssI had some free time today and after about 10 minutes of poking around AOL’s web services, I came to the conclusion that their developers have no concept of security. Every AOL domain I looked at had multiple XSS holes on basically every page. They ranged from random subdomains like: http://autos.aol.com/ To more serious domains like: http://webmail.aol.com/ (need to be logged in) To the really bad: https://my.screenname.aol.com/ Access to all of AOL’s web services requires only 2 cookies, SNS_AA from aol.com, and SNS_SKWAT from screenname.aol.com. The only positive thing I ran into is the fact they require you to answer a security question to access account management functions. Oh! I almost forgot, they also made a feeble attempt at blocking a select number of javascript functions and attributes. For example, this is blocked: But this isn’t: |
|
Entries (RSS)