Wednesday, February 06, 2008

A small hack story

One of my friend came to me and told me he lost his admin user while he was browsing the web site. I was surprised because normally it does not happen. if that site was using :) its sad but true does not allow html inclusion in post data. anyway the hacker puts a script code into his name field like this:


its not a big deal if you look the output of this script you will see this:


at the end it stoles browser's cookie and send it to a php file. while the hacker browsing another url and see which fish got fall for a trick :) anyway today I made a research and found a solution to this situation:

you should simply disable all js inclusions in the page except the domain. that will make your browser more secure.

No comments:

C# run testcontainers and run some commands on them

  using DotNet . Testcontainers . Builders ; using Xunit . Abstractions ; using IContainer = DotNet . Testcontainers . Containers . IContain...