Computer Security Is My Interest! » XSS Vulnerability

My belief: 70% of websites are vulnerable

Soroush Dalili — Sun, 29 Nov 2009 15:57:31 +0000

When I was searching for a ticket in nationalrail.co.uk website, I suddenly found an XSS and also a SQL Injection vulnerabilities in it.

I reported these two vulns. to its website just for having more security. And, I think these two vulnerabilities are fixed now.

However, I believe that still 70% of webistes are vulnerable against the OWASP TOP 10!

Also, I think you should read “Survey: Majority of Web sites vulnerable” as well.

Cheers,

Soroush

Travian Game Vulnerabilities in progress…

Soroush Dalili — Sun, 29 Nov 2009 14:54:08 +0000

3 weeks ago, I sent an email about some small but effective vulnerabilities in Travian online game to its providers. By using these vulnerabilities a player can make several accounts by the same email address (because of a logical flaw), and also, he/she can login to other players’ accounts (by using an XSS vulnerability which is completely proved).

Now, I’m still waiting for their final response as I don’t want to be harmful for them!

How to prevent phishing attacks? ‐ In 3 Pages ‐

Soroush Dalili — Sat, 21 Nov 2009 18:06:46 +0000

In only 3 pages, I tried to explain Phishing attacks and prevention methods. Although there are some books about this topic, I tried to do my best in 3 pages only! :D

I hope you enjoy :)

Click here to download this mini-article!

Cheers,

Soroush

Blog Template Was Updated

Soroush Dalili — Sat, 31 Jan 2009 22:20:30 +0000

I found some XSS vulnerabilities in my blog’s template, so I reported them to its creator (Inanis).

Thanks from Inanis because of fast fix and also for this beautiful template.

You can see these in this link:

http://www.inanis.net/blog/index.php/downloads/inanis-glass-wordpress-theme/inanis-glass-readme/