[WEB SECURITY] Bypasing filters for conducting XSS attacks and Information Leakage in local search engines

MustLive mustlive at websecurity.com.ua
Thu Feb 28 13:28:00 EST 2013


Hello participants of Mailing List.

This month I've wrote two new articles. So I'll tell you briefly about my
last publications about bypassing filters and Information Leakage in local
search engines. This topics should be interesting for you (especially for
those, who haven't read them before).

1. Bypassing filters for conducting XSS attacks
http://websecurity.com.ua/6323/

In this article I've told about my research (made at 3rd of February 2008)
about bypassing filters for conducting XSS attacks at web sites.
Particularly with using of special characters for dividing tag's name and
its properties. The results of updated test of all my browsers is present
(11 browsers - different versions of Mozilla, Mozilla Firefox, Internet
Explorer, Chrome and Opera).

The program for testing of the browser for supported characters for XSS
attacks is placed at my site (http://websecurity.com.ua/xss_evasion/).

2. Information Leakage in local search engines
http://websecurity.com.ua/6354/

In this article I've told about advanced method of finding Information
Leakage vulnerabilities, which I've developed in January 2008. Unlike google
hacking, about which I've wrote multiple articles and showed multiples
examples how to find millions of Full path disclosure and Information
Leakage vulnerabilities, in this case I wrote about using of local search
engines. On example of one local search engine I showed how it could be to
vulnerable to Information Leakage. Particularly it can lead to Source Code
Disclosure, which allows leakage of logins, passwords and other sensitive
information (from sources of the scripts).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 





More information about the websecurity mailing list