Showing 4 results for: November 2012 ×Security Research ×

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) vulnerability in your web application? This blog post will demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that...

[Honeypot Alert] User-Agent Field XSS Attacks

Our web honeypots picked up some more XSS attacks today: The highlighted data in the Apache access_log holds the User-Agent field token data from the request. In this case, the attacker has inserted some Javascript code that would use the...

CVE-2012-4969 and the Unnamed Admin Panel

While CVE-2012-4969 isn't new, we are still curious about the various ways this vulnerability can be exploited. Today we've stumbled upon a new instance of it. Let's have a look. That's a rather simple version of the first half of...

CWE the Vote

It's a nice, sunny day in Cleveland, my friends. Tonight, after the votes are counted, including my quadrennial write-in vote for "Lynard Skynard", the signs will start coming down, the bumper stickers will start to fade in the sun, and...