Unrestricted File Upload @ Web-Based Teaching System Myanmar
Unrestricted File Upload @ Web-Based Teaching System Myanmar

Critical Unrestricted File Upload vulnerability found @ Web-Based Teaching System (Myanmar) URL : http://www.wbts.com.mm Malicious Attacker can upload some file to server without permission ! And It has persistent XSS vulnerability. Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the […]

Continue reading »
Hacked Information and Proof of Concept  @ PlanetCreator.net
Hacked Information and Proof of Concept @ PlanetCreator.net

“Hacking” In this category, We’re going to post Hacker’s proof-of-concept. Unless you know how to hack, you can not defend yourself from hackers. We’ll know how hack hacks and how they got hacked. So, share your hacked info as following and email to theplanetcreator<-at->gmail.com < Your Nick Name > < Proof-of-Concept > Note: No PoC, […]

Continue reading »
Timing Attacks with HTML5
Timing Attacks with HTML5

HTML 5 and related technologies bring a whole slew of new features to web browsers, some of which can be a threat to security and privacy. This paper describes a number of new timing attack techniques that can be used by a malicious web page to steal sensitive data from modern web browsers, breaking cross-origin […]

Continue reading »
Introducing SpearPhisher – A Simple Phishing Email Generation Tool
Introducing SpearPhisher – A Simple Phishing Email Generation Tool

SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports […]

Continue reading »
Fake Login Page with XSS – IFRAME – | C B Bank – Online Electricity Billing Payment System(GBPS)
Fake Login Page with XSS – IFRAME – | C B Bank – Online Electricity Billing Payment System(GBPS)

When XSS vulnerabilities on bank websites are exploited by phishers, is too late to undo the unwanted consequences. The phishers were able to inject a modified login form onto the bank’s login page, specifically an IFRAME which loads the fake login form from a web server. Even if the login page uses SSL, does not […]

Continue reading »