| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jul 2007 09:32:42 +0100 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: full-disclosure@...ts.grok.org.uk, owasp-leaders@...ts.owasp.org, "WASC Forum" <websecurity@...appsec.org> Subject: JavaScript Spider - Yahoo Site Explorer Spider http://www.gnucitizen.org/blog/yahoo-site-explorer-spider This simple POC uses Yahoo Site Explorer Service to craw/spider other webistes. It is written entirely with JavaScript - no server side support was required from my side. The POC proves once again that Web2.0 technologies open new ways of attacking Web infrastructures. Keep in mind that this spider is ultra fast. It does only several connects in order to obtain the entire directory structure of the targeted website. Also, keep in mind that it will take less then 5 minutes to make it equipped with the latest AJAX exploits. Therefore, I am not responsible for your actions. I am planning to write a follow up post on how we can make basic client-side XSS scanner on the top of this spider, so stay tuned. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists