AndrewNohawk

Security

Sec related jazz

CodingSecurity

VMWare User Information Leak

Click here to search the VMWare user database! So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages: The fields…

CodingSecurity

Pastebin Scraper

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at http://www.andrewmohawk.com/pasteScrape/ otherwise feel free to download it and run it yourself from this archive Basically, go to http://www.andrewmohawk.com/pasteScrape/ and try some of these: “gmail/facebook Password” – free facebook/gmail/whatever accounts…

CodingSecurity

Persistent XSS: more than a popup :)

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS,  didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular: I looked around some…

Security

ZaCon ’09

So we had a little security con here in .za (South Africa), www.zacon.org.za – basically an uncon styled conference: An unconference is a facilitated, participant-driven conference centered around a theme or purpose. The term “unconference” has been applied, or self-applied, to a wide range of gatherings that try to avoid one or more aspects of…