| Su | Mo | Tu | We | Th | Fr | Sa |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Browse archivesRandom Media
Good Morning in Air (near Ashkabad, Turkmenistan)
Recent blog posts
|
Bug ReportsAuthentication bypass in Cyberix Internet Management SystemA mohali based company http://www.cyberix.in/ has an otherwise good Internet Management Software Product by the name Cyberix, is vulnerable to a very simple authentication bypass vulnerability (rather it is more of a software design issue). Cyberix IMS when authenticating a user using, the web login via a popup window, sends the MD5 hash of the users password in the GET request. As all URLs, along with the GET variables and their values, are saved in the browser's history, thus any user who has access to the system, used by a previous user, can simply check the browser history and click on the login URL to login as the other user, without providing any password. Defeating the purpose of an IMS where different users may have different access levels as promised by Cyberix IMS.
Submitted by Ajay Pal Singh Atwal on March 19, 2007 - 3:10pm. categories [ Bug Reports | Security ]
Ajay Pal Singh Atwal's blog | add new comment | read more | 1104 reads
Daddy Says Puttar No XSSThese days I am having too much fun with XSS. It is no good wishing happy holi by manipulating other peoples websites, even though it is harmless. You never know when you will come across some crazy hippocrat who believes that its website has been defaced and then tries to grab the poor fun loving XSSer by neck. Note to Self
Submitted by Ajay Pal Singh Atwal on March 4, 2007 - 4:19am. categories [ Bug Reports | Humor | Security ]
Ajay Pal Singh Atwal's blog | add new comment | read more | 1044 reads
Online Ticket Booking vs Fun with Mozilla FirefoxThe fun of online ticket booking. No going to agents and listening to their non-sense, no asking questions, just sit in front of your dear computer fire the browser, select Destination, make payment using the Credit Card and lo and behold you have the tickets. Well not that simple, specially when you are using a computer based on free software (free as in freedom). I use GNU/ Linux, Mozilla Firefox, I dont trust Windows for online transactions [*].
Submitted by Ajay Pal Singh Atwal on September 15, 2006 - 11:22pm. categories [ Bug Reports | Exposed ]
Ajay Pal Singh Atwal's blog | 2 comments | read more | 609 reads
PTU Jalandhar Website XSS VulnerabilityThese days Full Disclosure mailing list is being dominated by XSS vulnerabilities. It is time I should put up my contribution too, for an XSS vulnerability I have known for around 7-8 months.
Submitted by Ajay Pal Singh Atwal on May 29, 2006 - 10:31am. categories [ Bug Reports | Exposed | Security ]
Ajay Pal Singh Atwal's blog | add new comment | read more | 2226 reads
 |
![[I am an FSF Associate Member]](files/fsfmember.png "[I am an FSF Associate Member]"){kind=small}