This is the second post in the 3 part series that explains XSPA, the attacks and possible countermeasures.
Cross Site Port Attack (XSPA) is a vulnerability that allows attackers to fetch status of TCP ports (and grab service banners) over the Internet or internal systems by abusing a feature in web applications that makes HTTP requests using attacker supplied URLs.
Bug writeup for a CSRF vulnerability in Twitter that allowed an attacker to trick a user into deleting the addressbook remotely.
Writeup of the Capture the Flag event at c0c0n 2011.
Multiple XSS and CSRF issues in Apache Archiva version 1.3.4. Disclosure blogpost.
Simple VBScript using XMLHTTP to fetch usernames from a WordPress installation using the
?author= redirect feature.
Multiple XSS reported to Joomla! CMS. CVE-2010-1649 assigned.
- NEWER POSTS
- page 2 of 2