Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Again on mcafeesecure and scan-less PCI
Posted by: euronymous
Date: November 12, 2008 10:28AM

Hi all

I really don't want to bother you again with mcafeesecure.com abstruse testing methodologies and WHY they fail in the reality: you all know that (I suppose so).

But it's always really funny for me to find bugs like reflected XSS on website that claims to be secure because they have the "HACKER SAFE" gif on their website.

I'm actually developing, with my business friend, a few projects based on Apache Ofbiz: It's really a good starting-point to develop tailored solutions such as ecommerce and so on.

The problems, as I already stated here: https://issues.apache.org/jira/browse/OFBIZ-1959 , are well known.

Well, if you go to ofbiz.apache.org, and look for existing websites that are based on it, you can find www.steinersports.com.

And if you go here http://www.steinersports.com/ssm/control/keywordsearch?reqstr=2&SEARCH_STRING=ciao%3CScripT%3Ealert(document.cookie)%3C%2FScripT%3E&userSearch=true&x=11&y=10 you can understand what I'm saying.


Well, I really consider this website HACKER SAFE ;)
That's what get me really angry with business that sell only smoke, like mcafeesecure.

Enjoy hacking

+++eat, fuck, hack+++

Options: ReplyQuote
Re: Again on mcafeesecure and scan-less PCI
Posted by: PaPPy
Date: November 12, 2008 06:14PM

ya we all know hackersafe can blow it out their ass, we all have found many hacker safe sites vulnerable especially to XSS

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.