Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
New Paid Web Scanner
Posted by: PaPPy
Date: September 27, 2011 11:57AM

Came across this service that is offering a service to scan your devices for a fee.

http://www.secpoint.com/cloud-penetrator-web-vulnerability-scanner.html

But I noticed 2 potential problems

First they have an image that includes a remote image.

not sure if this can be exploited
http://www.secpoint.com/thumb.php?img=http://data.xssed.org/images/xssed_logo.gif&h=100&w=150&d=yes

also on the above page it has some PHP code embedded in it
<?php echo $arryNewsTitle[0];?>

maybe could be used on a news page to manipulate something


maybe they should run their scanner across their site first, before selling a service

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: New Paid Web Scanner
Posted by: Skyphire
Date: December 13, 2011 05:58AM

Possible to XSS users on MSIE 6/7 within an image.

Options: ReplyQuote


Sorry, only registered users may post in this forum.