Mocking the military; hacking the hackers

Disclaimer: This post is probably not safe for work. Bad language, political views, and oxford commas aplenty. This article covers a few basic cross site scripting bugs in Department of Defence and Ghost Security websites. The idea is to highlight how even the most security conscience among us can forget [...]

By |2019-11-19T18:16:57+00:00April 5th, 2016|Security|0 Comments

An XSS attack in Action

Cross site scripting attacks, commonly called XSS, are becoming more and more prevalent as the power of JavaScript has evolved way beyond simple DOM manipulation. Using the power of embeded JavaScript can be beneficial for an attacker for several reasons including… HiJacking login sessions (covered in this article) Inserting malicious [...]

By |2019-11-22T22:35:15+00:00July 2nd, 2014|Security|0 Comments

WebWoW In-game mail hack

Edit: WebWow was a website CMS which integrated with private World Of Warcraft servers. It helped provide a bridge between donations, social interactions and in-game perks. Although it was an excellent product, it had a few issues. I helped fix some, including the insecure and ineffecient RA mail system. I [...]

By |2019-11-19T18:46:29+00:00January 19th, 2011|Code|Comments Off on WebWoW In-game mail hack