Friday, March 16, 2007

sla.ckers and jungsonn

Ok, i gotta give props to my man jungsonn, he is the first one who add my blog into his own personal site. Thank you so much. Recently, i had been reading a lot in sla.ckers.org and Rsnake wanna see if there are any XSS in networking devices or web servers, i came up with a few. You can check the topic here: http://sla.ckers.org/forum/read.php?6,114

Basically, i discover a few XSS flaws in IIS 6.0 and BEA Weblogic Server during a pentest project and also during my audit of a Telco, i discovered a weak session ID in a siebel CRM application. There is a video of it, but to protect the customer, i will not post it online. Yall can read more abt it in sla.ckers.org forum as mentioned above.

I am going to post more commands soon with my testing. Stay tuned.

2 comments:

Anonymous said...

great site and great info. Is it possible for you to give more info on the seibiel hax?

Anonymous said...

I would love to, but i can't because i ahve to protect the customer. But its siebel CRM system 4.0 if i am not wrong. I am 100% sure that you can do a session hijacking.

hackathology