Friday, March 16, 2007

sla.ckers and jungsonn

Ok, i gotta give props to my man jungsonn, he is the first one who add my blog into his own personal site. Thank you so much. Recently, i had been reading a lot in and Rsnake wanna see if there are any XSS in networking devices or web servers, i came up with a few. You can check the topic here:,114

Basically, i discover a few XSS flaws in IIS 6.0 and BEA Weblogic Server during a pentest project and also during my audit of a Telco, i discovered a weak session ID in a siebel CRM application. There is a video of it, but to protect the customer, i will not post it online. Yall can read more abt it in forum as mentioned above.

I am going to post more commands soon with my testing. Stay tuned.


Anonymous said...

great site and great info. Is it possible for you to give more info on the seibiel hax?

Anonymous said...

I would love to, but i can't because i ahve to protect the customer. But its siebel CRM system 4.0 if i am not wrong. I am 100% sure that you can do a session hijacking.