Monday, October 1, 2007

2 Factor Authentication Last Update

I think i am more or less done with my scope of work. There is simply no chance in hell that i can break that application. It like no matter what i entered, i always get a service not available or please try again later. Verified all the injection points and the stuffs that i can inject. Still, nothing can be done. The application is so sensitive and secure that it validates all input characters and escape all output characters. Lastly, every error message that is output is all generic error message with no other information. The only one last thing i am trying now is XSS on a 404 error page and see how it reacts. Still, this is what i got



And the generated source i got after the XSS:

[404 Not Found
Not Found
The requested URL /x/--><script>alert("XSS")</script><!--&node=465600 was not found on this server.]

The Hacka Man

1 comment: