A recent post on “Full-Disclosure” mailing list referenced a web page called “Session Destroyer”. This web page is a demonstration by Kristian Erik Hermansen that promises to make logging off various popular websites very easy.
How …

A few days ago a Cross-site-scripting vulnerability was discovered and reported on the American Express Site. A XSS vulnerability can allow attackers to steal user authentication cookies from americanexpress.com, thus leading to an account hijack.
As …

To read part 1 of this article please refer to the previous post.
Note: a large number of vulnerabilities described in this post can be exploited to bypass safe_mode. It is not recommended to rely on …

Cross Site Scripting seems to be the word of the past few days with high profile sites getting featured on the technology news sites. ZDNet reported how Facebook just fixed four XSS security flaws affecting …

Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site.

A new version of the popular scripting language, PHP …

Nowadays, a lot of web applications are using URL rewriting. URL rewriting involves converting normal URLs to search engine friendly URLs. Usually the reason for doing this is to improve the rankings in search engines.
A …

If a web application or web server are vulnerable to a Directory Traversal attack, a malicious user can exploit this vulnerability to step out of the web root directory and access other restricted files and …