Dangerous XSS vulnerability found on YouTube – the vulnerability explained

On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added. Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colors. Some users also seemed to suggest that there were experiencing page redirects, often to sites promoting pornographic content.

Read More →

Acunetix WVS takes first place in black box web vulnerability scanners comparison

Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara.  In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open […]

Read More →

OWASP AppSec US 2010, California

Acunetix will be exhibiting at the OWASP AppSec US 2010 in California.  The event will take place between 7th and 10th of September 2010.  The event will be held at UC Irvine Conference Center, in Irvine, California. For more details about the OWASP AppSec conference click here.

Read More →

Fraud: An Infected Website Is a Commodity

It’s a sad statement to make that anyone can become a hacker, with a few dollars and the right contacts anyone can “order” an infected website.  A simple email will give anyone the means to access credit card numbers, addresses, and all of your personal information.  One blogger went so far as to label this […]

Read More →

VIDEO: web application firewall bypass with a XSS attack

In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF.  Such attack is possible By exploiting a cross-site scripting vulnerability in the log viewer facility of the dotDefender admin interface.  Watch the video below for a more in […]

Read More →