Archive for December, 2007

11
Dec
07

Best Scripts -http://userscripts.org/scripts-

i found this site by accident,there are so many script there that u can install online to your computer.i think this will very useful because some scripts make our job became easier.besie that so many cool script,it’s like a tricks.ill show you some of the scripts,this is several best greasemongkey script,i haven’t test it yet.because i don’t feel that i need this.this is what i found :

1. best greasemongkey script – ultimate google make over

google-search-greasemonkey-thumb2.jpg

As seen in the screenshot above the script organizes the results into two columns, numbers them, grabs each website’s icon, and much more. You’ll also notice that there are no page numbers at the bottom of the results screen. That’s because there is a semi-transparent box in the upper-right corner that takes care of that. Since it is always located in the same spot it makes it much easier to keep going to the next page of the results. Of course you can pick and choose which of those features to enable assuming that you’re comfortable changing a few numbers around in the script’s code.

you install by open this link

2. best greasemongkey script – google calender time line

google-calendar-timeline.jpg

Even though the settings do appear to be directly integrated into your Google Calendar, they are actually stored on your computer. That means that the settings are not carried from one computer to another, and this is yet another reason I wish Google offered a custom plugin system for some of their services.

Advertisements
06
Dec
07

exploit mE : sql inject-me & xss-me Plugin

Security Compass announces the release of the open source Firefox plugins for web application penetration testing at the SecTor conference in Toronto.

exploit mE is A suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using proxy tools like many web application testing tools, Exploit-Me integrates directly with Firefox.

XSS-mE

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.

If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

The Cross-Site Script Me (XSS-Me) tool allows the user to test their web applications against common XSS vulnerabilities. The Beta2 release corrects an issue with the plugin failing to work with Firefox 2.0.0.10.

XSS-Me 0.2 is available here.

SQL INJECT-mE

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool work by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

SQL Inject-Me 0.2 is available here.

03
Dec
07

Hacking : Adobe Photoshop CS2 / CS3 File Buffer Overflow

A “highly-critical” security flaw in Adobe Photoshop CS2 and CS3 that could allow remote hackers to access your computer has been reported by security company Secunia.

The flaw involves the way that Photoshop processes bitmap files, such as BMP, DIB and RLE, and allow malicious coders to launch buffer overflow attacks.A buffer overflow attack is where a hacker purposely causes a program to experience an error, so that they can insert their own code, which is then executed.The flaw was discovered by French security researcher “Marsu”, who tested it against Windows XP SP2.

Marsu has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user’s system.he vulnerability is caused due to an error within the BMP.8BI Photoshop Format Plugin when handling Bitmap files (e.g. .BMP, .DIB, .RLE). This can be exploited to cause a stack-based buffer overflow via a specially crafted Bitmap file.Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in Adobe Photoshop CS2 and reportedly affects Adobe Photoshop CS3. Other versions may also be affected.

While code has been published by MilwOrm to demonstrate how the flaw can be exploited.

 

 

Continue reading ‘Hacking : Adobe Photoshop CS2 / CS3 File Buffer Overflow’