Web Globe

This is the pastebin method to find passwords
Requirements: Patience
1. Go to http://pastebin.com/
2. Go to the search bar and type (example):
Program:firefox Url/Host:http://www.facebook.com login
Just change the Host to other site to find passwords you want!
Ex. Program:firefox Url/Host:http://paypal.com login
BOOM! Thousands of passwords

What is XSS? Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users. In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the infected or a specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms. Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password. It will be helpful for understanding XSS , if you have the following prerequisite: Strong Knowledge in HTML,javascript. Basic Knowledge in HTTP client-Server Architecure [optional]Basic Knowledge about server side programming(php,asp,jsp) XSS Attack: Step 1: Finding Vulnerable Website Hackers use google dork for finding the vulnerable sites for instance "?search=" or ".php?q=" . 1337 target specific sites instead of using google search. If you are going to test your own site, you have to check every page in your site for the vulnerability. Step 2: Testing the Vulnerability: First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields. Test 1 : Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the result Now right click on the page and select view source. search for the string "BTS" which we entered in the input field. Note the location where the input is placed. Test 2: Now we are going to check whether the server sanitize our input or not. In order to do this , let us input the Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS . By extending the code with malicious script, a hacker can do steal cookies or deface the site and more. Types of XSS Based on persisting capability: Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent. Persistent XSS: The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page. For Example: Many websites host a support forum where registered users can ask their doubts by posting message , which are stored in the database. Let us imagine , An attacker post a message containing malicious javascript code instead. If the server fail to sanitize the input provided, it results in execution of injected script. The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account. Non-Persistent XSS: Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest. The server embedd the input with the html file and return the file(HTTPResponse) to browser. When the browser executes the HTML file, it also execute the embedded script. This kind of XSS vulnerability frequently occur in search fields. NOTE: In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser. The browser then executes the code

This summary is not available. Please click here to view the post.

Starting tomorrow, buyers will be able to walk into an Apple Store and walk out with a Philips light bulb. Not just any light bulb, though. This one’s special. Very special indeed. Sold exclusively via Apple Stores, the Philips Hue bulbs aren’t just bulbs. See, these bulbs come with a connection to your router, allowing users to personalize lighting levels and schedules. Want a nice, soothing light to kick in around dinner time? No problem. Want blinding light to wake you up of a morning? There’s an app for that! read more HERE