Author Archives: nikifor

Bluehost.com made me feel blue…

Two years ago I decided to get a personal site. I was after two things: flexibility and low cost. I didn’t want to get a VPS but I also didn’t want the hosting packages of one domain and 350MB of … Continue reading

Posted in Miscellanea | 19 Comments

Stored XSS on Statcounter!!!

Stored XSS on popular Web statistics framework Statcounter. Log yourselves out of Statcounter and if possible disable JavaScript for the domain (possible in Chrome, not sure about Firefox)…  Will give more details when Statcounter fixes it. The only reason I … Continue reading

Posted in Miscellanea | Leave a comment

What do you call?

Joke I just made up: What do you call a woman who first says to you “I love you” but ten minutes later she adds “I actually don’t, but don’t feel bad because I say that to all men”?

Posted in Miscellanea | Leave a comment

Firefox and Self-XSS

I still remember the good old days when I would just write “javascript:alert(document.cookie)” in my address bar and the browser would happily show me the JavaScript-accessible cookie values for the current domain. These were simpler days… Mid-2011 the developers of … Continue reading

Posted in Breaking stuff | 4 Comments

If he was good enough…

Since the beginning of October I’ve been following the online AI course from Standford, taught by Sebastian Thrun and Peter Norvig. In the last two months, I’ve given up a great part of my free time to look at videos, … Continue reading

Posted in Miscellanea | 5 Comments

Bypassing Chrome’s Anti-XSS filter

Its been a while since my last post so I decided to make it worthwhile :). I was recently checking a friend’s site for the classic Web application vulnerabilities, when I found a reflected XSS attack. While I was investigating … Continue reading

Posted in Breaking stuff | 29 Comments

Write your own SSHD backdoor

This article is not written by me. I found it online, but only in one place so this is effectively a mirror for it. Enjoy 🙂 /////////////////////////////////////////////////////////////////////////////// /************************************************** ***************************/ /* Tutorial: How to write a backdoor for OpenSSH. */ /* … Continue reading

Posted in Uncategorized | Leave a comment

A peek in Google’s past with phpinfo()

You have to love phpinfo() . This simple PHP function prints out a truck-load of information regarding all kinds of configuration details of your Apache + PHP installation. It is very helpful to a Web administrator who is trying to … Continue reading

Posted in Miscellanea | Leave a comment

Security inconsistencies…

While I was in Eindhoven for OWASP BeNeLux 2010 I was at some point searching online for WikiLeaks posts regarding greek politics. I was checking the results from the first page of Google when suddenly this caught my eye:

Posted in Miscellanea | 1 Comment

Hello world!

On the 3rd of December 2010 I decided to start this blog. I am way too busy to update this on a regular basis however I plan to post here all the things that I find (interesting|smart|stupid) enough to share … Continue reading

Posted in Uncategorized | 1 Comment