Hacking Sites for Fun and Profit

David Stockton

Saturday 9 May 2015 from 09:00 to 11:45

Workshop in English - US at OpenWest 2015
Track Name: SB 280 - Tutorials
View Slides: http://www.slideshare.net/dstockto/hacking-sites-for-fun-and-profit-47894529
Short URL: https://joind.in/talk/1fa3a (QR-Code (opens in new window))

Avg. Rating

Hacking Sites for Fun and Profit

Comments

Comments are closed.

Anonymous at 11:09 on 9 May 2015

Great course!

Rico Cordova at 08:32 on 11 May 2015

There was so much thought put into this workshop. Thank you!

The example VM was extremely helpful in allowing us to inspect bad practices and possible vulnerabilities.

John Kallen at 08:56 on 1 Jun 2015

Hi David,

Really enjoyed your class. Hey, during the class itself you were keeping track of all the hacks we found for your Cheese site. Can you provide that document to me or direct me where I can get it? I was showing this information to some co-workers and couldn't remember all the hacks we did on the Search box.

Thanks,

John Kallen

David Stockton (Speaker) at 16:41 on 2 Jun 2015

@John Kallen: I think this is what you are looking for:

XSS in guestbook

Enter this as a guestbook entry:

Nothing to see here....
<script type='text/javascript'>alert('pwned your sessionID is '+document.cookie.substring(11));</script>

Command injection in search:
http://hackingsite.dev/cheese/search?q=cheez-it;%20ls%20/