XSS Tunnelling is the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies. This paper explains the idea and the real world implementation. Continue reading
Non technical talk about insecure trends in Web 2.0 applications. Explains what’s wrong with today’s Web 2.0 applications and why new comers keep repeating these.
This presentation given at RIATalks, it’s about fundamental flash security issues, attack surface of Flash and secure development.
Deep Blind SQL Injection is a new way to exploit Blind SQL Injections with a 66% reduction in the number of requests. Continue reading
This document discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. Continue reading
This presentation has given in Intercon 2007 (Portcullis’s internal conference), Talks about exploiting and identifying most common XSS vulnerabilities in real world.
XSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. Continue reading
NOTE : This download is no longer available on our web site. Portcullis no longer maintain the tool, if you would like the latest version visit https://github.com/portcullislabs/xssshell-xsstunnell
XSS Shell is a powerful XSS backdoor, in XSS Shell one can interactively send requests and get responses from victim and it allows you to keep the control of session. Continue reading
NOTE : This download is no longer available on our web site. Portcullis no longer maintain the tool, if you would like the latest version please visit https://github.com/portcullislabs/bsql-hacker
BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. Continue reading