Ferruh Mavituna - Me, Myself and My Alter Ego... Ferruh Mavituna http://ferruh.mavituna.com Paz, 12 Şub 2012 20:19:27 +0200 http://ferruh.mavituna.com http://ferruh.mavituna.com/rss/rss.gif http://ferruh.mavituna.com/rant-and-finding-vulnerabilities-in-public-websites-oku/ Aspirin Osman Çar, 01 Ağu 2007 22:52:40 +0200 Hay Man Ferruh<img src="/mg/smilies/smile.gif" width="21" height="22" alt=":)" /> Ingilizcem bu kadar oldugu i&#231;in makaleyi okuyamiyorum. T&#252;rk&#231;e kaynak sikintisindan dolayi pek bir ilerleme kaydedemiyoruz. Ingilizce bilen biri bunun gibi yazilari rahatlikla bulabilir ama T&#252;r&#231;e kaynak yok denecek kadar az belkide yok.<img src="/mg/smilies/smile.gif" width="21" height="22" alt=":)" /> Saygilar. http://ferruh.mavituna.com/rant-and-finding-vulnerabilities-in-public-websites-oku/ Ferruh Mavituna Pzt, 30 Tem 2007 22:58:19 +0200 Today lots of other things happened appereantly, Quite funny and sad.<br /><br />http://sla.ckers.org/forum/read.php?3,14208<br />http://blog.php-security.org/archives/90-More-CSRF-Redirectors.html<br />http://www.0x000000.com/index.php?i=410<br /> http://ferruh.mavituna.com/rant-and-finding-vulnerabilities-in-public-websites-oku/ daddyguy Cmt, 28 Tem 2007 21:37:35 +0200 <blockquote><strong>hi,<br />http://sqlinject.blogspot.com/ <br />This is my blog. I am new at sql injection. I found a lot of basic errors much too.</strong></blockquote><br /><br />Merhaba, bu blog benim blogum. Yaptigimin fazla iyi olamdigni anlayip ticari siteleri yazmaktan vazge&#231;tim hatta en son &#252;&#231; tane firmya eposta yolladim fakat adamlardan tik yok. Sonu&#231;ta ben onalra yardim etmek istedim. Ayni zamanda sitede bir mssql vs. hatasi g&#246;r&#252;nce tatmin oluyor insan. Bir de su var kendi bilgisayarimda sunucuda bir seyler denemektense piyasada ugrasmak daha iyi geliyor bana. &#199;&#252;nk&#252; herkesin kullandigi kod farkli, sabit degil. <br /><br />Ama ticari siteleri vs. vermek hatali. Yaptigim nelki sa&#231;ma belki degil. Ama google'da arayip bulmak &#231;ok zevkli. Simdi sql injection(sizma/sizdirma/g&#246;mme) ile bir seyler yapmak, zarar vermek lamerlik diyen &#231;ok olacak. Dogru basit bir sey ve marifet degil ama bug&#252;nlerde bile hala bu a&#231;igi kimse kapatma ihtiyaci duymamis veya haberdar degil. <br /><br />Bu arada sizin sql-injection makalesi &#231;ok isime yaradi. Benim yaptigim site sahipleri uyarmaktan &#246;te degil artik.<br />Saygilarimla,<br />Aykut http://ferruh.mavituna.com/rant-and-finding-vulnerabilities-in-public-websites-oku/ Ferruh Mavituna Cmt, 28 Tem 2007 19:04:21 +0200 I know what you mean and I read the comments in your website. I can see your point too or exceptional full disclosure in here. Sorry about showing you as an example<img src="/mg/smilies/smile.gif" width="21" height="22" alt=":)" /> but I'm glad also you see my point.<br /><br />Thanks, http://ferruh.mavituna.com/rant-and-finding-vulnerabilities-in-public-websites-oku/ Gareth Heyes Cmt, 28 Tem 2007 17:42:05 +0200 Hi<br /><br />That's just my personality, if someone posts a security tool to a list of security experts and it contains a hole, then what do you expect? And such an obvious one at that, maybe Chris should have been more professional and tested the tool before releasing it to the public.<br /><br />I enjoy finding holes in software because I enjoy the technical challenge, I don't just go and find XSS holes on web sites that's boring! I try to find unique creative ways of exploiting things.<br /><br />I can see your point and normally I would have reported it directly to the person but I just found the whole thing so ironic. What did annoy me though was the comments by Chris on my blog, he basically said that a XSS hole was a slight risk on his site, c'mon? From a security guy?