Cross Context Scripting with Sage

Update: http://michaeldaw.org/md-hacks/rss-injection-sage-part-2/ I would often keep abreast of new vulnerabilities and exploits via my RSS feeds. Visiting page after page was just never fun. RSS allowed me to categorise, organise and track the security mayhem on the Internet. What was the point of employing a security analyst who was outdated and outgunned? I decided to […]

RSS Injection in Sage part 2

2 months ago, both pdp any myself released a vulnerability Cross Context Scripting in Sage. This issue was resolved in Sage release 1.3.7 (see: http://mozdev.org/bugs/show_bug.cgi?id=15101). I found a new vulnerability which affects the latest version, Sage 1.3.8. In addition to the XSS vulnerability, it should be noted (as in the previous vulnerability) that this issue […]

ASP Auditor v2 BETA

ASP auditor v2 BETA Author david.kierznowski_at_gmail.com http://michaeldaw.org purpose: Look for common misconfigurations and information leaks in ASP.NET applications. # Changelog: # –v2.2– 20/Apr/07 # * Added additional support for Anti-XSS Validation detection. # * Added ASP Source Directory Leak Check # * Added Apr/07 ASP.NET Validation Bypass Check # # –v2.1– 25/Sep/06 # * GET […]

Michael Daw Anthology

michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award. Download Spotify Premium Apk here For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related […]