Archives for the Month of July, 2007

Online Javascript LAN scanner

Background I’ve really enjoyed making this tool, it started off as a port scanner then it evolved into a router scanner and now I’ve decided to accept any device on a LAN. The code now works on Firefox and IE7 (which was a pain), I haven’t managed to test it on any other browser so […]

Javascript port scanner

I was pretty bored yesterday and I found my work a bit too easy so I thought I’d have a go at something different. I decided to create a javascript port scanner, the scanner only works on Firefox at the moment (I may change it to work in other browsers) and has three options, option […]

Reflected SQL injection

I’ve been developing a system for a while now and it’s currently in the testing stage, I noticed that a SQL injection vulnerability had crept in. I was quite surprised because my filtering methods are generally quite good and I’ve not seen any SQL errors in the logs for quite some time. Luckly the site […]

PHP Mysql tips

Continuing from my earlier post on PHP performance, I thought I’d share a few Mysql tips that I’ve learnt over the years. Hope it helps someone and please leave a comment with your own tips or provide any corrections to the ones mentioned. Word searching 1. SELECT * FROM table WHERE MATCH (`field`) AGAINST (‘Keyword’) […]

Vulnerability found in security tool

Hehe this is quite funny, Chris Shiflett released a tool today to perform CSRF tests and I found a huge hole in it that allows javascript execution on his site. Sorry Chris Simple Exploit

Web development trends (estimation)

I found this interesting, although obviously not 100% accurate it gives a good indication of development trends. I’ve compared server side languages and javascript frameworks. jquery    scriptaculous    dojo toolkit    yui yahoo    ext js    php    asp | asp.net    ruby on rails    jsp    python   

Increasing PHP performance

This is just a short post on a couple of performance increases you can do in your code that was kindly pointed out to me by WhiteAcid, when he looked through the source code of my captcha. I must admit I wasn’t aware of these slight improvements and I’m sure this post will inform a […]

Return of the Heyes Captcha

When I first created my Heyes Captcha I thought I was onto a winner but I must admit it got ripped to pieces by the security community and was hacked in a matter of hours. But I’m persistent so I released another one with a similar outcome but now I think I might have created […]

Tracking without cookies part 2

I’ve been experimenting with the various ways of tracking a user without cookies or sessions and I came up with a unique way of doing so that I haven’t really seen documented anywhere. Using the script below you should receive a unique session id; if you then try the script in another browser it should […]

Tracking without cookies

I’ve created a simple script after discussions on a mailing list I’m a member of. The idea was to create a unique identifier without using a full IP address or cookies. It works using javascript to gather information about the browser (screen depth, user agent etc), it then takes all this information and creates a […]