Results 1 to 8 of 8
  1. #1
    Join Date
    Jul 2004
    Posts
    73

    Simple Web-Based Vulnerability Testing

    Hello,

    This is more of an "interest check" than an offer, although I will happily take orders right now.

    My name is Andrew Smith and I am considering offering a Basic Web Based Penetration Testing service to Web Hosts.
    I plan offer checks for Cross-Site Scripting(Definition) Vulnerabilities and basic SQL Injection(Definition).

    This is not about securing your server, it is about making sure that the website is secure and that user inputted data can not be exploited for someone else's gain.

    I believe it is important for Web hosts especially to have secure websites, as an insecure website could have some serious implications. Included but not limited to:

    Phishing Scams (XSS)
    Cookie Theft (XSS)
    Database Theft/Alteration (SQL Injection)

    Up until recently an XSS vulnerability in a web host's site has not be particularly important (unless that host has some kind of login system based there, but even then it meant little) but with a huge increase in targeted Phishing scams web hosts could easily become victim of Phishers. If an XSS vulnerability existed in your website a Phisher could spam a carefully constructed URL to users of your website and trick them in to thinking that you were requesting their username and password (this could be fairly convincing, with your URL in the "address bar")

    I am offering one service; I will manually check your website for the common vulnerabilities mentioned above, inform you if and when i find such vulnerabilities and advise you as to how to fix them.

    I was considering charging $30.00 per domain checked, would this interest all you hosts out there?

    I have found many XSS vulnerabilities in the past (some notable websites: CNN.com, BankofAmerica.com, BankOne.com, TrustE.org and the "Plesk 7" software"), you can find evidence of some of my work here: examples of my work

    Please Note: The above work was not paid for; it was done voluntarily as a learning experience. Everyone listed on the website was informed of such vulnerabilities. If I were to discover vulnerabilities in your website they would not be listed there.

    Thanks alot,
    Any feedback would be greatly appreciated.
    Last edited by _rse; 01-12-2005 at 03:11 PM.

  2. #2
    Join Date
    Aug 2001
    Posts
    4,028
    I'm rather intriqued with your offer, but I do have one question.

    An example on your website: http://wheresthebeef.co.uk/XSS/cnn.com.html shows HTML that entered into the search box I assume... how bad can this be? And how come the page didn't execute your HTML code? Wouldn't that mean it's not really penetrating the document?

    I really am not trying to cause any problems... I just want to know what I'm buying before I make payment.

    Thanks for your time.

  3. #3
    Join Date
    Jul 2004
    Posts
    73
    Well, it no longer works because I informed CNN of the bug and they have fixed it. If they hadn't fixed it you would not see HTML in the search box, you would see a different page. As shown in the screen shot:

    http://wheresthebeef.co.uk/XSS/cnn.com.example.1.png

    That is a rather ugly example, but any HTML could have been injected leaving the vulnerability abusable by phishers.

  4. #4
    Join Date
    Jul 2004
    Posts
    73
    To demonstrate how any host can be vulnerable I went hunting for a vulnerability in RackCheck.com's website. I found one:

    http://wheresthebeef.co.uk/XSS/rackcheck.com.html

    RackCheck.com have been informed of this vulnerability and have fixed the problem.

    There doesn't appear to be much interest in this service, perhaps the price is a problem? Could the offer that if I do not find a vulnerability in your website I charge nothing (or a small percentage of the price). I assume that hosts either feel that their website is secure or can not appreciate the severity of such vulnerabilities.

    Thanks,
    Any feedback would be appreciated.

  5. #5
    Join Date
    Jul 2004
    Posts
    73
    OK, not seeing much interest.
    I will fix a trial price of $30 (through paypal) per security check (one domain/website) if I do find vulnerabilities, if I am unsuccessful (which is possible, if your site is secure) then I will charge nothing.

    If you are interested please reply here, send a private message or contact me via e-mail:

    rs@wheresthebeef.co.uk

    All sales and enquiries will be kept completely confidential.

    Thanks.

  6. #6
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    160
    mate, you may correct me if im wrong, but i assume you are talking about rackspace and not rackcheck.

  7. #7
    Join Date
    Jul 2004
    Posts
    73
    Oh, yes. Sorry, i always get the two confused.

    (I would edit the post, but apparently I am not allowed)

  8. #8
    Join Date
    Jul 2004
    Posts
    73
    Shameless bump.

    I'm suprised at the lack of interest in this, no feedback as to why?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •