Tag Archives: malicious

TeliportMe 360 Exploits (How to Edit Any Photo, Use XSS, and Compromise the Homepage)

Posted on by Posted in Mobile, Security, Social Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , 5 Comments

WarningIMPORTANT: DANGER! DANGER! DANGER! Proceed with reading this article and/or partaking in any action on TeliportMe’s 360 website or mobile application with extreme caution and at your own risk. I highly recommend that you DO NOT visit TeliportMe’s 360 website or PhotoTour.in directly. By the time you read this someone else may have already used this information to exploit the site and/or its visitors. YOU HAVE BEEN WARNED!

About a week ago, TechCrunch discussed a panorama application for Android. The application is called 360 and it was created by Vineet Devaiah‘s company TeliportMe. It’s received praise from some other reputable sources as well and has even managed to attract about 30,000 users; but as will become more apparent over time I love to dig into the security of these sorts of apps. Unfortunately for TeliportMe, their web security is not up to snuff.

Continue reading

OneSheet Exploits (How to Edit Any Band’s OneSheet and/or Use XSS)

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , 2 Comments

WarningIMPORTANT: DANGER! DANGER! DANGER! Proceed with reading this article and/or partaking in any action on OneSheet with extreme caution. I highly recommend that you DO NOT visit OneSheet.com directly. By the time you read this someone else may have already used this information to create a OneSheet JavaScript worm. YOU HAVE BEEN WARNED!

So, remember that OneSheet site all the bloggers have been talking about (it’s basically a site for Bands to aggregate all their social media into one page and then add a background or bio for a little extra flavor)? Since those articles were written they’ve amassed over 1000 followers on Twitter. Well, I tried it out and the security is completely piss poor. Any respectable band that does not want their reputation tarnished should absolutely stay away from this site until they fix the glaring security holes. Continue reading to see why this site’s security is ridiculous.

Continue reading

Xanga Cross Domain Redirection Exploit

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , Leave a comment

WarningAnd while I’m on the subject of security, I thought I’d point out the silly cross domain redirect exploit that exists on Xanga. This exploit has existed for quite a long time–dare I say, years?–but I don’t actually use Xanga so I’ve never bothered with it.

Continue reading

Google Analytics for WordPress 4.1.2 XSS Exploit

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , Leave a comment

WarningOne of my hobbies is to verify the security and integrity of various software platforms and websites that I use day-to-day. Sometimes I spot some glaring insecurities, other times I don’t. Recently I discovered some cross-site scripting (XSS) exploits in the Google Analytics for WordPress plugin (version 4.1.2). Apparently some others noticed this as well and it was reported to the author who subsequently fixed the issue in the next revision (4.1.3). Now that all the responsible administrators have updated their websites–if you haven’t, please update immediately–I thought I’d explain how the exploit works.

Continue reading

How to clean up a hacked site (or how to restore your place in Google’s web results)

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Help, Google says my website is infected! The ominous “Reported Attack Page!” and “Something’s Not Right Here” are phrases every webmaster dreads to see. Unfortunately cleaning up a hacked site can be a nightmare for webmasters, but in this article we’ll tackle the steps you can take to remedy the problem and get your site back into Google’s favor. If you’re seeing one of the below images, continue reading to understand where to go from here.

Firefox Malware Warning

Chrome Malware Warning

In a hurry? If you have no time to spare, just contact Sucuri Security for instant help resolving your problems.

Continue reading

Scanning your websites for malware? Here are 5 free tools that can help!

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Whether you’re a webmaster whose site has been flagged by Google or just a curious and careful internet browser, you may need some help in identifying potential threats on the web. Here are some useful tools I’ve used to help identify threats and a few ways to report threats to protect other users as well.

Footnote: Has Google flagged you as a “reported attack site”? Check out my guide on hacked sites to clean up your site and get back in business with Google! In a hurry? If you have no time to spare, just contact Sucuri Security for instant help resolving your problems.

Continue reading