This page contains a collection of random hacks and attacks which I discovered in several popular websites.

Each hack was described, reported, and fixed so they are no longer current. I lost interest in this kind of research fairly quickly; instead spending my time auditing Software.

Previously this site also contained the advisories resulting from the software audits mentioned. This auditing project now has its own collection of pages: the Debian security audit project.

Since that project has become an official part of the Debian project the content is no longer available here. You can still find the Debian Advisories I've been responsible for, along with a page containing Advisories + Explainations + Exploits.

After working on a website security paper for quite some time I was keen to see how susceptable random websites were to script injection, or cross-site-scripting issues.

Cross-site-scripting (XSS) attacks have become increasingly common over the past few months, and are frequently misunderstood. There's a fairly good cross site scripting FAQ which helps explain the issue.

• Advogato.org Scripting Attack
• Advogato.org attribute Attack
• Freshmeat.net Scripting Attack
• OSNews.com - URI Attribute Attack
• Quizilla Scripting Hack

If these writeups are a little dense you might like to read my (basic)Simple Cross-Site Scripting Tutorial.