Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/adminseb/public_html/wp-includes/wp-db.php on line 3283

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/adminseb/public_html/wp-includes/wp-db.php on line 3283
Finding Security Bugs in Gawker Source Code | Security Generation
Skip to content

December 15, 2010

Finding Security Bugs in Gawker Source Code

With the recent high-profile Gawker compromise, their entire source code and user database are available as a torrent. Some people have taken to cracking the (weak) password hashes, whilst others are looking for bugs in the source.

Mike Bailey has started Gawker Bug of the Day (@gawkerbugs), and will be disclosing security vulnerabilities in their source code… presumably for funsies.

GBOTD#1 is a XSS found in the first 3 lines of the first file:

http://gawker.com/at.js.php?country=%3Cimg%20src%3D.%20onerror%3Dalert%28document.cookie%29%20%3E

According to Mike, he’s already found over 30 bugs after just a few hours of hunting.

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php