[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] JavaScript Spider - Yahoo Site Explorer Spider

From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] JavaScript Spider - Yahoo Site Explorer Spider
Date: Mon, 16 Jul 2007 09:32:42 +0100

http://www.gnucitizen.org/blog/yahoo-site-explorer-spider

This simple POC uses Yahoo Site Explorer Service to craw/spider other
webistes. It is written entirely with JavaScript - no server side
support was required from my side. The POC proves once again that
Web2.0 technologies open new ways of attacking Web infrastructures.
Keep in mind that this spider is ultra fast. It does only several
connects in order to obtain the entire directory structure of the
targeted website. Also, keep in mind that it will take less then 5
minutes to make it equipped with the latest AJAX exploits. Therefore,
I am not responsible for your actions.

I am planning to write a follow up post on how we can make basic
client-side XSS scanner on the top of this spider, so stay tuned.

--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] projections - another Web2.0/Security projection
Next by Date: [WEB SECURITY] Official release of SQL Power Injector 1.2
Previous by thread: [WEB SECURITY] projections - another Web2.0/Security projection
Next by thread: [WEB SECURITY] Official release of SQL Power Injector 1.2
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site