Comments on: Exploit-Me Firefox XSS and SQL scanning addon http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/ Fresh hacks every day Tue, 24 Nov 2009 00:09:23 +0000 http://wordpress.com/ hourly 1 By: dan sinclair http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/comment-page-1/#comment-36976 dan sinclair Mon, 16 Jun 2008 16:49:12 +0000 http://hackaday.iheartcashews.com:8181/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/#comment-36976 @sb: All of the tools are open sourced so if you're concerned with malicious activity you're free to audit the tools as you want. We've been careful to remove anything that might be thought to track people. That's why we don't have any of the XSS attacks that reference external .js files included by default.<br><br>@hali: Out of curiosity, where did you download the .xpi file from? Are you trying to say that running the xpi added a file to your desktop or it somehow downloaded a secondary file?<br><br>The Exploit-Me files are .xpi files. They aren't exe's. They only run within Firefox. @sb: All of the tools are open sourced so if you’re concerned with malicious activity you’re free to audit the tools as you want. We’ve been careful to remove anything that might be thought to track people. That’s why we don’t have any of the XSS attacks that reference external .js files included by default.

@hali: Out of curiosity, where did you download the .xpi file from? Are you trying to say that running the xpi added a file to your desktop or it somehow downloaded a secondary file?

The Exploit-Me files are .xpi files. They aren’t exe’s. They only run within Firefox.

]]> By: Hali http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/comment-page-1/#comment-36975 Hali Sun, 15 Jun 2008 01:59:43 +0000 http://hackaday.iheartcashews.com:8181/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/#comment-36975 Beware, when I clicked the link to download this firefox plug-in, it dumped a file called "xm86zte5.exe" on my desktop. I purged the file immediately. Not sure what it does but that was unexpected behaviour. This may be a malicious site. Beware, when I clicked the link to download this firefox plug-in, it dumped a file called “xm86zte5.exe” on my desktop. I purged the file immediately. Not sure what it does but that was unexpected behaviour. This may be a malicious site.

]]> By: John Berube http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/comment-page-1/#comment-36974 John Berube Sat, 14 Jun 2008 17:09:30 +0000 http://hackaday.iheartcashews.com:8181/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/#comment-36974 @SB: Well you can download the source @SB: Well you can download the source

]]> By: Nick Fury http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/comment-page-1/#comment-36973 Nick Fury Sat, 14 Jun 2008 15:45:11 +0000 http://hackaday.iheartcashews.com:8181/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/#comment-36973 I saw Dan present this at CarolinaCOn this past year along with a friend of his named Sahba (I hope I spelled that right). It was a really interesting concept and led to some great questions from the audience. I saw Dan present this at CarolinaCOn this past year along with a friend of his named Sahba (I hope I spelled that right). It was a really interesting concept and led to some great questions from the audience.

]]> By: ~SB http://hackaday.com/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/comment-page-1/#comment-36972 ~SB Sat, 14 Jun 2008 13:54:48 +0000 http://hackaday.iheartcashews.com:8181/2008/06/14/exploit-me-firefox-xss-and-sql-scanning-addon/#comment-36972 are these safe,<br>i mean no malicious activity in the background... are these safe,
i mean no malicious activity in the background…

]]>