Web2.0HDB
Web2.0HDB (Web2.0 Hacking Database) is the GNUCITIZEN initiative to collect and organize the vast majority of Web2.0 services which features can be abused by hacker activities.
Web2.0 has become the mainstream way for communicating, interacting, socializing and establishing networks on-line. However, there are hidden dangers web service vendors fail to realize and to take responsible actions for. The GNUCITIZEN group is prepared to take that role by providing an early warning system for monitoring the global Web2.0 landscape for the unexposed threats.
The main purpose of Web2.0HDB is to list the various Web2.0 services and provide a brief description on their usage and in what way they can be abused. The system is intended for security professionals, developers and service vendors, but in general it could prove to be useful to general users as well.
Web2.0HDB can be accessed in machine readable format by consuming the service RSS and ATOM feed. The database is maintained by the GNUCITIZEN Web2.0 security group although everyone is welcome to contribute. You can submit new database entries by using the form located bellow. Your submission will be moderated in order to provide the best possible quality of service, although you will be still credited for your findings. The top contributers have the chance to become part of the GNUCITIZEN Web2.0 security group and be involved with other open source and commercial projects.
Palary Browser
Attackers, can abuse the service to fetch arbitrary html pages by using a request similar to the following:
The output of the request is a dynamically generated JavaScript file which upon execution makes call to the page_loaded method to deliver the requested page source code.
This service can be used by attackers to perform port scans and spider arbitrary pages, circumventing the browser same origin policies.