Thanks for reading. This blog is past and I now write at http://onhacks.org , webappsec is kind of a little drifted interest.

Answering your question, yes there were, in fact you get a lot of results by automating. You can find this implemented in tools like W3AF. =)

Make your long Urls shorter – Free Url redirection – Hide your affilate URLS

Thanks for the articles, really great stuffs. I will come and hook you guys up sometime. =)

I’m looking forward to the posts, you can write really well, and I guess I have to digest a lot of articles again. hah.

A simple research turns out some sites :

http://www.nohack.cn/bugs/
http://www.sitedir.com.cn/index.htm ( This one is really like milworm )
http://www.xfocus.net/vuls/ ( This is very well known, Kuza55 went to gave a presentation there this year in Beijing, just the 22nd Nov last month .)

Yea. What are some precautions do you think we should take to disclose responsibly our findings?

You brought up a good point. I should find the local ones. However I just discovered one sooooooooooooooooooooooooooooooooo alike of milworm, you know… *sigh* it just hurts to see so many duplicates ( triplicates! in fact ) around.

I just ran a test using some dodgy javascript:
javascript:for (i=0;i<100;i++) {document.cookie = i+”=123″;} alert(document.cookie);
And it still seems to be 50 (cookies 50-99 remain)

Sure, hit me up some time, me and some other smart people are usually on irc.irchighway.net #slackers, or just email me or whatever I’ll post my slides from xcon soon as well…

Yep. I know of the gflags. That was something I didn’t use though, but I’ll be testing another. Those are good things along with a lot of tools Microsoft develoeped.

That is a DoS, by flooding the program with arbitrary client requests. Unfortunately, I haven’t locate any user-input buffers ( well, I have the source code =) )