December 2009 Archives

Stopping the cleanfeed

If you, like me is concerned about the governments proposed cleanfeed, then TAKE ACTION.


Vote in smh's poll

Sign this petition

Add Conroy to Santa's naughty list

Write to a minister and get them to take action

Sign this petition too;

Participate in the online and offline blackout protest

Add a twibbon to your twitter avatar

Chime in at BorB, get the attention of ACS

She might be with the ALP, but she is listening. Leave a comment on kate Lundy's blog;

For further calls to action and news, stay tuned at

Check back here for some more tools and filter bypass tutorials in the new year

XSS defacement mirror

| | Comments (4)
Since appears to be out of action there seems to be a need for an active xss defacement mirror. Some alternatives exist, such as the original XSS disclosure thread on or However these two sites don't offer the ease of use that did with reporting xss.

If cannot be brought back to life, this is what I would like to see in a defacement mirror:

  • Ability to submit post and cookie data or even tamper data xml
  • Automatic screen/browser-shot of the hole
  • Some level of community control to minimize the number of holes that needs to be moderated by admins
  • Automatic notification to the domain owner using postmaster, hostmaster, abuse, etc
  • Status indicator (validated, fixed, etc)
  • Automatic submission and validation by script src=http://xss-mirror/subandvalidate.js?username or similar technique
  • Published statistics; users, vulns, fixed, etc
I understand that there might be a business model involved here and things might not turn out quite like I had wished. Hopefully someone will take up the torch and either bring xssed back to life or start a new site to fill the gap left behind.
Westpac is so far the only bank I have tested which didn't filter their search field. Needless to say the smell of an xss casualty brings the zombies around..

The hole has been patched by westpac now. The url was:,111,109,98,105,101,115,32,97,116,101,32,109,121,32,109,111,110,101,121,33%29%29%3C/script%3E&x=0&y=0

Graudit version 1.5 released

The latest version of graudit is out. Notable changes are;
        New features for server wide install
        Source distro file for package maintainers
        Signature bug fixes
        New php, python and perl signatures
        Deprecating the rough signature set
        Fixed graudit usage text
        Improved documentation
        Several color modes supported
You can obtain the latest version from the graudit download page.
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.