-
XSS in ISP ad page allows compromise of any website
"When users visit a website like Wired.com, the DNS system maps the domain name into an IP address such as 72.246.49.48. But if a particular site does not exist, the DNS server tells the browser that there's no such listing and a simple error message should be displayed. But starting in August 2006, Earthlink instead…
-
DNS lords expose netizens to ‘poisoning’
"More than a decade after serious holes were discovered in the internet's address lookup system, end users remain vulnerable to so-called domain name system cache poisoning, a security researcher has warned. Developers of the software that handles DNS lookups have scrambled to patch buggy code that could allow the attacks, but not to the satisfaction…
-
Web developers, fix thy Flash
"While software makers have taken steps to close the security holes, Web site owners continue to host older files created by older authoring programs that are vulnerable to cross-site scripting (XSS) attacks, Rich Cannings, information security engineer of search giant Google, told security professionals attending the conference on Wednesday. Using a specially-crafted Web address, an…
-
Microsoft admits it knew about, didn’t patch, bugs
"Microsoft Corp.'s security team today acknowledged that it knew of bugs in its Jet Database Engine as far bask as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors. A researcher at Symantec Corp. said Microsoft should have fixed the flaws years ago. In a post to…
-
PHPBB flaw used to infect infect 200,000 websites with pr0n, fake trojan codec
"Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack.. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages…
-
Antivirus Vendor TrendMicro Has Website SQL Injected, Malware Uploaded
TrendMicro had its website sql injected and malware uploaded. A simple google search for 'fuckjp.js' shows trendmicro listed. "A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site — some pages were attacked," said Mike Sweeny, a…
-
ActiveX Vulnerability Pwns MySpace, Facebook users
"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites, " said Rachwald. "The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able…
-
Thread: Attacking Upload forms
Someone posed the question in a pen-test thread titled 'Malicious file upload in .JPG or GIF format' of how to pen test logins forms. While this isn't a new subject people are still asking the question and this is a decent thread to learn about the subject. Thread Link: http://archives.neohapsis.com/archives/sf/pentest/2008-02/thread.html#102
-
Mozilla Dismisses New Firefox Flaw Warning
"Mozilla chief evangelist Mike Shaver says the latest Firefox information leakage bug warning is exaggerated. Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver. Shaver's sharp retort follows the release of an advisory by hacker Ronald van…
-
Mystery web infection grows, but cause remains elusive
"Five days ago, we wrote about the infection of several hundred websites that was unlike anything seasoned researchers had seen before. Mary Landesman, a cyber gumshoe who first brought it to public attention, asked for help from other security pros in figuring out how the unusual new technique worked. And help is what many of…
-
Worst Windows bug ever? Remote Command Execution in Windows TCP/IP stack leads to kernel level access
What we've been waiting for has finally been published. A remote command execution flaw in the windows tcp/ip stack yielding kernel level access in all versions of windows. From microsoft's advisory "This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could…
-
XSS Vulnerabilities in Common Shockwave Flash Files
Rich Cannings has published an advisory on the Web Security Mailing List describing a flaw on common flash authoring tools allowing for XSS. From his advisory "THE PROBLEM Many web authoring tools that automatically generate SWFs insert identical and vulnerable ActionScript into all saved SWFs or necessary controller SWFs (think of tools that "save as…
-
IsecPartners Molests Flash, Adobe in therapy
"Researchers from Google and a well-known security firm have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors. The security bugs reside in Flash applets, the ubiquitous building blocks for movies and graphics that animate sites across the web. Also…
-
Cross-build injection attacks
" Injection-based attacks have proven effective, yielding access to private data or possible control over a compromised machine. Software vendors are in a continual race to fix the holes that allow these attacks to succeed. But what if a hacker could inject malicious code when a program is actually compiled and created? Unfortunately, with the…
-
Loophole in Windows Random Number Generator
"The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000,…
-
Website CAPTCHA only as good as the porn offered to break it
"The Captcha Trojan disguises itself as a stripper game that offers voyeurs the chance to see images of a model getting undressed. In order to get "Melissa" to lose an item of clothing, the user must identify the letters or numbers found within a scrambled text image that forms the basis of a captcha (Completely…
-
Google Fixes Gmail Cross-site Request Forgery Vulnerability
"Google has fixed a vulnerability in their Gmail web based email service which would have allowed internet attackers to steal mail messages from users without being noticed. The attack works by forcing a logged-in user to add a mail filter to their Gmail account, thereby allowing their mail to be forwarded to an external mail…
-
New security flaw found in Microsoft’s MFC library
"A new moderately critical vulnerability has been reported that affects two application programming interfaces (APIs) used in Windows XP. The flaw is in the MFC42 and MFC71 libraries that together handle searches across the Windows file system. These interfaces are used by applications that were developed using the Microsoft Foundation Classes libraries, an older set…
-
Uninformed Journal Release Announcement: Volume 8
"Uninformed is pleased to announce the release of its eighth volume. This volume includes 6 articles on a variety of topics:" Real-time Steganography with RTP PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3 Getting out of Jail: Escaping Internet Explorer Protected Mode OS X Kernel-mode Exploitation in a Weekend A Catalog of Windows Local…
-
Second life URI Handler vulnerability
PDP has a good example of when the non web world can be exploited by web world functionality. In his writeup he described how second life's URI handler can be used to steal the encrypted password hash that can be replayed and used to login to a users account. "Keep in mind that most attacker…
-
Microsoft Release 4 Security Fixes
"Microsoft Corp. released four software patches Tuesday to fix security flaws, including one that could allow hackers to take over computers running the company's instant messaging programs. Only one of the flaws carried the company's most severe "critical" rating, but it only applies to the Windows 2000 operating system. To be affected, users would have…
-
Apache 1.3.39, 2.0.61, and 2.2.6 Released to Address XSS Vulnerability in mod_status
A XSS vulnerability has been discovered in apache. "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection"…
-
Why bug hunt should be for sale
"As the director of strategy for online auction Web site WabiSabiLabi (WSLabi), Preatoni hopes to redefine the role of hackers from one that is out to destroy the intellectual property others create, to one that can contribute positively to the field of Internet security. Also the CEO of Domina Security and founder of cyber crime…
-
JSON, Ajax & Web 2.0: Sounds like a classical reinvention, but this volatile trio opens the door to serious vulnerabilities
"Now that Web 2.0 hype is at full tilt, much ado's being made over Ajax framework vulnerabilities and other new-fangled bugs. A prime example of this phenomenon is the spectacular Javascript hijacking vulnerability discovered by Fortify Software (login required). Every security bug like this deserves some ink, but too much focus on bugs may cause…
-
JSON, Ajax & Web 2.0: Sounds like a classical reinvention, but this volatile trio opens the door to serious vulnerabilities
"Now that Web 2.0 hype is at full tilt, much ado's being made over Ajax framework vulnerabilities and other new-fangled bugs. A prime example of this phenomenon is the spectacular Javascript hijacking vulnerability discovered by Fortify Software (login required). Every security bug like this deserves some ink, but too much focus on bugs may cause…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack