My ekoparty.org [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make it . What is this paper about: Input validation attacks and memory corruption attacks are common, and the criticality of finding a DOS attack on a service like HTTP is consider a lot critical considering the attack surface and easiness of attack. Even if we could trigger an exception in an ...
On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter Translation Center. While checking the service I landed up on the "Accounts Settings" page which looked like this. So we've two options here, first one toggles the Twitter Badge setting on Twitter.com and second one toggles the badge related notification. POST request ...
Updated 10-20-2012 at 11:20 AM by prakhar
Before we begin , a few terminologies that we should be familiar with. An Oracle is just a theoritical black box in Cryptography which responds to queries that an Adversary sends. For Example , a random Oracle would select and send a truly random value from a uniform distribution for each query that the Adversary sends to it. Propery implemented Crypto primitives behave like random Oracles ie even though the attacker intercepts any number of ciphertexts, he wont be able to derive any information ...
Updated 10-10-2012 at 03:02 PM by sebas_phoenix
Originally Posted by ajaysinghnegi # Vulnerability Title: Secondary Email Addition & Deletion Via Click Jacking in Linkedin # Website Link: [Tried on Indian version] # Found on: 06/08/2012 # Author: Ajay Singh Negi # Version: [All language versions would be vulnerable] # Tested on: [Indian version] # Reported On: 07/08/2012 # Status: Fixed # Patched On: 10/09/2012 # Public Release: 15/09/2012 Summary A Clickjacking vulnerability ...
Around half dozen XSS vulnerabilities were found on three subdomains of Symantec Corp. by me http://clientui-kb.symantec.com http://sfdoccentral.symantec.com http://engweb.symantec.com All the reported vulnerabilities have ...
hii their this is ma first post on sql injection attacks hope its useful im $k2$ -A.K.A d@rK @nGel __________________________________________________ __________________________________________________ __________________________________________________ _________________ ################################################## ########################### ################################################## ########################### ...
Originally Posted by [s] Supb Guys , Year ago i seeking Bugs in Google Applications. I found one bug which is already know to Google , in fact Google added this vulnerability to make fool (Newbies). After a long time waiting , i have deiced to release it ! Code: Fake Vuln URL : https://www.google.com/appserve/security-bugs/new?rl=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E Google used common payload to make fool ! It was wired for me when i use alert(1) , it was popping 41 As ...
Fake Vuln URL : https://www.google.com/appserve/security-bugs/new?rl=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E
This is the fifth post in the series of Teensy USB HID for Penetration Testers. Sorry for the gap between this and the last post (almost three months). I was not sitting idle though, I released Nishang in between and there is a new and shiny version of Kautilya is out Let us have a look at some advanced payloads in Kautilya. Hashdump This payload could be used to dump password hashes from Windows 7 machine. To use this payload, you have to upload ...
This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept of the talk was demonstrating attacks on WebApplications via scripting engines. In a common Webapp test we manipulates Input , that a common end user controls and check for responses from the app. But since these data passed are processed by the PHP,ASP engines that are used to build these apps. We ...
I stopped blogging when I realized that the articles I put up here could be turned into papers and I could use that to speak at conferences[#travel-the-world #meet-people ] . And therefore frequency of my blogging came down. Anyways this a real incident that happened to me yesterday, not much of technical content but a good read if you'r interested in physical security devices. I Was trapped between two RFID doors for 5 long hrs without my access cards yesterday and I finally broke ...
Recent Comments
