Firefox suffers from a design flaw that can be used to confuse casual
users and evoke a false sense of authority when visiting a fraudulent
website. The flaw can be also used to bypass a fix for an old UI spoofing
bug that was thought to be addressed. This is a relatively minor issue,
but I thought
> Paul, if you find a way to get something to execute an eval() with data that
> you control, and all you can get out of that is an information disclosure,
> you *really* need to find a new line of work.
Valdis, its javascript, as in client side, if you want to eval()
something on your machine, us
--On March 10, 2007 11:37:25 PM -0500 [EMAIL PROTECTED] wrote:
Yeah, a 404 page controlled by the server might just be too chatty and
give away info - but if you can control the input that creates the 404
page, it gets more interesting...
You can't be serious. I can "control" a server and "for
On Sat, 10 Mar 2007 16:33:21 CST, Paul Schmehl said:
> In addition to true and
> > false, try 3, 0 , -37, "Cabbage", and maybe "true) and
> > (my_evil_function()))". See if you can force it to throw a syntax error
> > that creates a 404 page or something that contains *other* input you
> > contro
Immunity canvas and core impact could make alot from this selling site ;)
On 3/10/07, kingcope <[EMAIL PROTECTED]> wrote:
Hello List,
This is Kingcope. We now have our Exploit selling site
up and running. On www.com-winner.com you can purchase
quality advisories and exploits. Feel free to
Hello List,
This is Kingcope. We now have our Exploit selling site
up and running. On www.com-winner.com you can purchase
quality advisories and exploits. Feel free to contact
our sales person for getting the latest Zero-Days.
Best Regards,
kingcope
com-winner.com Research Team
Sorry, I didn't mention this in my original reply, if you type the
variable name into google you'll get several hits from the wiki software
they use, appearantly it used to be considered a security hole by the
authors of the software if the wiki was embedded in another frame, so
thats what that che
Hey Andrew :)
Corrected the blog entry, Thanks for your email...
Also added "jf at danglingpointers dot net" ... since he was the first to reply.
I hope this is just a bug, probably something that could cause minimal damage
and not a vulnerability.
Cheers :)
Kish
Andrew Farmer <[EMAIL PROTECT
3APA3A wrote:
> And now is most exciting: Users have permission to create files in this
> directory, that is pre-open attack is possible.
holy %&[EMAIL PROTECTED] you're right:
D:\WINDOWS\security\templates>more "setup security.inf" | findstr /r /i
"\"
"d:\windows\temp", 2,
"D:P(A;CI;0x10002
--On March 10, 2007 4:51:51 PM -0500 [EMAIL PROTECTED] wrote:
On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:
Given the syntax of this function, wgBreakFrames can only have one of
two values: true or false.
I'd be interested to see some POC that would show how you would exploit
this.
Th
On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:
> Given the syntax of this function, wgBreakFrames can only have one of two
> values: true or false.
>
> I'd be interested to see some POC that would show how you would exploit
> this.
The first thing to do is abuse the variable. In addition to
On 10 Mar 07, at 09:23, Scarlet Pimpernel wrote:
> Hello all,
>
> There is an undefined function in OWASP website's javascript code
> (wikibits.js)
> called wgBreakFrames. This can cause potential damage to the site
> if used maliciously.
>
...
> if (wgBreakFrames) {
...
First of all, that's a
Dear Thor (Hammer of God),
You are wrong at least for Windows XP/2003. There is a common temporary
directory
%WINDIR%\Temp
It's used as a %TEMP% if application is launched without local logon,
e.g. system service.
For example, services launched with LocalSystem account will have this
--On March 10, 2007 9:23:45 AM -0800 Scarlet Pimpernel
<[EMAIL PROTECTED]> wrote:
Hello all,
There is an undefined function in OWASP website's javascript code
(wikibits.js)
called wgBreakFrames. This can cause potential damage to the site if
used maliciously.
http://www.owasp.org/skins/common
> if (wgBreakFrames) {
thats a variable, not a function; even if it were a function, i dont think
it would make any difference- im not a javascript/xss expert, but id think
youd have to inject js into the page to do anything with it, which would
make it a moot point. If you look at your js console
Hello all,
There is an undefined function in OWASP website's javascript code (wikibits.js)
called wgBreakFrames. This can cause potential damage to the site if used
maliciously.
http://www.owasp.org/skins/common/wikibits.js
start of code:
if (wgBreakFrames) {
// Un-trap us from framesets
if (w
Two things regarding this ongoing (civil) flame war:
1. I was wrong about most versions of Linux having the same inheritance
behavior as Windows. Dead wrong. And several people have wrote to
correct me. Thank you. The search for truth is more important than my
ego. Before I wrote that statement,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1265-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
March 10th, 2007
Hello Stefano,
first of all. I am not angry at you, although my mail might have sounded
so, but at the people that deserve it.
The fault of the PHP Security Response Team is not yours. They are the
ones that give credit to the wrong persons.
Luckily after 2.5 years they fixed that issue (or atlea
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200703-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Hi Stefan,
first of all let me say i come in peace :)
Il giorno sab, 10/03/2007 alle 15.17 +0100, Stefan Esser ha scritto:
> Hello,
>
> > PHP import_request_variables() arbitrary variable overwrite
> > Date -1;-1; 20060307
> I believe all dates in the advisory contain the wrong
Stefan Esser wrote:
> Taking into account that the vulnerability you describe is fixed in
> Hardened-PHP for years and that there is also a protection against this
> in the Suhosin Extension you can be sure that this NOT a new
> vulnerability (and that you are not the first one who found it...)
no
Hello,
> PHP import_request_variables() arbitrary variable overwrite
> Date 20060307
>
I believe all dates in the advisory contain the wrong year...
> III. ANALYSIS
>
> import_request_variables() is not new to vulnerabilities: consider this
> change log entry for 24 Nov 2005, PHP
Hello lists, hello Roger. It's me again.
Sorry for annoyance, but there is one more attack vector with pre-open
files I meant, but forgot to mention. It seems dangerous enough and need
to be investigated for different applications. It's theoretical attack
against application relying on mandat
24 matches
Mail list logo