[Full-disclosure] cURL/libcURL Arbitrary File Access

cURL/libcURL Arbitrary File Access Release date: 03/Jan/2009 CVE: CVE-2009-0037 Quote from: http://curl.haxx.se/libcurl/: "libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS and FILE." This vulnerabilit

[Full-disclosure] Livelink UTF-7 XSS Vulnerability

Release date: 31/Jan/2008 Last Modified: N/A Author: David Kierznowski http://withdk.com Application: Linklink <= 9.7.0 Risk: Medium Full details of advisory available here: http://www.withdk.com/2008/01/31/livelink-utf-7-xss-vulnerability/ ___ F

[Full-disclosure] Hijacking Feeds with Feedburner

The famour Feedsmith Feedburner plugin is vulnerable to a CSRF attack that can allow an attacker to completely hijack blog feeds. Google responded quickly, and a fix is available. The advisory includes a proof of concept exploit: http://blogsecurity.net/wordpress/feedburner-feed-hijacking/ -- D

[Full-disclosure] Testing from thr browser

Technika is a Firefox plugin that myself and pdpwas toying with some months back. The original idea behind this project was to provide independent self-contained security tools based on J

[Full-disclosure] WordPress wp-feedstats persistent XSS

A persistent XSS vulnerability was found in wp-feedstats < 2.4 by David Kierznowski <http://gnucitizen.org/about/dk> of GNUCITIZEN. Details: http://blogsecurity.net/wordpress/news-260707/ ___ Full-Disclosure - We believe in it. Char

[Full-disclosure] WordPress Community Vulnerable

RE: WordPress Community Vulnerable Check out a recent survey of 50 WordPress blogs conducted at blogsecurity.net: http://blogsecurity.net/wordpress/articles/article-230507/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-

[Full-disclosure] One worm to rule them all

WordPress Adsense Deluxe Vulnerability This vulnerability reminds me of the the old Hacker movies, where a worm is released that steals random pennys from unsuspecting victims. This vulnerability is the closest I have seen to this scenario. See: http://michaeldaw.org/alerts/alerts-200507/ __

[Full-disclosure] WordPress 2.1.3 Akismet Vulnerability

David Kierznowski <http://michaeldaw.org/alerts/alert-140507/> of Operation n <http://michaeldaw.org/> has discovered a serious flaw in the Akismet<http://akismet.com/>anti-spam plugin that comes *by default* with the latest version of WordPress (2.1.3)<http://wordpress.org

[Full-disclosure] Michael Daw Anthology Award

michaeldaw.org is pleased to announce the first "Michael Daw Anthology" award. For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host othe

Re: [Full-disclosure] Anti-Virus vendors prove less-effective

How can these people put out a good product against scripts where you can > change anything and it will still work! > > On 4/24/07, David Kierznowski <[EMAIL PROTECTED]> wrote: > > > > Web Backdoor Compilation along with Dancho Danchev AV research has proven > > how

[Full-disclosure] Anti-Virus vendors prove less-effective

Web Backdoor Compilation along with Dancho Danchev AV research has proven how less-effective many of these products are when detecting web malware. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, thi

Re: [Full-disclosure] WordPress Persistent XSS

Deepan, Please see my most recent post: http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/ David On 30/12/06, Deepan <[EMAIL PROTECTED]> wrote: > On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote: > > Vulnerability Title: WordPress Persistent XSS &g

[Full-disclosure] WordPress template.php Exploit

Its been a few days since the release of: http://michaeldaw.org/md-hacks/wordpress-persistent-xss/. Other references: * http://www.securityfocus.com/bid/21782 * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808 Time to release a proof of concept exploit for this. I am sure the crackers wi

[Full-disclosure] WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 (latest) See homepage for more details. WordPress was contacted: 26/12/06 22:04 BST Reply received: 27/12/06 06

[Full-disclosure] Web Backdoor Compilation

I have collected some WEB backdoors in the past to exploit vulnerable file upload facilities etc. and have packaged them up. I think a library like this may be useful in a variety of situations. Interested parties can find version 1 of the package here: http://michaeldaw.org/projects/web-backdoor-

[Full-disclosure] Hacking HomePlug Networks

"HomePlug specification products also protect data by utilizing powerful DES encryption, which makes hacking into a HomePlug network virtually impossible." I spent an amusing hour looking into this. Details at: http://michaeldaw.org/md-hacks/hacking_homeplugs/ ___

[Full-disclosure] CSRF with MS Word

CSRF with MS Word Our attack vector is found in exploiting MSWord's frame capabilities: By creating malicious frames in a document and pointing them to a malicious URL, we can exploit multiple, persistent (well almost, this is limited) CSRF vulnerabilities (and possibly the browser). See: http://

Re: [Full-disclosure] retiring from public security stuff

http://michaeldaw.org/news/news-121106-0/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RSS Injection in Sage part 2

RSS Injection is Sage part 2 2 months ago, both pdp and myself released a vulnerability and proof of concept exploit for Sage. (see: http://michaeldaw.org/md-hacks/cross-context-scripting-with-sage/). This issue was resolved in Sage release 1.3.7 ( http://mozdev.org/bugs/show_bug.cgi?id=15101). I

[Full-disclosure] JavaScript Web Ping Tool

JavaScript Web Ping Author: david.kierznowski_at_gmail.com http://michaeldaw.org The Idea: 1. We setup an Iframe 2. We dynamically load our target address with a timeout 3. If the document is loaded, we flag the host as being up. 4. If the host is down, the timeout is reached and we flag the host

[Full-disclosure] JSEScanner

JavaScript External File Scanner (JSEScanner) Author: david.kierznowski_at_gmail.com http://michaeldaw.org JSEScanner uses the JavaScript External File facility to access remote devices. It requests a specific JavaScript file which can then be used to fingerprint the remote web server type and pos

[Full-disclosure] ASP Auditor Beta 2 Released

ASP Auditor v2 BETA Author david.kierznowski_at_gmail.com http://michaeldaw.org Purpose: Look for common misconfigurations and information leaks in ASP.NET applications. This tool is based on H D Moore's Dot Net Application Scanner Author: H D Moore URL: http://www.digitaloffense.net/index.html?s

Re: [Full-disclosure] Backdooring PDF Files

I installed 7.0.8 (latest version) for testing. If the document is loaded from the browser you receive no warning. v7.0.8 seems to warn the user if the document is loaded from the desktop. I think this has to do with different Adobe contexts. -- David Kierznowski On 13/09/06, pdp (architect

[Full-disclosure] Backdooring PDF Files

Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDF's being "BAD", however, I was unable to easily locate any practical reasons as to why. I decided to investigate

[Full-disclosure] ASP Auditor v1.0 BETA released

ASP Auditor v1.0 BETA Author: David Kierznowski (david.kierznowski_at_gmail.com) http://michaeldaw.org/ The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers. Usage: $ ./asp-audit.pl ASP Audit v1.0 (BETA) [ [EMAIL PROTECTED] ] Usage: ./asp-audit.pl (opts

[Full-disclosure] XSSing the Government

XSSing the Government Today, Michael Daw explores a fictional scenario of how terrorist cells used XSS to hack into government agencies. --snip Terrorists had found a way to track government intelligence agencies and gain access to highly protected computers using Cross Site Scripting attacks. -

[Full-disclosure] Whitepaper: Awakening the Sleeping Giant v1.0

Awaking the Sleeping Giant v1.0 Demystifying Cross Site Scripting Attacks Author: David Kierznowski (david.kierznowski_at_gmail.com) This paper attempts to demystify and categorise current XSS entry nodes, attack capabilities and trends. XSS attacks are gaining popularity quickly. There are