exploitability
of a *potential* bug. Working exploits do.
That's it from me. I'm looking forward to seeing the RCE exploits (be it
client or server side).
Kind regards,
Gynvael Coldwind
___
Full-Disclosure - We believe in it.
Charter: http://l
43eef540d985
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Gynvael Coldwind
___
Full-Disclosu
no, you cannot attack an admin this way (unless you found some other way to
execute that script in the context of blogger.com - in such case try
reporting it again).
Cheers,
Gynvael Coldwind
On Tue, Jan 22, 2013 at 1:11 AM, ANTRAX wrote:
> I know JZ, but this vulnerability is in the
Hey,
> > Here is an example:
> >
> > An admin has a public webservice running with folders containing
> > sensitive informations. Enter these folders in his robots.txt and
> > "protect" them from the indexing process of spiders. As he doesn't
> > want the /admin/ gui to appear in the search result
Hi Kaveh,
Mario has a point. Why do you care about any bug in winhlp if by
design you can embed a DLL file in the .hlp file and run arbitrary
code?
See e.g. Wikipedia
http://en.wikipedia.org/wiki/WinHelp#WinHelp_appearance_and_features:
"A rather security critical feature is that one can also inc
Well, what can I say - your write up is accurate.
Though last time I've seen it, around 5 years ago, it was still called
DLL spoofing and not DLL hijacking, and was one of the arguments why
"carpet bombing" (automatic download) in Safair/Chrome must be fixed
:)
E.g. http://gynvael.coldwind.pl/?id=
Hey MustLive,
I'm not sure if I understood your post correctly, so please correct me
if I'm wrong.
The thing you describe sounds similar to the thing described in the
Browser Security Handbook
(http://code.google.com/p/browsersec/wiki/Part3#HTTP_authentication):
"Amusingly, its ghost still haunts
Hey,
("SEH" --> I assume we're talking MS Windows)
A debugger attached is one solution (since a debugger is notified of
an exception before SEH is executed). PyDbg seems like a good idea,
but it can be done easily using the debugger API of Win32API too (just
forward all events except exceptions t
Hi,
We've published a paper about using 1 or 4 byte write-what-where
condition to convert a custom Data-Segment Descriptor entry in LDT of
a process into a Call-Gate (with DPL set to 3 and RPL to 0).
The paper also contains information about a possible LDT redirecting
into user-land memory.
The p
Hi,
I don't think this is a new vulnerability / warning.
I saw it 3 months ago in a comment from an anonymous user (on my blog):
English translation (by me, original was in Polish):
> 2009-09-24 10:39:34: "not one but two" well actually 3 :)
> I would like to say that as far as session start goes
10 matches
Mail list logo