Our blog
The application that echoes the Referer header is vulnerable to cross-site scripting. And it is perfectly exploitable. Here is how:
Suppose we have an application that generates a "Back" link from Referer header (let's call it vulnerable.php):
<?php
echo '<a href="';
echo $_SERVER['…
October 21, 2010 | by alla
Microsoft Detours library can be used to attach a hook to system functions invoked by Windows programs. You can write an arbitrary code which will get invoked when a program tries, for example, send something over SSL, or get a current timestamp, and handle it as it pleases you instead of (or in…
October 18, 2010 | by abb
Recently I have spent some time trying to mess up a routing table of Linux appliance to trick it into leaking out certain network traffic I was interested in. In theory it looked reasonably simple, but not quite so in practice. While trying to screw up the appliance I have learned a couple of new…
October 18, 2010 | by abb
An application I have recently tested had cross-site request forgery protection implemented throughout - every single form or link with parameters had an additional parameter with a value derived from the session id. When the form is submitted or the link is clicked, before any other processing,…
September 24, 2010 | by alla
Well, MagicTree is written in Java, so in theory we shouldn't need to port anywhere. But, as they say, "In theory, theory and practice are the same. In practice, they are not." Actually most things worked without any porting, which is a good thing. Still, a few things had to be done.
To get more…
September 22, 2010 | by alla
Just came across a nice tool to display NIC statistics, it is called capstats. Capstats is much less CPU intensive that iptraf, so it can be run along with hping3 to monitor its performance.
Example from capstats's website:
>capstats -i nve0 -I 1
1186620936.890567 pkts=12747 kpps=12.6 kbytes=…
September 14, 2010 | by abb
I was looking for a way to calculate the probability of success of the cache poisoning attack against a DNS server implementing source port randomization. This paper describes the methodology. There are a few questions I don't have an answer for yet.
1. When I try to reproduce their results (Table…
September 14, 2010 | by abb
Some time ago I had to port scan a network which happend to be mostly filtered out and in general rather scarcely populated. When I have started the port scan I had realized that my uplink connection regularly suffers from packet loss as high as 20% and there was no way to fix it in a foreseeable…
September 12, 2010 | by abb
There is a couple of issues with TLS/SSL renegotiation vulnerability in the context of HTTPS protocol, which appear not to have made their way to the public.
1. Plain text prefix injection is not the only risk. The original advisory [1] mentions the possibility of "forwarding and repurposing of…
September 12, 2010 | by abb
I often thought it would be nice to be able to execute shell scripts line by line, like in gbd or perl debugger. Today I have actually tried to find one and of course some nice people have already made it. Bashdb looks and feels similar to gdb -- exactly like I wanted it.
September 6, 2010 | by abb
Contacts
+32 (0) 2 215 53 58
Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.