Archive for November, 2006
CSRF with MS Word
Update: 15/12:
CSRF in MS Word part II
Update 28/11:
It is interesting to note that MS Word 2003 will actually warn the user. Obviously, someone at Microsoft saw the potential for badness here. Good stuff.
Microsoft Word has been plagued with vulnerabilities in the past. Therefore, mail servers often restrict email with the .doc extension. However, with applications [...]
Browser Referrer Insecurities
HTTP is the application-layer protocol that most web pages are transferred with. As part of HTTP, requests can include a “Referer” (sic) header that tells the server which page the user was on that initiated the request. Servers use this information to track users’ paths through the site and possibly provide additional features. This preference [...]
Load Balancer Enumeration
Load Balancer Enumeration
author: david.kierznowski_at_gmail.com
http://michaeldaw.org
Table of Contents:
0. Introduction
1. Dynamic DNS
2. Proxies
2a. Cookie Analysis
2b. Web Server Configuration issues
2c. Using the TCP/IP Stack
2d. Using HTTP Date: field
3. References
0. Introduction
Load balancing (performed by a load balancer) is a type of service performed by a computer that assigns work loads to a set of networked computer servers in such a [...]
WordPress Securify
Update: 17/Jan/06 – WordPress Securify Plugin Released.
Update: 18/Nov/06 – Wordpress Securify v1.0b released
Changes include:
- Added Pre-Check functions to prevent overwriting important values.
- Added file/directory permission check
- Added function to change filenames with wp- extension.
- Added additional sanitity checks.
On the 11/11/06 _ANtrAX_ released a post on full-disclosure regarding a “Remote File Inclusion” vulnerability in WordPress [...]
Georgi Guninski Retires
Georgi Guninski sent an email to Full Disclosure today, claiming that he will be retiring from the public security scene.
Pre-meditating the question of why, he writes, “if one needs to ask for a reason: got old, got somewhat tired.”
Georgi has made excellent contributions to the security community for some time now. He has released loads [...]
