Backdooring PDF Files

Updates: 20/09/07 PDPs PDF URI Parsing Vulnerability Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDFs being BAD, however, I was unable to easily locate any practical reasons as to why. I decided to investigate this a little further.

Hacking HomePlug Networks

I dont know whether HomePlug networks are growing in use or not, but the following statements caught my attention: Officials at Intellon, the chip maker that developed the HomePlug spec, say that hacking into a HomePlug network would require cracking the governments DES encryption standard. – link My favourite: HomePlug specification products also protect data […]

WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 (latest) WordPress is a popular open source blogging software. A persistent XSS vulnerability has been found in WordPress (to be honest I have found a few problems and hope to publish these soon). This issue […]

WordPress template.php Exploit

Its been a few days since the release of: http://michaeldaw.org/md-hacks/wordpress-persistent-xss/. Other references: http://www.securityfocus.com/bid/21782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808 Time to release a proof of concept exploit for this. I am sure the crackers will already be exploiting this in the wild. If you remember from my original advisory, our attack was limited due to our attack being passed through […]

CSRF with MS Word

Update 28/11: It is interesting to note that MS Word 2003 will actually warn the user. Obviously, someone at Microsoft saw the potential for badness here. Good stuff. Microsoft Word has been plagued with vulnerabilities in the past. Therefore, mail servers often restrict email with the .doc extension. However, with applications like Microsoft SharePoint which […]

Cross Context Scripting with Sage

Update: http://michaeldaw.org/md-hacks/rss-injection-sage-part-2/ I would often keep abreast of new vulnerabilities and exploits via my RSS feeds. Visiting page after page was just never fun. RSS allowed me to categorise, organise and track the security mayhem on the Internet. What was the point of employing a security analyst who was outdated and outgunned? I decided to […]