Comments on: CSRF with MS Word http://michaeldaw.org/md-hacks/csrf-with-msword Weekly humour Thu, 07 May 2009 20:09:50 +0000 http://wordpress.org/?v= hourly 1 By: lain http://michaeldaw.org/md-hacks/csrf-with-msword/comment-page-1#comment-48194 lain Sun, 23 Sep 2007 08:28:43 +0000 http://michaeldaw.org/md-hacks/csrf-with-msword/#comment-48194 kewl stuff , wanna try it s00n :D :D :D kewl stuff , wanna try it s00n :D :D :D

]]> By: Top Web Hacks of 2006 » Hack Report http://michaeldaw.org/md-hacks/csrf-with-msword/comment-page-1#comment-2934 Top Web Hacks of 2006 » Hack Report Tue, 02 Jan 2007 04:07:16 +0000 http://michaeldaw.org/md-hacks/csrf-with-msword/#comment-2934 [...] 1. Web Browser Intranet Hacking / Port Scanning - (with JavaScript and with HTML-only and the improved model) 2. Internet Explorer 7 “mhtml:” Redirection Information Disclosure 3. Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning 4. Web Browser History Stealing - (with CSS, evil marketing, JS login-detection, and authenticated images) 5. Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3’s) 6. Forging HTTP request headers with Flash 7. Exponential XSS 8. Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) 9. Web Worms - (AdultSpace, MySpace, Xanga) 10. Hacking RSS Feeds [...] [...] 1. Web Browser Intranet Hacking / Port Scanning – (with JavaScript and with HTML-only and the improved model) 2. Internet Explorer 7 “mhtml:” Redirection Information Disclosure 3. Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning 4. Web Browser History Stealing – (with CSS, evil marketing, JS login-detection, and authenticated images) 5. Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3’s) 6. Forging HTTP request headers with Flash 7. Exponential XSS 8. Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) 9. Web Worms – (AdultSpace, MySpace, Xanga) 10. Hacking RSS Feeds [...]

]]> By: ha.ckers.org web application security lab - Archive » CSRF with Word Part II http://michaeldaw.org/md-hacks/csrf-with-msword/comment-page-1#comment-1894 ha.ckers.org web application security lab - Archive » CSRF with Word Part II Fri, 15 Dec 2006 19:40:49 +0000 http://michaeldaw.org/md-hacks/csrf-with-msword/#comment-1894 [...] Okay, I didn’t write part I, and really didn’t even know about it until today. Although I invented something like it months and months ago. But the first person to talk about CSRF within Word was Michael Daw. Very interesting concept. In the context that I was using a similar technique I was using it primarily as a web-bug. Michael Daw’s technique is good, but I like mine better, because it’s probably as noisy, however, it leaves no visible queues to the victim. [...] [...] Okay, I didn’t write part I, and really didn’t even know about it until today. Although I invented something like it months and months ago. But the first person to talk about CSRF within Word was Michael Daw. Very interesting concept. In the context that I was using a similar technique I was using it primarily as a web-bug. Michael Daw’s technique is good, but I like mine better, because it’s probably as noisy, however, it leaves no visible queues to the victim. [...]

]]> By: david.kierznowski http://michaeldaw.org/md-hacks/csrf-with-msword/comment-page-1#comment-1470 david.kierznowski Sat, 25 Nov 2006 20:19:20 +0000 http://michaeldaw.org/md-hacks/csrf-with-msword/#comment-1470 Guys at SANS made some interesting comments regarding the article: http://isc.sans.org/diary.php?storyid=1886 Guys at SANS made some interesting comments regarding the article:
http://isc.sans.org/diary.php?storyid=1886

]]>