Home MD Hacks Page 2

MD Hacks

Its been a few days since the release of: http://michaeldaw.org/md-hacks/wordpress-persistent-xss/. Other references: http://www.securityfocus.com/bid/21782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808 Time to release a proof of concept exploit for this. I am sure the crackers will already be exploiting this in the wild. If you remember from my original advisory, our attack was limited due to our attack being passed through PHPs basename function. To get around this we...

CSRF with MS Word

Update 28/11: It is interesting to note that MS Word 2003 will actually warn the user. Obviously, someone at Microsoft saw the potential for badness here. Good stuff. Microsoft Word has been plagued with vulnerabilities in the past. Therefore, mail servers often restrict email with the .doc extension. However, with applications like Microsoft SharePoint which allows sharing of content between users,...
Update: http://michaeldaw.org/md-hacks/rss-injection-in-sage-part-2/ I would often keep abreast of new vulnerabilities and exploits via my RSS feeds. Visiting page after page was just never fun. RSS allowed me to categorise, organise and track the security mayhem on the Internet. What was the point of employing a security analyst who was outdated and outgunned? I decided to play with Sage, which is a popular...
2 months ago, both pdp any myself released a vulnerability Cross Context Scripting in Sage. This issue was resolved in Sage release 1.3.7 (see: http://mozdev.org/bugs/show_bug.cgi?id=15101). I found a new vulnerability which affects the latest version, Sage 1.3.8. In addition to the XSS vulnerability, it should be noted (as in the previous vulnerability) that this issue occurs within the Local...
Updates: 20/09/07 PDPs PDF URI Parsing Vulnerability 04/01/06 New PDF Vulnerability Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDFs being BAD, however, I was unable to easily locate any practical reasons as to why. I decided to investigate this a...