Home Blog Page 7

CSRF in MSWord Part II

I released CSRF in MSWord Part 1 a couple of weeks ago, where we utilise frames to backdoor Word documents. SANS Handlers commented on this find with some interesting points. RSnake decided to play a little with this idea and has published CSRF with MSWord Part II where he has...

CSRF with MS Word

Update 28/11: It is interesting to note that MS Word 2003 will actually warn the user. Obviously, someone at Microsoft saw the potential for badness here. Good stuff. Microsoft Word has been plagued with vulnerabilities in the past. Therefore, mail servers often restrict email with the .doc extension. However, with applications...
Updates: 14/05/07 Added link to new version David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3). It has not been confirmed as yet, but I believe this will affect all versions of the plugin. The...
Related articles: SQL Injection Cheat Sheet We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing. Character(s) Details NULL or null Often produces interesting error messages as the web application is expecting a value....
Related articles: Input Validation Cheat Sheet (Want to find other input validation problems?) Table of Contents Generic - Bypass Authentication Microsoft SQL Sybase MySQL Oracle PostgreSQL DB2 Ingres Bypass SQL Injection Filters References and Credits ChangeLog Date Change 09/07/07 DB2 Database SQL Injection Cheatsheet(Author: pentestmonkey.net) 09/07/07 Ingres Database SQL Injection Cheatsheet (Author: pentestmonkey.net) 13/03/07 Bypass SQL Injection Filters 03/01/06 Added some more blind SQL injection tests for MySQL (Author: jungsonn) 21/12/06 Added Concat...