Home Blog Page 8
Update: http://michaeldaw.org/md-hacks/rss-injection-in-sage-part-2/ I would often keep abreast of new vulnerabilities and exploits via my RSS feeds. Visiting page after page was just never fun. RSS allowed me to categorise, organise and track the security mayhem on the Internet. What was the point of employing a security analyst who was outdated and...
2 months ago, both pdp any myself released a vulnerability Cross Context Scripting in Sage. This issue was resolved in Sage release 1.3.7 (see: http://mozdev.org/bugs/show_bug.cgi?id=15101). I found a new vulnerability which affects the latest version, Sage 1.3.8. In addition to the XSS vulnerability, it should be noted (as in...
Some had a good nights sleep last night. Generally it will be those who heeded our suggestions given last year September with Backdooring PDF Files, while others most likely didnt get any sleep at all. I woke up this morning and started getting ready for work. As usual, I turned...

Backdooring PDF Files

Updates: 20/09/07 PDPs PDF URI Parsing Vulnerability 04/01/06 New PDF Vulnerability Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDFs being BAD, however, I was unable to easily locate any practical...

ASP Auditor v2 BETA

ASP auditor v2 BETA Author david.kierznowski_at_gmail.com http://michaeldaw.org purpose: Look for common misconfigurations and information leaks in ASP.NET applications. # Changelog: # --v2.2-- 20/Apr/07 # * Added additional support for Anti-XSS Validation detection. # * Added ASP Source Directory Leak Check # * Added Apr/07 ASP.NET Validation Bypass Check # # --v2.1-- 25/Sep/06 # * GET /Trace.axd often leaks ASP.NET version when...