Home Blog Page 9

Backdooring PDF Files

Updates: 20/09/07 PDPs PDF URI Parsing Vulnerability 04/01/06 New PDF Vulnerability Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDFs being BAD, however, I was unable to easily locate any practical...

ASP Auditor v2 BETA

ASP auditor v2 BETA Author david.kierznowski_at_gmail.com http://michaeldaw.org purpose: Look for common misconfigurations and information leaks in ASP.NET applications. # Changelog: # --v2.2-- 20/Apr/07 # * Added additional support for Anti-XSS Validation detection. # * Added ASP Source Directory Leak Check # * Added Apr/07 ASP.NET Validation Bypass Check # # --v2.1-- 25/Sep/06 # * GET /Trace.axd often leaks ASP.NET version when...
pagvac from ProCheckUp released an advisory on how to bypass ASP.NET XSS validation. This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp. Proof of Concept: Alert box injection - simply provided for testing...
Introduction WordPress has become one of the most popular blogging packages on the Internet; this is largely due to its ease of use and its object oriented design which allows the user to easily extend its capabilities in the form of WordPress Plugins. Unfortunately, “ease of use”, and “security” are to...

Michael Daw Anthology

michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award. For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related...