ush.it - a beautiful place

Clientside security: Hardening Mozilla Firefox

July 25, 2007 at 9:55 pm - Filed under Reports, Language EN - 652 words, reading time ~2 minutes - Permalink - Comments

I'm sure you have already heard of the many external protocol handling vulnerabilities that hitted Firefox lately. Normally on this site you read about "in-security", this article is a little exception since it contains some tips that anybody can adopt to harden his preferred http/https client, also named Mozilla Firefox, thought the about:config interface.

Flash Player/Plugin Video file parsing Remote Code Execution

July 13, 2007 at 5:28 pm - Filed under Insecurity, Language EN - 216 words, reading time ~0 minutes - Permalink - Comments

Stefano Di Paola with contribution from Giorgio Fedon (both from a brand new security research company, MindedSecurity) and Elia Florio have just released the details about a Remote Code Execution flaw in Flash Plugin 9 independent from the OS. Parsing a flv with adobe flash player it's possible to trigger an exploitable integer overflow.

XSS Cheat Sheet: two stage payloads

June 27, 2007 at 12:34 am - Filed under Hacks, Language EN - 2093 words, reading time ~6 minutes - Permalink - Comments

When exploiting XSS holes often you find yourself working around size/length and characters limitations. To avoid this type of problems a technique called "two stage payloads" comes to help. It's generally used when exploiting memory management vulnerabilities but applies to the XSS world too. The very basic idea is to have the payload divided in two parts: one that has to be injected in the entry point (PAY_ENTRY) and one that contains the actual data (PAY_DATA).

XSS Cheat Sheet: non repeating payloads

January 26, 2009 at 12:40 pm - Filed under Hacks, Language EN - 206 words, reading time ~0 minutes - Permalink - Comments

We always try to add something on topics discussed in old articles, if you liked XSS Cheat Sheet: the PLAINTEXT tag and XSS Cheat Sheet: two stage payloads perhaps you'll like this one. This article contains a more complete list of ways to avoid multiple execution of your payloads, it's a fast reading!

XSS Cheat Sheet: the PLAINTEXT tag

June 10, 2007 at 10:21 pm - Filed under Hacks, Language EN - 775 words, reading time ~2 minutes - Permalink - Comments

When performing XSS attacks often happens that the payload is displayed, and executed, multiple times occurring in unwanted and unexpected behaviors. This can be avoided in many ways, for example using global variables in JS (eg: window['started'] = true;) and checking for the variable existence at the very beginning of the payload, but when the filters are crazy and every char requires a notable effort (or when you are just hurry) one cheat gets the job done: the <PLAINTEXT> tag.

Linuxpersec2 a Verona (16/17 Giugno)

June 10, 2007 at 3:57 pm - Filed under Team, Reports, Language IT - 436 words, reading time ~1 minutes - Permalink - Comments

Sabato 17 Giugno a Verona presso l'Itis G. Marconi (Piazzale Guardini 1) si terra' Linuxpersec2 (Conosciamo altri modi... per proteggerlo!) con vari interventi sulla Sicurezza personale e Linux. La manifestazione e' gratuita e ovviamente siete tutti invitati :D

Install Firefox XPI without whitelist

June 4, 2007 at 4:50 pm - Filed under Insecurity, Language EN - 824 words, reading time ~2 minutes - Permalink - Comments

Today I was reading Firefox XPI Install Prevention Bypass (http://www.0x000000.com/?i=329) and while it's not what it promised to be (there is no Install Prevention Bypass) it contained useful informations that helped me elaborate two distinct thoughts.

Firefox <= 2.0.0.3 DOM Keylogger (bypass same-origin policy)

June 3, 2007 at 9:20 pm - Filed under Hacks, Language EN - 542 words, reading time ~1 minutes - Permalink - Comments

On 30 May Mozilla Foundation announced in its MFSA (Mozilla Foundation Security Advisory) 2007-16 a bug discovered by moz_bug_r_a4 able to bypass the same-origin policy using the addEventListener helper. Needless to say you can do really nasty things by exploiting this hole, ranging from xss attacks to keystrokes logging, with no same origin limitation. If you are impatient jump directly to the demo DOM Event Keylogger.

Reflection on Stefano Di Paola

May 29, 2007 at 12:37 am - Filed under Team, Reports, Language EN - 728 words, reading time ~2 minutes - Permalink - Comments

Anurag Agarwal has published a reflection on our friend Stefano Di Paola. The interview contains a condensed auto-biography (nice reading, thanks Stefano!); integral text follows.

Shadowpage vulnerability: the page that doesn't exists (Multiple browsers affected)

May 7, 2007 at 12:15 pm - Filed under Hacks, Language EN - 179 words, reading time ~0 minutes - Permalink - Comments

Yesterday I (Francesco `ascii` Ongaro) found a low impact bug: basically it is possible to make the user visit a page that is not listed in the back/next button history. The fun happens when self.location.replace() is pointing to a page that issues an HTTP/1.x 302 Redirect + Location. Both initial and redirect page will not be listed.

Interview with Rain Forest Puppy

May 1, 2007 at 9:09 pm - Filed under Reports, Language EN - 3236 words, reading time ~10 minutes - Permalink - Comments

Antonio `s4tan` Parata, software security researcher and member of the ush team interviews Rain Forest Puppy, famous bug hunter, specialized in web application assessment. It's a pleasure for us to publish the full interview, in this case talk is not cheap.

Free Temporary and Anonymous email address providers

April 30, 2007 at 1:15 pm - Filed under Reports, Language EN - 186 words, reading time ~0 minutes - Permalink - Comments
⌫ Previous entries
Next entries ⌦
THP USH Wisec DigitalBullets