Introduction We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object. Webmail applications use it to quickly update the list of […]
The Latest Exploits/Vulnerabilities
Find the Best Exploits/Vulnerabilities from 2021 here:
IE Address Bar Spoofing
I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location… This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites). The vulnerability has been confirmed on a fully patched system […]
Information about the Internet Explorer Exploit createTextRange Code Execution
Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to […]
FrSIRT Starts Charging for OTHER Peoples Work (Exploits)
Is it ethical or even legal to charge for other peoples work? As far as I know France seems have some pretty strong (and weird) copyright laws. And yes, they are blaming French Laws prohibiting full disclosure. In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on […]