The Latest Exploits/Vulnerabilities

Exploit Discussion

Find the Best Exploits/Vulnerabilities from 2018 here:

AJAX: Is your application secure enough?

Introduction We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object. Webmail applications use it to quickly update the list of […]

Topic: Countermeasures, Exploits/Vulnerabilities, Web Hacking

IE Address Bar Spoofing

I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location… This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites). The vulnerability has been confirmed on a fully patched system […]

Topic: Exploits/Vulnerabilities

Information about the Internet Explorer Exploit createTextRange Code Execution

Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to […]

Topic: Exploits/Vulnerabilities, Windows Hacking

FrSIRT Starts Charging for OTHER Peoples Work (Exploits)

Is it ethical or even legal to charge for other peoples work? As far as I know France seems have some pretty strong (and weird) copyright laws. And yes, they are blaming French Laws prohibiting full disclosure. In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on […]

Topic: Exploits/Vulnerabilities, Legal Issues