SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint […]
Windows Hacking
Microsoft Warns Of ASP.Net Vulnerability In The Wild – Cryptographic Padding Attack
There seems to be a fairly serious attack being exploited in the wild that targets vulnerable ASP.Net web applications, so far there is a temporary fix but no official announcement on when a patch will be issued. The next scheduled patches should be pushed out on October 12th. If you had set up your server […]
Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability
There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been known about for at […]
Windows Binary Planting DLL Preloading/Hijacking Bug
The big news that is turning the infosec world inside out this week is about a new DLL pre-loading/hijacking bug which effects more than 200 Windows applications including some produced by Microsoft itself. The basis of this exploit is the way in which Windows works and how it loads DLL files used by many applications, […]
Microsoft Fixes SSL Spoofing Renegotiation Bug
Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month. IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it. The fix is […]