Menu

Dec 15, 2015

Hey guys!!


Hey ppl i was a bit busy whith life and stuff sorry for no new posts long time
somthing new will come soon :)


# ITS © # 2009 - 2016
Posted by at No comments:

Oct 30, 2011

Mozilla Firefox Array.reduceRight() Vulnerability



This module exploits a vulnerability found in Mozilla Firefox 3.6 when an array object is configured with a large length value , the reduceRigh() method may cause an invalid index being used , allowing arbitary remote code execution . Please note that the exploit requires a longer amount of time ( compare to a typical browser exploit) in order to gain control of the machine
More : http://www.exploit-db.com/exploits/17612/


# ITS ©
# 2009 - 2011
Posted by at No comments:
Labels:

Oct 28, 2011

Facebook Attach EXE Vulnerability

















----------------------------------------------------------------------------------------------------------------------------------------
1. Summary:

When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

----------------------------------------------------------------------------------------------------------------------------------------
2. Description:

When attaching an executable file, Facebook will return an error message stating:

"Error Uploading: You cannot attach files of that type."









When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:

Content-Disposition: form-data; name="attachment"; filename="cmd.exe"

It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not.

To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so:

filename="cmd.exe "



































This was enough to trick the parser and allow our executable file to be attached and sent in a
message.










----------------------------------------------------------------------------------------------------------------------------------------
3. Impact:

Potentially allow an attacker to compromise a victim’s computer system.

----------------------------------------------------------------------------------------------------------------------------------------
4. Affected Products:

www.facebook.com

----------------------------------------------------------------------------------------------------------------------------------------
5. Time Table:

09/30/2011 Reported Vulnerability to the Vendor
10/26/2011 Vendor Acknowledged Vulnerability
10/27/2011 Publicly Disclosed

----------------------------------------------------------------------------------------------------------------------------------------
6. Credits:

Discovered by Nathan Power
www.securitypentest.com

----------------------------------------------------------------------------------------------------------------------------------------

# ITS ©
# 2009 - 2011
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)