exploit

Decode email address from Gravatar hash?

I suppose, Gravatar generates the image from email address. If so, the reverse should be possible. How difficult would be to get the email associated with the image? Isnt it a potential spam threat? What are your thoughts? (other than calling me paranoid ;) i did that already) ...

Executing JavaScript from Flex: Is this javascript function dangerous?

I have a flex application that needs the ability to generate and execute JavaScript. When I say this, I mean I need to execute raw JavaScript that I create in my Flex application (not just an existing JavaScript method) I am currently doing this by exposing the following JavaScript method: function doScript(js){ eval(js);} I can then...

What's the best way to detect web applications attacks ?

What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ? I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try wel...

Can you find the web security issue here?

I have a webpage that redirects to another webpage like this: http://www.myOtherServer.com/Sponsor.php?RedirectPage=http://mylink.com/whereIwasgoingtogo.html Then the Sponsor.php page displays an ad with a link saying "Continue to your page" that links to the passed in RedirectPage. Are there security/spoofing issues that could come ...

possible javascript exploits from exposed link?

On a page from a website (one of ours) I can enter in the url the following code: javascript:createNewWindow('Something', 100, 100, 'Text') Is there a way someone can exploit this? function createNewWindow(url, widthIn, heightIn, title) { var strOptions='toolbar=0,location=0,directories=0,status=1,menubar=0,scrollbars=1,r...

Sanitizing MySQL user parameters.

What are the dangerous characters that should be replaced in user input when the users' input will be inserted in a MySQL query? I know about quotes, double quotes, \r and \n. Are there others?(I don't have the option of using a smart connector that accepts parameters so I have to build the query myself and this will be implemented in mu...

Using a Single system() Call to Execute Multiple Commands in C

In an information security lab I'm working on, I've been tasked with executing multiple commands with a single call to "system()" (written in C, running on Fedora). What is the syntax that will allow me to execute more than command through system()? (The idea being you could execute arbitrary commands through a program running on a rem...

Stack Overflow Exploit in C

Hey there guys, the question is actually about stack overflows in C. I have an assigment that I can not get done for the life of me, i've looked at everything in the gdb and I just cant figure it. The question is the following: int i,n; void confused() { printf("who called me"); exit(0); } void shell_call(char *c) { prin...

What is this Base64 Look-alike?

I am new to decoding techniques and have just learnt about base64, sha-1, md5 and a few others yesterday. I have been trying to figure out what "orkut" worms actually contain. I was attacked by many orkut spammers and hackers in the past few days, and there is a similarity in the URLs that they send to us. I don't know what informa...

how do widgets like "http://sharethis.com/" make what seem to be XSS calls

How is it that tools like this one can make an ajax style call back to a central site? basically they give you a " tag to put on your site where ever it is. So in this widget you have the ability to ask for an email to be sent to you for the page you're currently on. I assume this makes an ajax style call back to share this who sends out...

Help me understand this JavaScript exploit

I usually do not have difficulty to read JavaScript script but this one I can't figure out the logic. The code is from an Exploit that has been published 4 days ago. You can find it at milw0rm. Here is the code: <html> <div id="replace">x</div> <script> // windows/exec - 148 bytes // http://www.metasploit.com ...

To what does "zero day" refer?

Does "zero-day" or "0-day" (in context of software vulnerabilities and exploits) refer to the software release, or a particular type of exploit? [I did not find an answer to this on SO. Though it is answered elsewhere on the Internet, my understanding of SO is that it's okay to ask/answer basic questions] ...

How are buffer overflows used to exploit computers?

How are buffer overflows used to exploit computers? How is one able to execute arbitrary code simply by causing stack or heap overflows? I understand that portions of the programs memory are overwritten that aren't supposed to be, but I don't see how this leads to one executing their own code. Also, must the 3rd party's malicious co...

How long should it take an average coder to understand a buffer overflow?

How long should it take an average coder (has used C/C++ but isn't an expert) to understand what a buffer overflow is, why its a bad thing, and how someone might use it to take control of the application? ...

I don't understand this Code

I do not understand this code snippet : function ms(){ var plc=unescape('". unescape( '\x43\x43\x43\x43\n.............\xEF'. $URL).CollectGarbage(); if (mf)return(0); mf=1; var hsta=0x0c0c0c0c,hbs=0x100000,pl=plc.length*2,sss=hbs-(pl+0x38); var ss=gss(addr(hsta),sss),hb=(hsta-hbs)/hbs; for(i=0;i<hb;i++) m[...

Hacking and exploiting - How do you deal with any security holes you find?

Today online security is a very important factor. Many businesses are completely based online, and there is tons of sensitive data available to check out only by using your web browser. Seeking knowledge to secure my own applications Ive found that Im often testing others applications for exploits and security holes, maybe just for cur...

Risk of exploits "backwards" into outbound tcp connections.

I am building a server application that will maintain connections to other applications by initiating TCP connections out through a firewall that is only open for outbound traffic to the relevant IP's ports that the application will connect to. What is the risk of someone having taken over the machine(s) we connect to being able to expl...

Would a C#/.Net web browser be susceptible to exploits?

Is it correct to say that the .Net platform is more secure because the CLR guards against buffer overflow attacks? Assuming there was a web browser running in a managed OS (like Cosmos, SharpOS or Singularity), would it be technically possible for an attacker to inject IL code into the app? Would I have to worry about attacks that aren...

How would I go about prevent DLL injection.

So the other day, I saw this: http://www.edgeofnowhere.cc/viewtopic.php?p=2483118 and it goes over three different methods of DLL injection. How would I prevent these from the process? Or at a bare minimum, how do I prevent the first one? I was thinking maybe a Ring 0 driver might be the only way to stop all three, but I'd like to see...

Heap Spray Internet Explorer 8

Hi I want to know, is there a way to spray IE8 heap? I did my best but I was not able to spray IE 8 heap! I attached Olly to IE and I never see my data in Memory of IE. How can I do that? I also used Heaplib, but again no luck! Any advice? Is it impossible to spray IE 8 heap? Thanks ...