I wrote an app in C# which uses the webbrowser control. While using it, the site i happen to use it on had an ad that auto DLed and ran itself on my comp causing me to be very annoyed. According to safebrowsing.clients.google.com 2/5000 pages had this exploit, unlucky me. I use IE6 for testing so what can i do to protect myself from tho...
I'm building a site and I would like to have external content dynamically loaded in a div using jQuery. The content could be a google search page, where one can navigate without actually leaving the site. Could someone exploit this and drive to a content of his own and run malicious code inside my site? Are there ways to prevent this? Is...
so i had an assignment requiring me to 'break' a piece of vulnerable code. snippet: int main(int argc, char **argv) { /*...*/ while(i < argc-1) { switch(argv[i][0]-48) { case 1: SmashHeap(argc,argv); break; /*...*/ case 8: PrintfVulnerability(argv[++i]); break; default: printf("%s ...
I came across the following exploit due to a warning from my AV software. It originated from an adserver delivering banner ads on one of my sites. I have retrieved the content with Wget and copied to pastebin. http://pastebin.com/m6fa38fac [Warning: Link may contain malware - Do not visit from vulnerable PC.] Please note that you have...
I've read and finished both Reversing: Secrets of Reverse Engineering and Hacking: The Art of Exploitation. They both were illuminating in their own way but I still feel like a lot of the techniques and information presented within them is outdated to some degree. When the infamous Phrack Article, Smashing the Stack for Fun and Profit,...
I've recently learned that it's possible to inject arrays into PHP GET variables to perform code execution? .php?a[]=asd&a[]=asdasd&b[]=$a That was the example I was given. I have no idea how it works and was wondering if this is even possible? ...
Hi all, I will give a basic rundown of the situation first. I work for a game server rental company that is falling victim to an exploit inside of a major game engine (source). Basically, the developers left not one but two exploits inside the code, one to Send/Recieve files, and one that lets clients run plugins. Whats happening is cli...
I've been assigned to one of my company's legacy webapps, and after a day or two of poking around the source, I've found an SQL injection vector similar to the following: mysql_query("SELECT * FROM foo WHERE bar='" . $_GET['baz'] . "'"); I've tried to perform an SQL injection test against this, but it fails, due to PHP's magic_quotes_...
What ways are there for detecting exploits in PHP/MySQL web applications (checking for certain characters or pieces of codes in the GET, POST, COOKIE arrays / using a library with a database that has all the patterns for common exploits, if any exist?) and how should I proceed when one is detected? For example, if someone tried to find ...
Hi. I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get in through SQL injection or manipulating cookies and the ?m= parameter. define ( ...
void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } The above demo is from here: http://insecure.org/stf/smashstack.html But it's not working here: D:\tes...
WARNING: This is an exploit. Do not execute this code. //shellcode.c char shellcode[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; int main() { int *ret; ...
Does anyone have a detailed explanation on how integers can be exploited? I have been reading a lot about the concept, and I understand what an it is, and I understand buffer overflows, but I dont understand how one could modify memory reliably, or in a way to modify application flow, by making an integer larger than its defined memory.....
I mean in operating systems or their applications. The only way I can think of is examine binaries for the use of dangerous functions like strcpy(), and then try to exploit those. Though with compiler improvements like Visual Studio's /GS switch this possibility should mostly be a thing of the past. Or am I mistaken? What other ways do ...
background: I coded a struts2 ActionSupport class with ModelDriven. It's a hibernate/spring web app, using OSIV and attached entities in the view (JSP). I received this email today from the architect 'punishing' me for putting an object that had a reference to an attached entity on the struts2 valuestack via the ModelDriven<E> interfa...
Yesterday my site was comprised. The attacker changes the index.php file to their own (with all their glory messages and greet). I've notified the hosting company about this (we are running on a dedicated server), and on my part, I'm trying to fix anything that seems to be the cause, cause I'm still unable to point how exactly did our se...
Hi, I'm trying to produce a simple server that will allow me test the Androids security features. I need to develop an application that will open a socket. I've produced something similar in C, but I am having no look with java. Here's the application in C // simpleserver3.c #define MY_PORT 9999 #define MAXBUF 99 void inda...
Blackjacking is a technique used to connect internally to a corporate network using a typical BES device. It was announced at DefCon a few years back and is hardly new. How does this work, and what are the ways to reduce risk from this exploit? ...
Hi, I'm currently working a project to investigate the secuirty inherit with Android. A part of my project is to perform an overflow of the stack and execute a local shell. I've created an exploitable application in native c, that is dynamically linked, installed it and executed it. I'm having trouble using GDB. I want to know the l...
I recently found out that there are several vulnerabilities in the linux kernel that allow for privilge escalation, that have not been patched yet in the major distributions, and have public exploits on the usual sources. For example, I could get root on any of my completely up to date Ubuntu 10.04 systems using this very simple exploit....