A few weeks ago, one of my followers asked me if I can help him writing a functional exploit for the current version of the Audio Media Player by ABBS because he’s experiencing problems with successfully exploiting a NULL-byte issue. All exploits that are available over at the Exploit Database like this one or even this Metasploit … Read More →
As you may have noticed – it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offensive-Security Certified Professional (OSCP) certification. AND ! Yesterday! I received the mail from Offensive-Security that I have successfully completed all requirements for the OSCP certification! I’m really happy … Read More →
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for Instant Payment Notifications (IPNs). Sometimes … being on the ethical side of hacking feels good … :-)
That’s amazing bad. Where should I start? In July 2012 I’ve reported a critical SQL – Injection flaw on the official website of Lower Bavaria alongside another small XSS flaw to the owner of the website. The answer did not take that long asking for further details of the flaw and how to exploit it. … Read More →
OK…honestly… I promise (!)… this is the last advisory about the ProShow Producer application, but also the most dangerous one with a CVSS Score of 7,2 and exploitable on at least all english Microsoft Windows based operating systems! The facts ? Quoted from my published advisory: Insecure file permissions on the executable file “scsiaccess.exe”, which … Read More →
Hello readers! Take a moment and read the following article on Wikipedia about the German TÜV which is described as: TÜVs (German pronunciation: [ˈtʏf]; short for German: Technischer Überwachungs-Verein, English: Technical Inspection Association) are German organizations that work to validate the safety of products of all kinds to protect humans and the environment against hazards. As … Read More →
Have you read my last advisory about the HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting Vulnerability ? You should do! Taken by itself it’s not even an interesting vulnerability. But! You’re able to use this XSS flaw to bypass the weak implementation of the JSF javax.faces.ViewState Cross-Site Request Forgery Protection (which is used throughout … Read More →
This is a sweet vulnerability, because all ProShow installations on all Microsoft Windows operating systems up to Windows 8 are exploitable! Let’s have a look at the details and how to exploit it to get a remote shell When launching the application, it loads several .dlls: The problem ? The application (more specific: the proshow.exe) … Read More →
And here’s the next one. A SEH-based Buffer Overflow – exploitable on all 32bit windows systems out there . The application does not validate (again, but in a different module) the length of the title value while loading the contents of a ProShow transition file (.pxt) which leads to a buffer overflow condition via an overwritten … Read More →
Hello readers, as predicted … here’s the next vulnerability in the ProShow Producer application by Photodex. This time, it’s a dangerous memory corruption which could lead to “remote” code execution using a crafted .pxs file. An attacker only needs minimal social engineering skills like… Hey dude, I’ve got a crazy, nice-looking style set for you. Please … Read More →
Follow Me!