Full Disclosure
Posted by Federico Fazzi on Jul 03
——————————————————–
Snorby 2.6.2 – Stored Cross-site Scripting Vulnerability
——————————————————–
Vendor
——
Version
——-
2.6.2
Description
———–
During my research and testing of new IDS (Intrusion Detection System)
like Suricata, I’ve
found a Stored Cross-site Scripting (XSS) vulnerability in Snorby (that
I’d like to use…
Posted by Daniel Wood on Jul 03
Yes this is a pretty good find. I can also confirm it works on iOS 8.3 (12F69) with Safari.
DW
Sent from my iPad
Posted by anidear on Jul 03
I played around with the code to see if can change it to avoid using the
fork bomb. Here’s what I came up with
https://gist.github.com/ptantiku/d37c364cd13bb31a1ee6
It seems to need at least 500 threads to update the URL at 5ms for this to
work (tested on Chrome x64 43.0.2357.130, Linux, locally).
And the first setInterval() can be substituted for setTimeout(…,10) which
will run only once for waiting the pop-up window to open.
Although…
Posted by Mustafa Al-Bassam on Jul 02
That’s pretty neat. Played around with this and made a few discoveries.
1. It shows a valid certificate when you spoof HTTPS sites. That’s really bad. POC/screenshot:
https://github.com/musalbas/address-spoofing-poc
2. The page isn’t responsive when using this flaw. That means you can’t spoof a login box for example. (I tried.)
3. The success of the exploit seems to depend on if the browser can start loading content.html…
Posted by Kevin Beaumont on Jul 02
All,
OLE Packager is a feature introduced in Windows 3.1, which ran “up to”
Windows XP: https://en.wikipedia.org/wiki/Object_Linking_and_Embedding
It is still present in every version of Microsoft Office, on every Windows
OS.
It allows you to embed any file into Office documents. It is also very
dangerous and there is no way to disable it.
To test, open Word 2010/2013 and select Insert -> Object -> Create from
File, and drop…
Posted by Big Whale on Jul 02
Found this POC: musalbas/address-spoofing-poc
| |
| | | | | | | |
| musalbas/address-spoofing-pocaddress-spoofing-poc – Chrome address spoofing vulnerability proof-of-concept for HTTPS.
(Original by David Leo.) |
| |
| View on github.com | Preview by Yahoo |
| |
| |
On Thursday, July 2, 2015 9:21 AM, Valentinas Bakaitis <v.bakaitis () gmail com> wrote:
Can you perform any actions on the page once the URL…
Posted by Alessandro Zala on Jul 02
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Subject: Authentication Bypass
# Risk: Critical
# Effect: Remotely exploitable
# Author: Alessandro Zala (alessandro.zala () csnc ch)
#…
Posted by Valentinas Bakaitis on Jul 02
Can you perform any actions on the page once the URL is replaced, or is it
non responsive? (asking because PoC did not work on my Chrome 43.0.2357.130
(64-bit) on OSX). If it is non responsive then the impact is very limited.
Worst thing I can think of is showing “your account is suspended, please
contact technical support on 0800-555-555″ and then using the trust user
puts in the URL for phone phishing. If it is responsive, then…
Posted by Mike K Gorski on Jul 02
I think they called it DOS because the chrome.exe process starts to consume
system memory out of control.
In my example (Win7 Chrome 43.0.2357.130) it ended up consuming 4GB+ of
memory before it finally gave up 3 minutes or so later and issued an error
message in both windows.
Potentially, with multiple such frames being launched one could make it
crash.
That’s beside the point though as the URL spoofing is clearly there.
–Mike
Posted by Stefan Kanthak on Jul 02
Hi @ll,
the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.
QuickTime 7.7.7, QuickTime.msi
unquoted pathname of executables in command line
[HKEY_LOCAL_MACHINESOFTWAREClientsMediaQuickTimeshellopencommand]
@=”C:\Program Files\QuickTime\QuickTimePlayer.exe”
iTunes 12.2, AppleMobileDeviceSupport.msi
outdated 3rd party…