Re: [Full-disclosure] Results of a XSLT fuzzing effort
Nice one Nick, great job eheh :D Cheers antisnatchor Nicolas GrégoireMarch 8, 2013 10:12 AM Hi!I published last week a blog post describing the results of the XSLTfuzzing campaign I did in 2012. Now that most of the discoveredvulnerabilities are patched, I've chosen to give away a dozen of PoCregarding Adobe Reader, Microsoft MSXML, Firefox, Webkit, ...Even if you are not in XML technologies, I think that looking atpathological XSLT code may be interesting ;-)The article is there: http://www.agarri.fr/blog/index.htmlCheers,Nicolas Grégoire___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Results of a XSLT fuzzing effort
+1 Am 08-Mar-2013 11:12, schrieb Nicolas Grégoire: Hi! I published last week a blog post describing the results of the XSLT fuzzing campaign I did in 2012. Now that most of the discovered vulnerabilities are patched, I've chosen to give away a dozen of PoC regarding Adobe Reader, Microsoft MSXML, Firefox, Webkit, ... Even if you are not in XML technologies, I think that looking at pathological XSLT code may be interesting ;-) The article is there: http://www.agarri.fr/blog/index.html Cheers, Nicolas Grégoire ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
