Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

2014-03-14 20:28 GMT+01:00 Nicholas Lemonias. : > Then that also means that firewalls and IPS systems are worthless. Why > spend so much time protecting the network layers if a user can send any > file of choice to a remote network through http... > No, they are not worthless per se, but of cours

Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

n't make the bug to go away. > > Best, > > Nicholas. > > > On Fri, Mar 14, 2014 at 7:01 PM, Krzysztof Kotowicz < > kkotowicz...@gmail.com> wrote: > >> Nicholas, seriously, just stop. >> >> You have found an 'arbitrary file upload' i

Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC

Nicholas, seriously, just stop. You have found an 'arbitrary file upload' in a file hosting service and claim it is a serious vulnerability. With no proof that your 'arbitrary file' is being used anywhere in any context that would lead to code execution - on server or client side. You cite OWASP d

[Full-disclosure] [CVE-2014-1403] DOM XSS in EasyXDM 2.4.18

ertain conditions, ends up in location.href assignment, triggering JS execution. Proof of Concept http://domain/example/bridge.html"; onload="document.getElementById('f' ).src= 'http://domain/name.html#_3constructor,javascript:alert(document.domain)//&#

[Full-disclosure] OpenText Exceed On Demand 8 multiple vulnerabilities

redits = - Slawomir Jasek `` - Krzysztof Kotowicz `` Dates = - 18.11.2013 - Vendor disclosure - 21.11.2013 - Additional vulnerabilities found & reported to vendor - 21.11.2013 - Vendor acknowledges the report, "no further details to share" - 06.12.1013 - Query ab

[Full-disclosure] EasyXDM 2.4.16 multiple vulnerabilities

l inject log=true FlashVars parameter, which, combined with first vulnerability will trigger script execution in jsbin.com domain. http://jsbin.com&log=true&a=@ jsbin.com/UMUHOgo/1?#xdm_e=https%3A%2F%2Floscalhost&xdm_c=default7059&xdm_p=6&xdm_s=j%5C%22-alerssst(2)))%7Dcatch(e)

Re: [Full-disclosure] Paypal Core Bug Bounty #3 - Persistent Web Vulnerability

ctly as inserted (is there a antiCSRF token needed for the search request) and only then is the payload executed. During this scenario user knowingly sees & uses Javascript code twice - that's hardly low interaction. Unless I'm missing something - is there a cross-account action goin

[Full-disclosure] CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass

lean() function. It's based on multiple blacklists and will therefore unavoidably be bypassable in the future. For input filtering, use HTMLPurifier ( http://htmlpurifier.org/ ) instead. Credits == Vulnerability found by Krzysztof Kotowicz http://blog.kotowicz.net Timeline === 2012.03

Re: [Full-disclosure] Trigerring Java code from a SVG image

Kind of. You can still do some stuff from in Opera. http://kotowicz.net/opera/ On Wed, May 16, 2012 at 12:25 PM, Dan Kaminsky wrote: > Anything from in any browser? > > > On Wed, May 16, 2012 at 2:25 AM, Michele Orru > wrote: >> >> Mario Heiderich did a lot of research on that, he found so man