Posts

Showing posts from 2013

About.me Cookie Based XSS

Image
About.me suffered from a Cross Site Scripting flaw I found a few days ago. The interesting thing about this flaw is that it was cookie based. The following post details how I found it and what I did to confirm that it was exploitable, it also discusses some interesting points to consider when you find a XSS triggered by Cookie Values.



Even Faster Blind SQL injection methods

Image
A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requirements to the target web server.



Grepping for Glory : using grep to uncover Android Application Level Vulns

Image
I've spent some time trawling through masses of Android App Sauce lately and I thought I'd share some quick tips and tricks that can help you uncover some critical vulnerabilities. In this post I'll discuss some basic bash scripting that pin points code being either in Java or Jasmin/Smali form.

A quick disclaimer, 

the screenshots below are from actual apps sourced from the play store, I've used real examples here to motivate the need to look for the mentioned vulnerabilities and detail how easy they are to find. Although I've made sure to santize them for any useable or exploitable information seeing that some of these apps have been downloaded hundreds of the thousands of times.


XSS and Uncontrolled redirect Vulns in Encrypted Blog Plugin for Wordpress

Image
# Date: 28 August 2013
# Author: k3170makan
# Vendor or Software Link: http://wordpress.org/plugins/encrypted-blog/
# Version: 0.0.6.2
# Category: webapps
# Tested on: N/A

More Details on the Android JCA PRNG Flaw

Image
I've spent a couple days reading the source code for the Pseudo Random number generators in Android mostly because there aren't many breakdowns of the vulnerability around, none that walk through the code explicitly anyway. After some discussion with some people from the Android Security Discussion Google Group I realized that the issue goes a little deeper than  just the super calls and constructor definition as I previously thought.

I was also mislead by grepcode---the site I was using to read the code---since it it wasn't directing me to the Android SecureRandom Implementation but rather OpenJDK!

So I thought I'd correct myself re-post about the issue and study the code directly from the Android repo namely ( https://android.googlesource.com/platform/libcore/+/jb-release/luni/src/main/java/java/security/SecureRandom.java )

Details on the Android JCA PRNG Flaws

Recently some bitcoin wallets suffered an attack that made use of a critical flaw in the way Java's Cryptography Architecture is implemented in Android. The following post discusses some of the technical details of the flaw by interpreting the code that causes the issue.

UPDATE: A more up to scratch attempt at explaining the vulnerability can be found here http://blog.k3170makan.com/2013/08/more-details-on-android-jca-prng-flaw.html

Homomorphic Encryption : What it is and what it means for the future of security

There's a new idea brewing in the cryptographers' circles called Homomorphic encryption, and it will soon change the way we do everything from querying databases remotely to adding numbers. In this post I briefly explain what homomorphic encryption is and then list a few ideas others have had on how to use it in cool ways and one or two ideas I've had.

Given that this is a relatively new idea, many of you may be hearing about it for the first time; I'm going to spend a few paragraphs explaining what it is and at the end of this post I'll share a couple of papers and blog posts by awesome people on the subject and its applications.

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

Image
# Exploit Title: ADIF Log Search Widget XSS Vulnerability # Google Dork: # Date: 26/05/13 # Exploit Author: k3170makan # Vendor Homepage: http://wordpress.org/plugins/adif-log-search-widget/ # Software Link: http://wordpress.org/plugins/adif-log-search-widget/ # Version: 1.0e # Tested on: Ubuntu 12.04.2 LTS Wordpress ADIF log book search plugin widget suffers from a Cross Site Scripting vulnerability.

Hash Length Extension: The padding that killed your secret key

Image
Its been a while folks! but I'm back with another really interesting post, this time about how to abuse hashing algorithms or rather a certain style of hashing algorithms.

I'm going to try to teach you the analysis that gave birth to this very clever attack and to do that I need to talk a little about hashing algorithms and how they are constructed, I mean its not just coincidence that collisions in hashing functions are extremely rare.


Blogger.com and the mixed scripting vulnerability

Image
Blogger.com suffers from a mixed scripting/content vulnerability, this domain references multiple scripts and other content types from a non-https enabled channel.

Here's the report:

# Exploit Title: Multiple Mixed Scripting/Content Vulnerabilities in Blogger.com
# Google Dork:site:blogger.com
# Date: 09/1/12
# Exploit Author: k3170makan
# Vendor Homepage: https://www.blogger. com
# Software Link: https://www.blogger.com
# Version: current
# Tested on: Ubuntu 10.04 # site: ...

Labels

Show more