Files from Amit Klein ≈ Packet Storm

Channel: Files from Amit Klein ≈ Packet Storm

xercesAmit.txt

October 12, 2004, 8:05 pm

Xerces-C++ versions below 2.6.0 allow an attacker to craft a malicious XML document using XML attributes in a way that inflicts a denial of service condition on the target machine.

View Article

Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way...

View Article

022805.txt

February 28, 2005, 4:15 pm

This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users....

View Article

NTLMhttp.txt

July 19, 2005, 7:43 am

Interesting write up regarding the faulty logic of using NTLM HTTP authentication and how it does not mix well with HTTP proxies.

View Article

httpsplit.txt

August 16, 2005, 11:30 pm

This technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling.

View Article

xmlhttpRequestpaper.txt

September 25, 2005, 10:22 pm

Whitepaper entitled "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more."

View Article

httpResponseSmuggle.txt

February 25, 2006, 2:15 pm

Whitepaper entitled "HTTP Response Smuggling". It discusses evasion techniques to bypass anti-HTTP response splitting strategies.

View Article

Forge-Amit.txt

July 26, 2006, 1:03 am

Whitepaper titled "Forging HTTP Request Headers With Flash".

View Article

flashTheft.txt

August 26, 2006, 10:21 pm

By forging HTTP request headers with flash, virtual hosted systems can be susceptible to cookie theft using IE.

View Article

HeaderFlash.txt

August 27, 2006, 10:50 am

Formal write up discussing how arbitrary HTTP requests can be crafted using Flash 7/8 with Internet Explorer.

View Article

bind9forgery.txt

July 24, 2007, 8:39 pm

A new weakness has been discovered in the BIND 9 DNS server that allows for DNS forgery pharming.

View Article

BIND 8 DNS Cache Poisoning Whitepaper

August 27, 2007, 7:37 pm

The paper shows that BIND 8 DNS queries are predictable, allowing for cache poisoning attacks.

View Article

Windows DNS Cache Poisoning Whitepaper

November 13, 2007, 6:15 pm

The paper shows that Microsoft Windows DNS Server outgoing queries are predictable, allowing for cache poisoning attacks.

View Article

OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf

February 6, 2008, 11:46 am

The paper describes a weakness in the pseudo random number generator (PRNG) in use by OpenBSD, Mac OS X, Mac OS X Server, Darwin, NetBSD, FreeBSD and DragonFlyBSD to produce random DNS transaction IDs...

View Article

PowerDNS_recursor_DNS_Cache_Poisoning.pdf

March 31, 2008, 7:24 pm

PowerDNS Recursor versions 3.0 through 3.1.4 suffer form a DNS cache poisoning vulnerability.

View Article

Microsoft_Windows_resolver_DNS_cache_poisoning.pdf

April 8, 2008, 8:16 pm

This paper shows that Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described...

View Article

msswi-blog.txt

April 28, 2008, 3:33 pm

It appears that Microsoft may have incorrectly stated a few things regarding MS08-020 on their blog and are reluctant to fix it.

View Article

address-spoof.txt

October 27, 2008, 3:38 pm

Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6. Due to formatting issues when sent , additional notes regarding the attacks are appended.

View Article

Temporary User Tracking

June 8, 2009, 4:51 pm

Whitepaper called Temporary user tracking in major browsers and Cross-domain information leakage and attacks.

View Article

Google Chrome 3.0 Beta Math.random Vulnerability

September 1, 2009, 8:31 pm

The revised Google Chrome Math.random algorithm (included in version 3.0 of Google Chrome) is predictable. This paper describes how Google Chrome 3.0 Math.random's internal state can be reconstructed,...

View Article

Cross-Domain Information Leakage In Firefox

September 14, 2010, 7:44 pm

Firefox versions 3.6.4 through 3.6.8, 3.5.10 through 3.5.11 and 4.0 Beta1 suffer from a cross-domain information leakage vulnerability.

View Article

Cross-Domain Information Leakage / Temporary User Tracking In Safari

November 23, 2010, 8:45 am

Apple Safari versions 4.02 through 4.05 and Windows versions 5.0 through 5.0.2 suffer from cross-domain information leakage and temporary user tracking vulnerabilities.

View Article

Microsoft IE9 Math.random Vulnerability

December 3, 2010, 4:12 am

The IE9 (platform preview) Javascript Math.random implementation is vulnerable to seed reconstruction. The seed reveals the computer's boot time (and on Windows 7 - also CPU clock speed). These can be...

View Article

VM Detection Via Browsers

October 6, 2015, 8:33 pm

In three browser families researched (Edge, Internet Explorer and Firefox - all on Windows 7 or above), it is possible to extract the frequency of the Windows performance counter, using standard HTML...

View Article

Node.js HTTP Response Splitting

February 11, 2016, 9:01 am

Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.

View Article

More Pages to Explore .....

Latest Images