ascii

My friend Stefano di Paola and I have discovered that a PHP function used to emulate register_globals on is able to overwrite any variable (also $_SESSION and $_SERVER) with the exception of $GLOBALS. Naturally during the Month of PHP bugs.

To demonstrate the import_request_variables() bug i’ve exploited a XSS flaw in PHP NUKE 8.0 that has an anti-CSRF routine. The import_request_variables() vulnerability will permit you to exploit a wide range of vectors (XSS, remote file inclusion, remote code execution, SQL injections, etc.) on software that makes use of it.

This story is mostly funsec, if you can’t handle funsec stop reading 🙂 You have just developed you brand new application, it’s name is EVIL.EXE. It’s a very good application but nobody will install it without good partners.. You need somebody trusted from users that is willing to distribuite it. So.. Let’s go! Find out some good partners.

This night i was in the process of mirroring all the tmbo.org daily pics for fast viewing. Their site has to be hosted on an ADSL link (like ush.it, hey this site is on a 200kbs/300kbs link, very unprofessional but no one can RAID [stupid wordpress plug-in, this is not RAID in the sense of Redundant Disk Array but RAID the verb] our server without our knowledge, think about the autistici/inventati aruba RAID for example).

From 23 to 31 December i was in Berlin for the CCC congress with other Italian security researchers and friends. We had good time enjoying Berlin, drinking beer and exchanging informations. Also Stefano Di Paola and Giorgio Fedon disclosed some Adobe Acrobat Reader bugs in a larger talk titled Subverting AJAX.

At CCC my friends Stefano Di Paola and Giorgio Fedon releades some of their latest findings, note that this is a translation in italiano of the original advisory aviable on wisec.it (http://www.wisec.it/vulns.php?page=9) that of course is in english. The advisory is focused on some specific bugs, one of these is called UXSS (Universal Cross Site Scripting) in PDF files.

Non so se avete letto il recente post di Tonu Samuel riguardo EXIF nelle jpeg, si e’ costruito un crawler e adesso sta facendo statistiche.

Praticamente le fotocamere si salvano un’anteprima e alcuni tag assieme all’immagine canonica. Piu’ o meno sapevo che le immagini si portavano dietro dei metadati ma non mi ero mai addentrato nell’argomento.

Translazioni è un progetto che si prefigge di promuovere il passaggio di aziende grandi e piccole a piattaforme e applicazioni Open Source. Translazioni pone al centro dell’attenzione le persone, elemento fondante di ogni organizzazione. La nostra convinzione è che il passaggio a tecnologie libere può apportare grandi vantaggi solo se è promosso attraverso la cultura e la mentalità aziendale.

Translazioni è composto da freelance e liberi professionisti uniti da comprovata esperienza, amore per la ricerca e il modello open source, know-how settoriale e attitudine al lavoro di squadra.

The complete and growing quotes collection of this seasonal flame war. Trolling adventures of n3td3v (and his alter ego Joe Average), infosecbofh and others.

FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable to multiple XSS. The impact is a little bigger since datas will be stored in a flat file and the result of a single query will persist for some time on the backend. A well-timed loop of requests will assure the XSS to be permanent.