Autorun

By YGN Ethical Hacker Group -
One of the reasons of malware spreading via readable/writable media in Windows platform is

  • Windows itself enables Autorun by default
  • Some applications even ask users to enable Autorun if disabled. 

Comments

Post a Comment

Popular posts from this blog

Bypassing referrer check with no script involved

By YGN Ethical Hacker Group -
No more to use scripting approach like https://github.com/knu/noreferrer This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header: <meta name="referrer" content="no-referrer"> https://caniuse.com/#feat=referrer-policy
Read more

From Arbitrary DNS Query to DNS Proxy

By YGN Ethical Hacker Group -
Most of today's corporate networks allow arbitrary DNS query. Similarly wireless access points which are controlled by HTTP user credentials allow arbitrary DNS queries. Attackers can easily bypass this restriction by setting up their remote DNS-based HTTP/Socks proxy servers.The thing is the restriction is set only on HTTP Data not others. Attackers can set up covert channels with DNS, ICMP, POP3 and so on.
Read more

XSS: Gaining access to HttpOnly Cookie in 2012

By YGN Ethical Hacker Group -
Image
Update 2016/02: We were asked by a lot if this still works.  Shortly after our disclosure, this issue has been patched. ------ The Background - The Past Gaining access to  HttpOnly cookie  was first attempted by means of XST,  Cross Site Tracing  vulnerability. Soon after the popularity of XST, the TRACE method has been disabled by most web servers.  Later, browsers' implementation of XMLHttpRequest also blocked "TRACE" method (i.e.  xmlhttp.open('TRACE', url, true) ].  Later,  a flawed implementation in Firefox's  XMLHttpRequest which can be used to access set-cookie response header was fixed.   JS Debugger pointing out "TRACE" method as invalid arugment   JS Debugger pointing out "TRACE" method as illegal value A Sla.ckers.org forum member, LeverOne, posted ways to access HttpOnly cookie through the use of Java API and applet.  I reproduced his techniques. When the first method was tried, the J...
Read more