Prevent errors on iFramed pages with JavaScript
Avoid errors on deleted iFramed pages or when Lotus Notes Domino users don't have page access using JavaScript code and the httpRequest object
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 44 records
| |
| |
| |
|
Adobe Reader/Acrobat JavaScript Method Handling Vuln
...JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file
NOTE: The vulnerability is reportedly being exploited in the wild
Note the note. This one is getting pwned as we speak
Article Link
| |
| |
| |
|
Researcher slams Adobe for 'epidemic' of JavaScript bugs
Adobe Systems has patched its free Reader and commercial Acrobat software to fix the latest in what one researcher called an "epidemic" of JavaScript vulnerabilities in the popular apps
| |
| |
| |
|
Automating web application security testing
...JavaScript, HTTP response headers, etc
The following are some (by no means complete) examples of XSS vulnerabilities. Let's assume there is a web application that accepts user input as the 'q' parameter. Untrusted data coming from the attacker is marked in red
Injection in regular HTML body - angled brackets not filtered or escaped
Your...
| |
| |
| |
|
Massive RealPlayer Exploit Embedded Attack
2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...javascript obfuscations, multiple IFRAME redirectors to and from internal pages, and scripts within the domains. Let's assess those that are still active
n.uc8010.com/0.js returns " ok ^ ^ " message and loads c.uc8010.com/ip/Cip.aspx (61.188.39.218) which says " Hello ", furthermore, c.uc8010.com/0/w.js loads c.uc8010.com/1.htm ;...
| |
| |
| |
|
The United Nations Serving Malware
2008-04-23 10:13:00 by HASH0x8b31c98 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...JavaScript loads a file named 1.js which is ho sted on http://www.nihao[removed].com The JavaScript code then redirects the user to 1.htm (also hosted on the same server). Once loaded, the file attempts 8 different exploits (the attack last April utilised 12). The exploits target Microsoft applications, specifically browsers not patched...
| |
| |
| |
|
Cached Malware Embedded Sites
2007-12-16 18:18:26 by HASH0x8a09e44 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...javascript/IFRAME before it got removed
Here's an example of how useful cached malware sites are for research purposes. Back in September, the U.S Consulate in St.Petersburg was serving malware , and the embedded malware link was removed sooner than I could obtain a copy of the infected page. Best of all - there were still cached copies...
| |
| |
| |
|
Moto Q9 DoS and Fingerprinting
...JavaScript. But then I realized, I had never tested it with JavaScript turned on. Thats when I went to Mr. T . What did Mr. T do to the Moto Q9 (which is running Opera, by the way)? It crashed it immediately
So then I start messing around with it, and I narrow it down to one of the things thats more legacy than anything, the now fixed, MS...
| |
| |
| |
|
U.K's FETA Serving Malware
2008-02-12 09:13:31 by HASH0x8b1c460 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Javascript hack created using the Neosploit Crimeware Toolkit, dishing out payloads including, the blog reports, porn pop-ups
The deobfuscated javascript attempts to load the currently live 88.255.90.130/cgi-bin/in.cgi?p=admin (MDAC ActiveX code execution (CVE-2006-0003), also responding to Silentwork.ws and Tide.ws which is deceptively...