Comments for Soroush Dalili - Computer Security Is My Interest! http://soroush.secproject.com/blog Soroush Dalili's blog - بلاگ سروش دلیلی Thu, 05 Jan 2012 08:06:32 +0000 hourly 1 Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by Soroush Dalili http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5708 Soroush Dalili Thu, 05 Jan 2012 08:06:32 +0000 http://soroush.secproject.com/blog/?p=446#comment-5708 Thanks for the link. It seems very interesting and I am wondering why I've missed this one. By the way, instead of finding a vulnerable add-on, if you can force the user to install a malicious one, you can run any code in the first place as you know. Thanks for the link. It seems very interesting and I am wondering why I’ve missed this one. By the way, instead of finding a vulnerable add-on, if you can force the user to install a malicious one, you can run any code in the first place as you know.

]]> Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by Human Organs http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5679 Human Organs Tue, 03 Jan 2012 00:46:56 +0000 http://soroush.secproject.com/blog/?p=446#comment-5679 This is great one exploit, never seen b4 this Drag and Drop XSS . Good job realy! This is great one exploit, never seen b4 this Drag and Drop XSS . Good job realy!

]]> Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by Roberto Suggi Liverani http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5673 Roberto Suggi Liverani Mon, 02 Jan 2012 11:33:12 +0000 http://soroush.secproject.com/blog/?p=446#comment-5673 Hi there, Nice article - just an observation on your last paragraph. Since you mention drag and drop in the chrome:// security zone as a further attack vector, I guess this white paper might be of interest for you: "Cross Context Scripting with Firefox": http://bit.ly/sFrf0X - I covered such attack in section 2.1, assuming the scenario of a vulnerable Firefox addon which allows drag and drop action from an untrusted web page :-) Good work. Hi there,

Nice article – just an observation on your last paragraph.

Since you mention drag and drop in the chrome:// security zone as a further attack vector, I guess this white paper might be of interest for you: “Cross Context Scripting with Firefox”: http://bit.ly/sFrf0X – I covered such attack in section 2.1, assuming the scenario of a vulnerable Firefox addon which allows drag and drop action from an untrusted web page :-)

Good work.

]]> Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by jafar http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5663 jafar Sat, 31 Dec 2011 16:31:39 +0000 http://soroush.secproject.com/blog/?p=446#comment-5663 I tried your PoC , it works ok but as you said the main challenging issue about exploiting this XSS is to deceive the users to drag it. Good job I tried your PoC , it works ok but as you said the main challenging issue about exploiting this XSS is to deceive the users to drag it.

Good job

]]> Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by Soroush Dalili http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5662 Soroush Dalili Sat, 31 Dec 2011 15:56:47 +0000 http://soroush.secproject.com/blog/?p=446#comment-5662 Yes, in fact the risk was not high and that's why it has been published. Yes, in fact the risk was not high and that’s why it has been published.

]]> Comment on Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames) by AbiusX http://soroush.secproject.com/blog/2011/12/drag-and-drop-xss-in-firefox-by-html5-cross-domain-in-frames/comment-page-1/#comment-5661 AbiusX Sat, 31 Dec 2011 11:06:09 +0000 http://soroush.secproject.com/blog/?p=446#comment-5661 Good one, Although the impact is high, there are very few scenarios susceptible to the attack. Good one,
Although the impact is high, there are very few scenarios susceptible to the attack.

]]> Comment on Facebook Redirect Link – New Bypass Method – “:/” after the domain name by Soroush Dalili http://soroush.secproject.com/blog/2010/12/facebook-redirect-link-new-bypass-method-%e2%80%93-%e2%80%9c%e2%80%9d-after-the-domain-name/comment-page-1/#comment-5657 Soroush Dalili Sat, 31 Dec 2011 02:52:06 +0000 http://soroush.secproject.com/blog/?p=409#comment-5657 This issue had been solved on Facebook as far as I know. This issue had been solved on Facebook as far as I know.

]]> Comment on Facebook Redirect Link – New Bypass Method – “:/” after the domain name by เย็ด http://soroush.secproject.com/blog/2010/12/facebook-redirect-link-new-bypass-method-%e2%80%93-%e2%80%9c%e2%80%9d-after-the-domain-name/comment-page-1/#comment-5282 เย็ด Tue, 04 Oct 2011 09:42:50 +0000 http://soroush.secproject.com/blog/?p=409#comment-5282 This issue had been reported to Facebook at least twice more than 1 month ago without having any response. This issue had been reported to Facebook at least twice more than 1 month ago without having any response.

]]> Comment on Facebook Redirect Link – New Bypass Method – “:/” after the domain name by Aaron http://soroush.secproject.com/blog/2010/12/facebook-redirect-link-new-bypass-method-%e2%80%93-%e2%80%9c%e2%80%9d-after-the-domain-name/comment-page-1/#comment-5175 Aaron Tue, 05 Jul 2011 05:02:03 +0000 http://soroush.secproject.com/blog/?p=409#comment-5175 Hi, Maybe you can help me. I've directed / forwarded my url / domain to my facebook page. But before the redirect to the page, a prompt appears where you have to click "Go To Facebook" before you can access / land on the Facebook page. Is there a way to solve this? Thanks! Hi,

Maybe you can help me. I’ve directed / forwarded my url / domain to my facebook page. But before the redirect to the page, a prompt appears where you have to click “Go To Facebook” before you can access / land on the Facebook page. Is there a way to solve this? Thanks!

]]> Comment on Excel Advanced Search Add-In Application by “Advisories” has been updated « Soroush Dalili's Mirror Blog – بلاگ آینه ای سروش دلیلی http://soroush.secproject.com/blog/projects/exceladvancedsearchapplication/comment-page-1/#comment-5151 “Advisories” has been updated « Soroush Dalili's Mirror Blog – بلاگ آینه ای سروش دلیلی Tue, 17 May 2011 20:42:47 +0000 http://soroush.secproject.com/blog/#comment-5151 [...] my articles or even write about the vulnerabilities in details. Moreover, I need to update my “Excel Advanced Search” Add-In to be compatible with Office 2010, and also I need to put my “Secure Text Steganography [...] [...] my articles or even write about the vulnerabilities in details. Moreover, I need to update my “Excel Advanced Search” Add-In to be compatible with Office 2010, and also I need to put my “Secure Text Steganography [...]

]]> Comment on SQL Injection Tutorial Video by Hamid Ajandies http://soroush.secproject.com/blog/2009/01/sql-injection-tutorial-video/comment-page-1/#comment-5071 Hamid Ajandies Sat, 05 Mar 2011 18:54:38 +0000 http://soroush.secproject.com/blog/?p=143#comment-5071 please make a video tutorial on how to use cpanel bruter i have a script Aria cPanel cracker version is it going to be uploaded to a website in what format? i have been seening it on my website meaning hackers getting access to my root folder but i don't know how it work. thanks please make a video tutorial on how to use cpanel bruter i have a script Aria cPanel cracker version is it going to be uploaded to a website in what format? i have been seening it on my website meaning hackers getting access to my root folder but i don’t know how it work. thanks

]]> Comment on Travian Game Vulnerabilities in progress… by Travian Game Patch – Finally! « Soroush Dalili's Mirror Blog – بلاگ آینه ای سروش دلیلی http://soroush.secproject.com/blog/2009/11/travian-game-vulnerabilities-in-progress/comment-page-1/#comment-5020 Travian Game Patch – Finally! « Soroush Dalili's Mirror Blog – بلاگ آینه ای سروش دلیلی Mon, 31 Jan 2011 19:47:11 +0000 http://soroush.secproject.com/blog/?p=176#comment-5020 [...] These issues go back to June 2009. Related Link: http://soroush.secproject.com/blog/2009/11/travian-game-vulnerabilities-in-progress/ [...] [...] These issues go back to June 2009. Related Link: http://soroush.secproject.com/blog/2009/11/travian-game-vulnerabilities-in-progress/ [...]

]]> Comment on Unrestricted File Download V1.0 – Windows Server by holiman http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/comment-page-1/#comment-5019 holiman Sun, 30 Jan 2011 00:10:21 +0000 http://soroush.secproject.com/blog/?p=421#comment-5019 A third solution to the whole problem of sanitizing filenames is, simply, don't. The problem with black/whistlisting characters is that it is difficult to do it right, and even if you do, it is not portable between languages and operating systems. E.g. perhaps it is allowed for a file to have all kinds of crazy characters on the OS that is used. So, the third solution is to open the file via the framework used. *After* the file is opened, query the file-object for information about path, name and suffix. At that point, it is time for applying whitelists to see that these values are all ok. (Obviously, don't do this on frameworks which allow command execution in the same API calls as file opening - but this method should work for all moden high-level frameworks which have dedicated file APIs.) Regards! A third solution to the whole problem of sanitizing filenames is, simply, don’t. The problem with black/whistlisting characters is that it is difficult to do it right, and even if you do, it is not portable between languages and operating systems. E.g. perhaps it is allowed for a file to have all kinds of crazy characters on the OS that is used.

So, the third solution is to open the file via the framework used. *After* the file is opened, query the file-object for information about path, name and suffix. At that point, it is time for applying whitelists to see that these values are all ok.

(Obviously, don’t do this on frameworks which allow command execution in the same API calls as file opening – but this method should work for all moden high-level frameworks which have dedicated file APIs.)

Regards!

]]> Comment on A Dotty Salty Directory: A Secret Place in NTFS for Secret Files! by jimmy http://soroush.secproject.com/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/comment-page-1/#comment-5000 jimmy Mon, 24 Jan 2011 18:22:19 +0000 http://soroush.secproject.com/blog/?p=398#comment-5000 very interesting post my friend, thanks and greetings:) very interesting post my friend, thanks and greetings:)

]]> Comment on Cross Site URL Hijacking by using Error Object in Mozilla Firefox by Happy Reading 15 Web Hacking Techniques … « Jae Ho's Weblog http://soroush.secproject.com/blog/2010/05/cross-site-url-hijacking-by-using-error-object-in-mozilla-firefox/comment-page-1/#comment-4970 Happy Reading 15 Web Hacking Techniques … « Jae Ho's Weblog Wed, 12 Jan 2011 05:56:55 +0000 http://soroush.secproject.com/blog/?p=245#comment-4970 [...] Cross Site URL Hijacking by using Error Object in Mozilla Firefox [...] [...] Cross Site URL Hijacking by using Error Object in Mozilla Firefox [...]

]]> Comment on IE7-8 drive list enumeration! by chr1x http://soroush.secproject.com/blog/2010/03/ie7-8-drive-list-enumeration/comment-page-1/#comment-4946 chr1x Tue, 04 Jan 2011 17:58:13 +0000 http://soroush.secproject.com/blog/?p=230#comment-4946 Excellent work! keep rocking mate! chr1x Excellent work! keep rocking mate!

chr1x

]]> Comment on How Secunia PSI put the privacy in danger by Leo http://soroush.secproject.com/blog/2010/12/how-secunia-psi-put-the-privacy-in-danger/comment-page-1/#comment-4797 Leo Tue, 07 Dec 2010 19:33:12 +0000 http://soroush.secproject.com/blog/?p=378#comment-4797 It's a mesh on the internet, what about google etc??? It’s a mesh on the internet, what about google etc???

]]> Comment on How Secunia PSI put the privacy in danger by Retyt http://soroush.secproject.com/blog/2010/12/how-secunia-psi-put-the-privacy-in-danger/comment-page-1/#comment-4782 Retyt Sat, 04 Dec 2010 16:50:32 +0000 http://soroush.secproject.com/blog/?p=378#comment-4782 Great article, I really want a Secunia reply now! Great article, I really want a Secunia reply now!

]]> Comment on Cross Site Request Forgery (CSRF) PoC Template (by Javascript) by Cross Site Request Forgery (CSRF) PoC Template http://soroush.secproject.com/blog/projects/csrf_poc_template/comment-page-1/#comment-4573 Cross Site Request Forgery (CSRF) PoC Template Tue, 09 Nov 2010 17:47:03 +0000 http://soroush.secproject.com/blog/#comment-4573 [...] here to read more Tagged with: CSRF  0 Comments Leave A [...] [...] here to read more Tagged with: CSRF  0 Comments Leave A [...]

]]> Comment on Excel Advanced Search Add-In Application by npnbkck http://soroush.secproject.com/blog/2010/08/download-excel-advanced-search/comment-page-1/#comment-4504 npnbkck Thu, 23 Sep 2010 08:35:07 +0000 http://soroush.secproject.com/blog/?p=348#comment-4504 I love your works very much! Could you add the checklist box of all sheets per workbook that I can choose some of sheets to search in the next version? Thank you! I love your works very much!

Could you add the checklist box of all sheets per workbook that I can choose some of sheets to search in the next version?

Thank you!

]]>