Category Archives: Normal Posts

My Normal Posts

Excel Advanced Search Add-In Application

This is a handy Excel Add-In which helps you to search/replace inside of your excel files better and simpler. The best thing about this Add-In is that it’s free and open source. Therefore, you can simply customize it for your needs.
Unfortunately the built-in search function of Microsoft Excel is too weak, and it cannot even do the simple tasks. Moreover, other useful search applications that can search/replace inside of Excel files are not free. As a result, I decided to write this tool in order to have more power in Excel searching process.
As this application is quite new, it is not free of fault. Please let me know if you find any issue. I will try to update this section in future in case of having a new release for this application.

Features

– Accepting Regular Expressions
– Supporting Inclusion or Exclusion
– Case sensitivity option
– Selecting unique results option
– Ability to export the results to an Excel file
– Searching in multiple files at the same time
– Detecting opened Workbooks
– Flexible result view
– Having search and replace functionality
– Having Formula Schema option (currently it just have credit card number checker)
– Having logbook to keep the previous keywords
– Capable to search inside of different versions of Excel files

Download

Version: 2.6.1
Date: 14 August 2010
Author: Soroush Dalili
Price: Free and open source!
Download Link: http://soroush.secproject.com/downloadable/excel_search_app.zip
Download Link (Mirror): http://www.0me.me/files/soroush.secproject.com/excel_search_app.zip
URL: http://soroush.secproject.com/blog/projects/exceladvancedsearchapplication/

Screen Shots:

Clicking on an offline message link in Yahoo Messenger can lead to Session Hijacking

Clicking on an offline message link in Yahoo Messenger is the same as clicking on an unknown link in your yahoo mail! In fact, Yahoo authenticates you before opening the destination link by using this URL:
http://login.yahoo.com/config/reset_cookies_token?.token=[Your Valid Token]&.done=[Destination Link]
Note 1: Fortunately, the destination cannot read your valid token by using referrer section of the HTTP request. However, this valid token is stored at your browser’s history, and if you do not sign-out from Yahoo, it can be dangerous.
Now you may ask why clicking on link while you are authenticating in yahoo is dangerous:
There are a lot of Cross Site Scripting (XSS) vulnerabilities in yahoo.com sub-domains. Some of these XSS attacks are simply detectable by IE8 and/or NoScript (a recommended Mozilla Firefox Add-on), and some aren’t. For example, some of Asian sub-domains of yahoo.com still have SQL Injection. And it is simply possible to cover an XSS attack by using a simple SQL Injection. Moreover, there are some points with different encoded inputs such as UTF-7 or Base64 which can be used to bypass the client-side protections. There are some other types as well that I do not want to talk about them here (I do not want to teach how to find XSS in this post). Some examples: http://www.xssed.com/search?key=yahoo.com

I’m scared. What should I do then?
1- Only open your email in private browsing mode.
2- Do not click on unknown links which are sent to you via offline messages or your email. If you want to open that link, simply open another private browsing and copy/paste that link there to open it. Moreover, you can open those links in a different browser from your open yahoo mail or your default browser.
3- Please always look at the link destination and do not trust its name. For example this link will redirect you to google.com instead of: http://www.yahoo.com/.

I clicked on a link by mistake. What should I do?
1- If you have knowledge of web security, you can open that link while monitoring your browser by using a local proxy such as Fiddler or BurpSuite. You will see if there is any request to yahoo.com or any other domains then.
2- If you are not sure about what you have done, you MUST change your password immediately. This is the only way that you can protect yourself. Even decreasing the life time of your Yahoo session (Cookie) cannot solve your problem.

What will happen if I don’t care?
1- Attackers will have access to your Yahoo.com account without knowing your password. Fortunately, they cannot change your password directly (they still can use forgot password section).

New update – July 2010

I want to update my blog with this new post:
– I learned good things from BlackHat 2010 although I was not there! JavaSnoop is a great tool by the way. Although there are some minor bugs, this tool is solving many of my problems!

– Some software are immune against my reports like Fortify! I’m not sure if it’s a good thing for them however! This is not my policy!

– Burpsuite Pro is great and I’m waiting for the new version after fixing my issues (current version is 1.3.07).

– A dangerous CSRF vulnerability in Secunia Community has been fixed – in which attacker could change a user’s email address and then use forgot password feature to reset his/her password – immediately after my report.

More info: http://secunia.com/community/forum/thread/show/4856/notification_of_fixed_csrf_issue

– CodeProject.com wants to fix a vulnerability that I’ve reported 1 month ago.

– I’ve reported a Microsoft .Net security vulnerability to them and I’ve just received their first “thank you” email. Now, I’m waiting to see what would happen.

– I reported a dangerous CSRF vulnerability in BlogFa.com to them several months ago. Although they’ve fixed that issue, they did not give me any credit! Should I report their flaws in future? I’m not so sure!

– I want to release a powerful tool for Steganography in text soon! This is my MSc. project that I’ve changed it a bit.

Another Simple DOM Viewer

What is inside of an object in my browser? What about you?

I’d written a simple JavaScript code in order to list the content of an HTML object. Now, I want to share it with you as well. Although in Mozilla Firefox it is not as good as FireBug, it is very simple and makes life easier! Moreover, it is very useful to get some ideas about misusing the DOMs for example to bypass the Same Origin Policy or even for Steganographic purposes. However, I do not advise you to use this JS code to steal users’ HTML objects in case of having an XSS in an application as you can write a faster and more reliable code for any special target.

So, it is just a code for playing in order to gain more experience and also having fun with DOMs. Please cite me or let me know if you find anything interesting by using it.

Click here for the demo and the code: http://0me.me/demo/tricks/DOM_Obj_Browse.html

Save it, Modify it, Enjoy and please do not forget me ;)

از این کد می توانید به منظور دیدن تمامی objectهای موجود در یک صفحه HTML استفاده کنید. این کد به شما کمک خواهد کرد تا شناخت بیشتری نسبت به اشیا موجود به دست بیاورید. حتی ممکن است بتوانید به کمک آن SOP را بایپس کنید یا از آن برای پیدا کردن ایده برای نهان نگاری (Steganography) استفاده کنید. لطفا در صورت یافتن اطلاعات جالب و یا آسیب پذیری مرورگرهی وب مرا نیز در جریان تحقیق خود قرار دهید. موفق باشید.

The Web Application Security Consortium Threat Classification v2.0

After OWASP updated its Top 10, now I’m very glad to quote this:

The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC Threat Classification v2.0.

You can read more information from these links: http://projects.webappsec.org/Threat-Classification and http://projects.webappsec.org/f/WASC-TC-v2_0.pdf

Cheers,

Soroush