Vulnerability Research & Development
| Home |
All the vulnerabilities listed here are all researched and discovered by me. Vulnerabilities which are confirmed and approved by the vendors or the security community are posted here. Note: Some more vulnerabilities are in the pipe-line and are held-up on vendor's requests. I shall update them once the vendor release the fixes.
To support my work, make a donation.
|
*Disabling GDS Desktop Link Integration In Google Pages Release Date: 27th Feb, 2007 |
|
Description: This article discuss a bit about why the GDS issues revolves primarily around the GDS Desktop link and how one can fix it permanently by disabling it which will ensure that users can still use GDS without the fear against exploits that are targeted towards the desktop link. Download Link : gds-desktoplink-fix |
|
Copyright © 2007 Debasis Mohanty |
|
Defeating Microsoft Office Genuine Advantage (OGA) Check Release Date: 29th Jan, 2007 |
|
Description:
To say clean, there are 101 ways to defeat such lame attempt
to prevent piracy or have control over illegal usage of
softwares. The PoC describes two different methods to defeat
Office Genuine Advantage validation check |
|
Proof-of-Concept
:
defeat-oga |
|
Bugtraq ID:
NA CVE: NA Other Related Links : tobeupdated |
|
Copyright © 2007 Debasis Mohanty |
|
Google AdWords Multiple HTTP response splitting vulnerabilities Release Date: 14th Dec, 2006 |
|
Description:
Multiple CRLF injection (aka HTTP response splitting)
vulnerabilities are identified in Google AdWords, which
may be exploited by a remote attackers to inject arbitrary
HTTP headers. |
|
Proof-of-Concept
:
adwords-crlf-injection |
|
Bugtraq ID:
NA CVE: NA Other Related Links : Zone-H Media Publications: internetnews.com |
|
Copyright © 2006 Debasis Mohanty |
|
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT Release Date: 23rd Oct, 2006 |
|
Description:
Multiple CRLF injection (aka HTTP response splitting)
vulnerabilities are identified in Shop-Script PREMIUM, which
may be exploited by a remote attackers to inject arbitrary
HTTP headers. |
|
Proof-of-Concept
:
shop-script crlf injection |
|
Bugtraq ID:
20685 CVE: CVE-2006-5566 Other Related Links : FrSIRT, Secunia.com |
|
Copyright © 2006 Debasis Mohanty |
|
Microsoft Excel File Embedded Shockwave Flash Object Exploit Release Date: 20th Jun, 2006 |
|
Description:
Malicious Flash files with explicit java scripts can be
embedded within excel spreadsheets using “Shockwave Flash
Object” which can be made to run once the file is opened by
the user. It doesn’t require user’s intervention to activate
the object rather it runs automatically once the file is
opened. |
|
Proof-of-Concept
:
xls-embed-swf-expl |
|
Bugtraq ID:
18583 CVE: CVE-2006-3014 Other Related Links : Microsoft Bulletin, Juniper, SecuriTeam, ISS X-Force, Adobe, FrSIRT |
|
Copyright © 2006 Debasis Mohanty |
|
Firefox (with IETab Plugin) Null Pointer Dereferences Bug Release Date: 17th May, 2006 |
|
Description:
Firefox with the IETab installed crashes when ietab plugin
is unable to handle specific javascripts. It seems to be a
null pointer dereference bug. Refer the PoC (Proof of Concept) for
more details. |
|
Proof-of-Concept
:
ff-ietab-die |
|
Bugzilla Bug:
14151 CVE: CVE-2006-2538 Other Related Links : nist.gov, ISS X-Force |
|
Copyright © 2006 Debasis Mohanty |
|
w3wp remote DoS due to improper reference of STA COM components in ASP.NET Release Date: 21st Mar, 2006 |
|
Description:
Often developers forget to use the “AspCompat” directive
which is required while referencing COM components in
ASP.NET. Missing AspCompat directive causes general
instability and poor performance of the web application,
just a simple increase of load on a web server may cause it
to crash. After working for more than one month with
Microsoft (MSRC) on this issue, it is finally concluded that
the w3wp crash can occur un-expectedly and is due to
improper reference of COM or COM+ in the asp.net
applications. Refer the PoC (Proof of Concept) for
more details. |
|
Proof-of-Concept
:
w3wp-remote-dos |
|
Bugtraq ID:
17188 CVE: CVE-2006-1364 Other Related Links : SecuriTeam, security.nnov.ru, ISS X-Force, nist.gov, milw0rm |
|
Copyright © 2006 Debasis Mohanty |
|
Google Reader 'Preview' and 'Lens' Script Improper Feed Validation Vulnerability Release Date: 22nd Feb, 2006 |
|
Description:
Google reader is a rss and atom feed reader which displays
only those contents which the user has subscribed for
however two vulnerabilities has been identified which may
allow an attacker to entice it's victim (using Google reader
service) to view unwanted web contents carrying malicious
payloads. |
|
Proof-of-Concept
:
google-reader-vuln |
|
Bugtraq ID:
* CVE: * Other Related Links : Zone-H, Anti-Phishing Italia |
|
Copyright © 2006 Debasis Mohanty |
|
phpMyChat Identical User Id and Password Authentication Bypass Vulnerability Release Date: 20th Feb, 2006 |
|
Description:
In the default installation of phpmychat (version 0.14.5)
any unregistered user can gain access to the chat rooms by
inputting identical user name and password in the input box.
i.e. the user name should be same as password. I tried
logging in through various vulnerable sites using identical
user id and password combination which granted me
un-authorized access to the rooms. |
|
Proof-of-Concept
:
phpMyChat-Auth-Bypass |
|
Bugtraq ID:
* CVE: * Other Related Links : ISS X-Force, OSVDB, security.nnov.ru |
|
Copyright © 2006 Debasis Mohanty |
|
Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability Release Date: 8th Nov, 2005 |
|
Description:
Zone Alarm products with Advance Program Control or OS Firewall
Technology enabled, detects and blocks almost all those APIs (like
Shell, ShellExecuteEx, SetWindowText, SetDlgItem etc) which are
commonly used by malicious programs to send data via http by
piggybacking over other trusted programs. However, it is still
possible for a malicious program (Trojans or worms etc) to make
outbound connections to the evil site by piggybacking over trusted
Internet browser using “HTML Modal Dialog” in conjunction with
simple “JavaScript”. Here it is assumed that the default browser (IE
or Firefox etc) has authorization to access internet. |
|
Proof-of-Concept
:
osfwbypass-demo.zip |
|
Bugtraq ID:
15347 CVE: CVE-2005-3560 Other Related Links : Securityfocus, OSVDB, Secunia, ISS X-Force, SecuriTeam |
|
Copyright © 2005 Debasis Mohanty |
|
Bypassing Zone Alarm Firewall Using DDE-IPC Release Date: 28th Sep, 2005 |
|
Description: While I was testing desktop based firewalls (here it is Zone Alarm Pro
and Free version) with
the firewall evasion kit developed by me, I found that a very old flaw still
exists in many latest versions of desktop based firewalls. It is possible
for a malicious program to bypass a desktop based firewall by using DDE-IPC
(Direct Data Exchange – Interprocess Communications) which enables an
un-trusted program to communicate with the attacker or access internet via
other trusted programs (Ex: Internet Explorer). This flaw is known since
before year 2003. |
|
Proof-of-Concept
:
zabypass.zip |
|
Bugtraq ID:
14966 CVE: * Other Related Links : Zone Labs Advisory, Securityfocus, FrSIRT Media Publications: news.zdnet.com |
|
Copyright © 2005 Debasis Mohanty |
|
Defeating Citi-Bank Virtual Keyboard Protection Release Date: 6th Aug, 2005 |
|
Description: Early this year, Citi-Bank introduced the concept of Virtual Keyboard to defend against malicious programs like keyloggers, Trojans and spywares etc. However, the Virtual Keyboard concept can be easily defeated by using Win32 APIs to access HTML documents. Refer the PoC (Proof of Concept) for more details. |
|
Proof-of-Concept
:
defeat-citibank-vk.zip |
|
Bugtraq ID:
* CVE: * Other Related Links : ISS X-Force, US-CERT, Virus.org, Hacknthebox.org |
|
Copyright © 2005 Debasis Mohanty |
|
Indiatimes Shopping Cart XSS (Cross Site Scripting) Vulnerability Release Date: 29th July, 2005 |
|
Description: Indiatimes shopping cart is one of the largest shopping and auctioning portal in India. Indiatimes Shopping Cart (http://store.indiatimes.com) can be exploited by any malicious user to conduct cross-site scripting and script insertion attacks. The Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link. |
|
Proof-of-Concept
:
Indiatimes-sc-xss |
|
Bugtraq ID:
* CVE: * Other Related Links : security.nnov.ru |
|
Copyright © 2005 Debasis Mohanty |
|
Defeating Microsoft WGA (Windows Genuine Advantage) Validation Check Release Date: 23rd May, 2005 |
|
Description: WGA (Windows Genuine Advantage) is a concept introduced by Microsoft builds functionality in its few of the public beta products to conduct a genuine product check before the product gets installed. MS products or tools with WGA check enabled can only be installed on a valid / genuine copy of MS Windows XP. Incase it is a pirated copy then the product denies to install. If you are aware of Microsoft WGA validation then you can directly jump in to the PoC section otherwise it is advisable to read on WGA and what it does before reading the PoC. |
|
Proof-of-Concept
:
defeating-wga-check.zip |
|
Bugtraq ID:
* CVE: * Other Related Links : OSVDB Media Publications: news.com, timesofindia, pcmag, rediff-news, businessstandard |
|
Copyright © 2005 Debasis Mohanty |
|
CuteNews 'archive' parameter XSS (Cross Site Scripting) Vulnerability Release Date: 16th Aug, 2004 |
|
Description: CuteNews "archive" parameter is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. An attacker can embed HTML or JavaScript in the archive parameter in a specially-crafted URL request to the show_archive.php script, which would be executed in the victim's Web browser within the security context of the hosting site. An attacker can also use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
Proof-of-Concept
:
cutenews-xss |
|
Bugtraq ID:
10948 CVE: * Other Related Links : Securityfocus, OSVDB, Secunia, ISS X-Force Nessus Plugin : nessus-plugin |
-- :: Tr0y (a.k.a Debasis Mohanty) :: --
For any queries / comments / flames / appreciations, shoot a mail at: