Written by admin in RE, Technology on Tue 14 February 2012.
This article presupposes a basic understanding of how function calls and
stacks work. If you'd like to learn or need a refresher, Wikipedia is
always a good place to start.
Introduction
Referencing uninitialized memory is a fairly common programming mistake
that can cause a variety of seemingly bizarre behaviors ...
Continue reading »
Last May, I wrote about a remote password disclosure vulnerability I
found in a proprietary protocol used to control ~150 different low-end
IP cameras. The exploit I wrote was tested on the Rosewill RXS-3211,
a rebranded version of the Edimax IC3005. The vulnerability remained
unpatched in the RXS-3211 until July ...
Continue reading »
Today's post is kind of long, so I thought I should warn you in advance
by adding an additional paragraph for you to read. I also wanted to
provide download links for those who'd rather just read the code. It
isn't the cleanest code in the world ...
Continue reading »
This is a short post documenting the vulnerability I inadvertently found
yesterday in the 1 Flash Gallery plugin, which has since been
patched. This plugin has been downloaded an estimated 460,000 times, and
as of yesterday was ranked by Wordpress as the 17th most popular plugin
(although I'm ...
Continue reading »
Updates in this Release
So after a ridiculously long period of procrastination, I finally got
around to updating Sergio Proxy to make it remotely usable. I was never
very happy with how the initial code turned out, but given that it was
hacked out in a couple days just to ...
Continue reading »
When I first started on this post, I intended to write about some fun
things one can do with a $30 Rosewill IP camera (RXS-3211). While I
still intend to do this in the near future, I decided instead to
document an interesting password disclosure vulnerability I found that
appears ...
Continue reading »
Well, here were are, about three months since I initially released
d0z.me, and I've finally gotten away from school and life for a bit
this week and updated it. However, I think it was definitely worth the
wait. You can grab the code over at d0z.me's ...
Continue reading »
This was not what was supposed to get posted this week, but sadly, this is what my time got spent on. From the
d0z.me main page:
Hey all,
Dreamhost informed me today that they received complaints regarding
d0z.me, which was not wholly unexpected. I would certainly have
appreciated ...
Continue reading »
This post documents an XSS vulnerability that I discovered in the
default Gmail app (v1.3) provided by Google in Android 2.1 and prior.
All versions included in Android up to and including 2.1 seem to be
affected, but the bug was unintentionally patched in Froyo (2.2 ...
Continue reading »
This post documents an XSS vulnerability I discovered in the event
tracking functionality provided by Google Analytics. Given a website's
Google account number (which can be found in the site source), one could
spoof specially crafted events that, when clicked in the administrative
interface, would run arbitrary Javascript in ...
Continue reading »