Research

 

 

#18Microsoft Windows Server Service (MS08-067) Exploit
Description This exploit demonstrate the vulnerability found in Microsoft Windows Server Service (SRVSVC). The download includes the python exploit script. Presently the exploit is only made to work against win2k and win2k3-sp2. I have no plans as such to plugin the xp payload incase I get time I may update it in future.
Release Date 17-Nov, 2008
Reference SecurityFocus, SecurityVulns, exploit-db
Media Coverage  
Credits for exploit only
Comments  
Download PoC

 

#17Adobe Reader Javascript Printf Buffer Overflow Exploit
Description This exploit demonstrate the vulnerability found in Adobe Reader javascript util.printf method. The download includes the exploit script which needs to be embedded into the pdf file for exploit test.
Release Date 6-Nov, 2008
Reference SecurityFocus, exploit-db
Media Coverage  
Credits for exploit only
Comments This exploit was mis-used by malware authors to target various users over the internet including government. Refer news here.
Download PoC

 

#16Defeating Microsoft Office Genuine Advantage (OGA) Check
Description The Office Genuine Advantage (OGA) check is part of a Microsoft effort to reduce piracy. However there are possibly 101 ways to defeat any such lame attempt to prevent software piracy. Though I do not believe in software piracy but I was bit intrigued to check whether Microsoft has any fool proof plans to beat piracy. Interestingly it did not take me longer to beat the piracy protection implemented by Microsoft. Refer the PoC where I have outlined two different methods to defeat Office Genuine Advantage validation check.
Release Date 29-Jan, 2007
Reference  
Media Coverage ZDNet
Credits for both vulnerability and exploit
Comments This exploit was mis-used by worm authors to target various users over the internet including government. Refer news here.
Download PoC

 

#15Adobe Acrobat 'Collab.collectEmailInfo' Function Download/Exec Exploit - CVE-2007-5659
Description This vulnerability was made public back in Feb,2008 and I wrote the exploit for this issue back in Oct 2008 but could not release it due to IP agreement with my contractor. Hence released a download/exec demo video.
Release Date 24-Oct, 2008
Reference  
Media Coverage  
Credits for Only exploit video was released and the exploit code was kept as zero day as per contract agreement.
Comments  
Download PoC Video

 

#14RealPlayer ierpplug.dll ActiveX Control BO Exploit - CVE-2007-5601
Description This vulnerability was made public back in Oct,2007 however there were no publicly available exploit until 2008. I wrote the exploit for this issue back in April 2008 but could not release it due to IP agreement with my contractor. Hence released a video for demo back in 2008.
Release Date 11-Apr, 2008
Reference  
Media Coverage  
Credits for Only exploit video was released and the exploit was kept as zero day as per contract agreement.
Comments  
Download PoC Video

  

#13Google AdWords Multiple HTTP Response Splitting
Description Multiple CRLF injection (aka HTTP response splitting) vulnerabilities are identified in Google AdWords, which may be exploited by a remote attackers to inject arbitrary HTTP headers.
Release Date 14-Dec, 2006
Reference ISS X-Force
Media Coverage Internetnews.com
Credits for both vulnerability and exploit
Comments This exploit was mis-used by worm authors to target various users over the internet including government. Refer news here.
Download PoC

 

#12Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT
Description Multiple CRLF injection (aka HTTP response splitting) vulnerabilities are identified in Shop-Script PREMIUM, which may be exploited by a remote attackers to inject arbitrary HTTP headers.
Release Date 23-Oct, 2006
Reference BID 20685, CVE-2006-5566, Secunia
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

 

#11Microsoft Excel File Embedded Shockwave Flash Object Abuse
Description Malicious Flash files with explicit java scripts can be embedded within excel spreadsheets using “Shockwave Flash Object” which can be made to run once the file is opened by the user. It doesn’t require user’s intervention to activate the object rather it runs automatically once the file is opened.
Release Date 20-Jun, 2006
Reference BID 18583, CVE-2006-3014, Microsoft Bulletin MS06-069, SecuriTeam, ISS X-Force
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

  

#10Firefox (with IETab Plugin) Null Pointer Dereference
Description Firefox with the IETab installed crashes when ietab plugin is unable to handle specific javascripts. The vulnerability can be confirmed to be a null pointer dereference issue. Refer the PoC for more details.
Release Date 17-May, 2006
Reference Bugzilla ID 14151, CVE-2006-2538, NIST, ISS X-Force
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

 

#09Microsoft ASP.NET w3wp.exe COM component DoS
Description Often developers forget to use the “AspCompat” directive which is required while referencing COM components in ASP.NET. Missing AspCompat directive causes general instability and poor performance of the web application, just a simple increase of load on a web server may cause it to crash. After working for more than one month with Microsoft (MSRC) on this issue, it is finally concluded that the w3wp crash can occur un-expectedly and is due to improper reference of COM or COM+ in the asp.net applications. Refer the PoC (Proof of Concept) for more details.
Release Date 21-Mar, 2006
Reference BID 17188, CVE-2006-1364, NIST, SecuriTeam
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

 

#08Google Reader Improper Feed Validation Vulnerability
Description Google reader is a rss and atom feed reader which displays only those contents which the user has subscribed for however two vulnerabilities has been identified which may allow an attacker to entice it’s victim (using Google reader service) to view unwanted web contents carrying malicious payloads.
Release Date 22-Feb, 2006
Reference Zone-H
Media Coverage  
Credits for both vulnerability and exploit
Comments An exploit is not required. Refer PoC posted over full disclosure mailing list.
Download No PoC available for download. Refer PoC details posted over full-disclosure mailing list.

 

#07phpMyChat Identical User Id and Password Authentication Bypass
Description In the default installation of phpmychat (version 0.14.5) any unregistered user can gain access to the chat rooms by inputting identical user name and password in the input box. i.e. the user name should be same as password. I tried logging in through various vulnerable sites using identical user id and password combination which granted me un-authorized access to the rooms.
Release Date 20-Feb, 2006
Reference ISS X-Force, securityvulns.ru
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download No PoC available for download. Refer details posted over full-disclosure mailing list.

 

#06Zone Labs Products Advance Program Control Bypass
Description Zone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all those APIs (like Shell, ShellExecuteEx, SetWindowText, SetDlgItem etc) which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious program (Trojans or worms etc) to make outbound connections to the evil site by piggybacking over trusted Internet browser using “HTML Modal Dialog” in conjunction with simple “JavaScript”. Here it is assumed that the default browser (IE or Firefox etc) has authorization to access internet. The PoC demonstrate how the ZoneAlarm Advance Program Control and Behavior Based Technology can be defeated by using HTML Modal Dialog Box in conjunction with JavaScript. Refer the PoC (Proof of Concept) for more details.
Release Date 8-Nov, 2005
Reference BID 15347, CVE-2005-3560, SecuriTeam Advisory, NIST, ISS X-Force, Secunia
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

  

#05Bypassing Zone Alarm Firewall Using DDE-IPC
Description While I was testing desktop based firewalls (here it is Zone Alarm Pro and Free version) with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange – Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (Ex: Internet Explorer). This flaw is known since before year 2003.This PoC will demonstrate how an un-trusted program can access internet or send victim’s information to the attacker by using other trusted programs in the system (Ex: Internet Explorer). The information can be sent to the malicious site by injecting victim’s information via Internet Explorer “http” requests. Refer the PoC (Proof of Concept) for more details.
Release Date 28-Sep, 2005
Reference Zone Labs Security Advisory, Juniper Advisory
Media Coverage  
Credits for both vulnerability and exploit
Comments  
Download PoC

  

#04Defeating Citi-Bank Virtual Keyboard Protection
Description Early in the year 2005, Citi-Bank introduced the concept of Virtual Keyboard to defend against malicious programs like key loggers, Trojans and spywares etc. However, the Virtual Keyboard concept can be easily defeated by using Win32 APIs to access HTML documents. Refer the PoC (Proof of Concept) for more details.
Release Date 6-Aug, 2005
Reference ISS X-Force, HITB
Media Coverage  
Credits for both vulnerability and exploit
Comments The PoC was created back in 2005 and was particularly made to work with virtual keyboards on Citibank India website. The same PoC an be modified to make it work for any virtual keyboard on any website. The PoC available for download will not currently work with Citibank website as the site has undergone several changes since the PoC was released hence a little modification will be required to the PoC to make it work for any virtual keyboard. 
Download PoC

 

#03Indiatimes Shopping Cart XSS (Cross Site Scripting) Vulnerability
Description Indiatimes shopping cart is one of the largest shopping and auctioning portal in India. Indiatimes Shopping Cart (http://store.indiatimes.com) can be exploited by any malicious user to conduct cross-site scripting and script insertion attacks. The Input passed to certain parameters in various scripts isn’t properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or script code in a user’s browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link.
Release Date 29-July, 2005
Reference security.nnov.ru
Media Coverage  
Credits for both vulnerability and exploit
Comments Refer Proof-of-Concept posted over full-disclosure mailing list.
Download  

 

#02Defeating Microsoft WGA (Windows Genuine Advantage) Validation Check
Description WGA (Windows Genuine Advantage) is a concept introduced by Microsoft builds functionality in its few of the public beta products to conduct a genuine product check before the product gets installed. MS products or tools with WGA check enabled can only be installed on a valid / genuine copy of MS Windows XP. Incase it is a pirated copy then the product denies to install. If you are aware of Microsoft WGA validation then you can directly jump into testing the PoC otherwise it is advisable to read about WGA before testing the PoC.
Release Date 23-May, 2005
Reference OSVDB-ID 16827
Media Coverage CNET News, Times of India
Credits for both vulnerability and exploit
Comments  
Download PoC

  

#01CuteNews ‘archive’ parameter XSS Vulnerability
Description CuteNews “archive” parameter was found vulnerable to cross-site scripting, caused by improper validation of user-supplied input. An attacker can embed HTML or JavaScript in the archive parameter in a specially-crafted URL request to the show_archive.php script, which would be executed in the victim’s Web browser within the security context of the hosting site. An attacker can also use this vulnerability to steal the victim’s cookie-based authentication credentials.
Release Date 16-Aug, 2004
Reference Secunia Advisory SA12260, Bugtraq ID 10948
Media Coverage  
Credits for both vulnerability and exploit
Comments Here is an example URI sufficient to demonstrate this vulnerability: http://www.example.com/show_archives.php?archive=[Javascript]&subaction=list-archive&
Download N/A 

Statistics

Users
10
Articles
18
Web Links
6
Articles View Hits
64373

Guests Online

We have 15 guests and no members online

Follow Us

Twitter

Stay Tuned

Stay tuned to our twitter account and the mailing list Ring-of-Fire for any news and updates.