Skip to main content

Posts

Showing posts from August, 2009

OWASP AppSec Asia Conference 2009, New Delhi

2009 - OWASP India is back with more interesting and exciting stuff from AppSec World..With the successful launch of OWASP India Conference in August 2008, organized in New Delhi with participation from 350+ attendees from 80+ companies and government sector. OWASP India now proudly announces the biggest Information security conference in India in association with Canada based Information Security Conference (www.securitybyte.org). Securitybyte and OWASP AppSec Asia Conference 2009 is planned for 17 th - 20 th November 2009 in New Delhi. Event will cover end-to-end Information Security tracks that includes Application Security, Network / Infrastructure Security, Cyber Terrorism, Cloud security, SOA Security, Cyber Forensics, Wi - Fi security, Risk Management & Compliance, etc. Brief list of Speakers in the conference: Howard A. Schmidt , Advisor, NIST & PSG - ENISAJohn Bumgarner , SSCP Research Director for Security Technology, U.S. Cyber Consequences Unit Sh

An Introduction to PDF XSS

Here I am going to give a brief write up about PDF XSS . Amit Klien introduced a third kind of XSS attack-DOM Based XSS in which exploits client side vulnerabilities rather than Server Side flaws.He also observed how the # character can be used to, very conveniently, avoid sending attack payload to the server.DOM-based XSS typically uses JavaScript.Example (taken from Amit ’s paper): <HTML><TITLE>Welcome!</TITLE>Hi <SCRIPT>var pos = ocument.URL.indexOf("name=") + 5; document.write(document.URL.substring(pos,document.URL.length));</SCRIPT></HTML> Exploiting PDF :U se the same technique using JavaScript it would execute it when a link in the following format is encountered: http://www.example.com/file.pdf#a=javascript:alert( ) Threats: After a successful attack the code is executed in the context of the site that hosts the PDF file. The attacker is in full control of the victim’s browser (think session hijacking, request forgery, etc.

Automated CSRF attack tool MonekyFist

A pair of researchers here yesterday unleashed a tool that automatically executes dangerous cross-site request forgery (CSRF) attacks. Shawn Moyer and Nathan Hamiel demonstrated how their tool, MonkeyFist , performs what they call "dynamic" CSRF attacks, or attacks on Websites that have put up preventative measures such as tokenization and session IDs . CSRF is when an attacker makes a Web request within the context of the victim's Web session. The researchers say the emergence of integrated and aggregated content, such as buttons for Twitter or "Digg This," have opened up even more possibilities for these attacks, which take advantage of a pervasive but difficult-to-detect vulnerability in many Websites. This "session-riding" attack basically lets the bad guy silently ride atop the victim's Web session. "You're [the attacker] already authenticated into a site, and the user's session, header, and cookie is already there," says Moy