Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/adminseb/public_html/wp-includes/wp-db.php on line 3283

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/adminseb/public_html/wp-includes/wp-db.php on line 3283
PoC | Security Generation
Skip to content

Posts tagged ‘PoC’

10
Mar

Safari Errorjacking Vulnerability and Exploit [Patched]

One of the vulnerabilities patched in Safari 5.0.4 is a fairly critical issue in WebKit (CVE-2011-0167) that allows Javascript to jump into the local zone, and access any file on the local computer that is accessible to the current user. This could be used by malicious websites to extract files and information from the victim’s computer. The vulnerability affects Safari on Mac OS X and Windows, and could affect other WebKit-based browsers, although Chrome is safe due to added restrictions.

The bug exists because most browser error pages are loaded from the local “file:” zone, a zone that Javascript is not normally allowed to access directly. Since a child browser window remains under the control of the parent, it is possible to cause a child browser window to error, thus entering the normally-restricted local zone, and then instructing the child window to access local files using this elevated local-zone privilege.

This issue was a nice catch, discovered by Aaron Sigel who has a detailed explanation, video demo and proof-of-concept on his blog. It probably goes without saying, but Safari users should run Software Update as soon as possible.

22
Jul

Safari AutoFill Information Disclosure (with PoC)

Thanks to Safari’s nifty AutoFill feature, it has long been susceptible to an information disclosure vulnerability which could allow an malicious web page to extract various details stored in your personal vCard in Address Book.

This was highlighted a while back, and today re-emphasized by Jeremiah Grossman with a proof-of-concept attack.

The issue exists due to the way that Safari tries (by default) to auto-populate some of your details, including name, address, telephone number, etc, when you fill out forms. This can only happen if you have ‘AutoFill web forms’ enabled in Safari’s preferences, as shown in the screenshot below:

Uncheck these boxes to prevent this attack… but note that you’ll have to type your own info in afterwards! It’s not a high-risk vulnerability, but if you’re concerned about your privacy whilst browsing and in general, do what I do and don’t actually set an empty card as your personal card in Address Book. You can do this by creating a new card (enter some dummy info if you want), selecting it, and then choosing “Make this my card” from the Card menu.

Apple’s been notified of the issue, however as this is a ‘feature’ and not a bug, it’ll be interesting to see whether they’ll actually choose to do anything about it.

css.php