ush.it - a beautiful place

Detect NoScript POC

October 11, 2007 at 6:40 pm - Filed under Hacks, Language EN - 816 words, reading time ~2 minutes - Permalink - Comments

I was looking for a NoScript detector, something that could tell me if the user has JS disabled in the Firefox preferences or by the NoScript plugin written by Maone, and found nothing. To repair this i wrote this trivial POC that is able to accomplish the task, it performs fingerprinting based on the behavior of the browser under the different possible conditions and is really reliable from the measurements done until now.

Skype 1.4.118 for Linux = Panacea

October 7, 2007 at 4:01 pm - Filed under Insecurity, Language EN - 318 words, reading time ~1 minutes - Permalink - Comments

Few moments ago i was reading the Skype 1.4.118 for Linux changelog and noticed a new feature named "Auto-accept file transfers". Damn i thought, if it's by default an issue found accidentally some time ago is now fully weaponized: Skype 1.4.0.74 (probably also others) happily overwrites files without asking!

GreenSQL, a MySQL firewall, bypassed.

October 4, 2007 at 6:17 pm - Filed under Hacks, Language EN - 546 words, reading time ~1 minutes - Permalink - Comments

Today on the ml one of our pupils, remix, posted about GreenSQL, "an Open Source database firewall used to protect databases from SQL injection attacks". In other words something that stands to SQL as mod_security stands to HTTP.

Original Photo Gallery Remote Command Execution

October 2, 2007 at 9:54 pm - Filed under Hacks, Language EN - 666 words, reading time ~2 minutes - Permalink - Comments

We found a severe vulnerability in the Original script, a photo gallery software. Remote command (directly into an exec()) execution is possible with register globals on regardless the PHP version.

THP USH Wisec DigitalBullets