Domain: xs-sniper.com
Stories and comments across the archive that link to xs-sniper.com.
Comments · 12
-
Re:Am I not understanding this correctly?
I get the gist of the article - user flash content shouldn't be served from the same domain as your app.
Just let's hope that flash doesn't share the same vulnerability as java, where a malicious app can just fool the VM using conn.setRequestProperty("Host", "appdomain.target.com");
. -
Re:Broken security model
If you can write an SWF that can be executed to compromise a website, despite the fact that it looks like, acts like, and in fact is a valid MS Word document, I'd call that a problem.
Your JAR example is actually a pretty good one... as TFA mentions, a similar attack with JAR files that looked like GIFs came out in 2008. Sun fixed their plugin.
-
Rios has posted further clarification...
Except that NOTHING is clear:
http://xs-sniper.com/blog/
He is saying that the "Carpet Bomb" issue IS fixed, but that he is aware of three other methods to exploit interaction between Safari and Firefox.
He is giving out no details, no work-arounds and no advice on how to protect yourself. It's all a little bit vague.
I'm starting to suspect Shenanigans. -
Quit whining
Here is Billy & Nate's blog
You can look around for the additional information they have.
-h -
Re:Oh my
Again, people are reading other peoples words as though they are ours. Please see our page for the information... a simple Google search would've provided you with this info. XS-Sniper Thanks, Nate
-
Re:Oh my
Gents, please keep in mind that we did not post this original story. If you want to see the technical content, you should actually go and read the research we posted at our site XS-Sniper. This was not referenced in the article. As for the security.itworld.com link that references stealing user's data, this is a new story that we were just interviewed on a couple of days ago. The vulnerability is real, and will be released after appropriate communications with the vendor. Thanks, Nate
-
Re:Not just Firefox.
yes, it is the null byte. go ahead, try it yourself in Start->Run (just did myself). take the mailto link from here (lameness filter wont let me put it here): http://xs-sniper.com/blog/remote-command-exec-fir
e fox-2005/
then try the same URI without the 2 null bytes. -
www.xs-sniper.com is not in the IE whitelistClose all FF windows
Open IE.
Go here http://www.xs-sniper.com/sniperscope/IE-Pwns-Firef ox.html/ And all I get is a message from my proxy stating that the site is not on IE's whitelist (which includes Windows Update and a few other hostnames) and that one should use the installed copy of Firefox or Opera for other sites. So in order to be vulnerable, you have to be using IE or another MSHTML-wrapper as your primary browser. -
Re:Demonstration
It works for me. (FF 2.0.0.4, IE 6, XP SP2)
Close all FF windows
Open IE.
Go here http://www.xs-sniper.com/sniperscope/IE-Pwns-Firef ox.html/
Click on the first link (the one which says opens cmd.exe)
It immediately opened a cmd.exe window for me. -
Wait a minute it doesn't seem to work
I tried a number of the examples provided at http://www.xs-sniper.com/sniperscope/IE-Pwns-Fire
f ox.html, but they don't seem to work on my test system. -
Re:Demonstration
Correction (something went goofey when i copy and pasted.
this ..will launch cmd.exe
If you open this in firefox (as most of you probably are usuing firefox, since this is slashdot), it warns you that something is trying to launch an external application.
once again, the above example was taken from Here -
Demonstration