cbolat.blogspot.com
cbolat: April 2011
http://cbolat.blogspot.com/2011_04_01_archive.html
Yet another hacking and (in)security related blog. Wednesday, April 20, 2011. SQL Injection Üzerinden LFI. SQL Injection üzerinden LFI bug’ları yakalamak her zaman karşılaşılabilecek bir durum olmasa bile karşılaşıldığı zaman çok kullanışlı olabilen bir zafiyet türü. Söz konusu zafiyet, uygulamanın DBMS’te yaptığı sorgu sonucunda dönen kolonlara ait verileri include, require, include once, require once gibi fonksiyonlara parametre olarak verdiğinde ortaya çıkmakta. Posted by Canberk Bolat.
cbolat.blogspot.com
cbolat: CVE-2012-2760 Session Stealing in mod_auth_openid
http://cbolat.blogspot.com/2012/08/cve-2012-2760-session-stealing-in.html
Yet another hacking and (in)security related blog. Tuesday, August 28, 2012. CVE-2012-2760 Session Stealing in mod auth openid. As advisory describing, mod auth openid is vulnerable to session stealing. Because "Session ids are stored insecurely in /tmp/mod auth openid.db (default filename). The db is world readable and the session ids are stored unencrypted." [1]. Dear mod auth openid developers, you should use database file encryption. :(. 1] http:/ seclists.org/fulldisclosure/2012/May/238.
cbolat.blogspot.com
cbolat: December 2010
http://cbolat.blogspot.com/2010_12_01_archive.html
Yet another hacking and (in)security related blog. Thursday, December 30, 2010. Funny ImageMagic CMD Injection. Sometimes i don't read vendors vulnerability reports, because they are so boring and don't give technical information about vulnerability. Last day, i read Ubuntu Security Notice's vulnerability report and it seemed interesting. Firstly, i read description section, it says;. It was discovered that ImageMagick would search for configuration files in. Code with the user's privileges. Hello dear, ...
cbolat.blogspot.com
cbolat: MS12-076 Excel SerAuxErrBar Heap Overflow Vulnerability
http://cbolat.blogspot.com/2013/05/ms12-076-excel-serauxerrbar-heap.html
Yet another hacking and (in)security related blog. Saturday, May 11, 2013. MS12-076 Excel SerAuxErrBar Heap Overflow Vulnerability. There was a Heap Overflow vulnerability (CVE-2012-1885) in Excel while parsing SerAuxErrBar structure from xls (Excel's old binary format) files. So I decided to took on it (a little bit analysis). But I faced with reality that there is no public debugging symbols for Excel :( When I read advisory [1]. So it should be related with error bar. But WTF is Error Bar [3]. I was s...
cbolat.blogspot.com
cbolat: July 2011
http://cbolat.blogspot.com/2011_07_01_archive.html
Yet another hacking and (in)security related blog. Wednesday, July 27, 2011. Return-Oriented Programming / DEP Bypass. Öncelikle şunu belirtmekte fayda var bu makale Türkiye güvenlik and hacking topluluğuna destek amaçlı teknik konularda bilgi ve beceri kazandırabilme adına yazılmıştır. Makalede eksik ya da yanlış gördüğünüz kısımları lütfen yorum olarak/e-mail ile bana ulaştırınız gerekli düzenlemeleri hep birlikte yapalım. Ayrıca şunuda belirtmek lazım şuan için bu makalede sadece Windows üzeri...Yani ...
cbolat.blogspot.com
cbolat: February 2012
http://cbolat.blogspot.com/2012_02_01_archive.html
Yet another hacking and (in)security related blog. Friday, February 24, 2012. Java Web Start Cmd Arg Injection. Posted by Canberk Bolat. Thursday, February 16, 2012. MS11-100 - ASP.NET Forms Auth. Bypass - Revenge of the 0x00. Güncellemesi ile geçen ay sonlarına doğru meşhur HashTable Collision DoS ( CVE-2011-3414. NET Forms Authentication Bypass ( CVE-2011-3416. Posted by Canberk Bolat. Friday, February 3, 2012. Is Microsoft's ForeFront bypassable? We have a session! Posted by Canberk Bolat. Görüldüğü ü...
cbolat.blogspot.com
cbolat: August 2012
http://cbolat.blogspot.com/2012_08_01_archive.html
Yet another hacking and (in)security related blog. Tuesday, August 28, 2012. CVE-2012-2760 Session Stealing in mod auth openid. As advisory describing, mod auth openid is vulnerable to session stealing. Because "Session ids are stored insecurely in /tmp/mod auth openid.db (default filename). The db is world readable and the session ids are stored unencrypted." [1]. Dear mod auth openid developers, you should use database file encryption. :(. 1] http:/ seclists.org/fulldisclosure/2012/May/238. Is an optim...
cbolat.blogspot.com
cbolat: May 2013
http://cbolat.blogspot.com/2013_05_01_archive.html
Yet another hacking and (in)security related blog. Saturday, May 11, 2013. MS12-076 Excel SerAuxErrBar Heap Overflow Vulnerability. There was a Heap Overflow vulnerability (CVE-2012-1885) in Excel while parsing SerAuxErrBar structure from xls (Excels old binary format) files. So I decided to took on it (a little bit analysis). But I faced with reality that there is no public debugging symbols for Excel :( When I read advisory [1]. Posted by Canberk Bolat. Subscribe to: Posts (Atom).
cbolat.blogspot.com
cbolat: July 2012
http://cbolat.blogspot.com/2012_07_01_archive.html
Yet another hacking and (in)security related blog. Monday, July 9, 2012. IE Col Element Heap Overflow Vulnerability (CVE-2012-1876) PoC. IE Col Element Heap Overflow Vulnerability (CVE-2012-1876) PoC . Author of this vulnerability) released detailed blog post about this vulnerability. Posted by Canberk Bolat. Subscribe to: Posts (Atom). View my complete profile. IE Col Element Heap Overflow Vulnerability (CVE-20. Travel template. Template images by centauria.
cbolat.blogspot.com
cbolat: WebKit cssText NULL Ptr Deref
http://cbolat.blogspot.com/2012/09/webkit-csstext-null-ptr-deref.html
Yet another hacking and (in)security related blog. Sunday, September 2, 2012. WebKit cssText NULL Ptr Deref. Just tested with Chrome 21.0.1180.89 m (latest version). 0:000 r eax=00000000 ebx=015ccfb0 ecx=00000000 edx=0014ea24 esi=01e00440 edi=01e44630 eip=58fcd2a8 esp=0014e8b0 ebp=0014e8b4 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 chrome 58bf0000! WebCore: CSSValue: cssText 0x8: 58fcd2a8 8b4804 mov ecx,dword ptr [eax 4] ds:002b:00000004=?