Posts

Showing posts from April, 2011

java.com | Arbitrary URL Redirect Vulnerability

================================== java.com | Arbitrary URL Redirect Vulnerability ================================== 1. VULNERABILITY DESCRIPTION - Arbitrary URL Redirect http://java.com/inc/BrowserRedirect1.jsp?locale=en&host=attacker.in Demo: http://yehg.net/lab/pr0js/training/view/misc/java.com_Arbitrary_URL_Redirect/ 2. VENDOR Oracle Inc http://www.oracle.com 3. VULNERABILITY STATUS FIXED 4. DISCLOSURE TIME-LINE 2011-04-19: reported vendor 2011-04-23: vendor fixed the issue 2011-04-24: vulnerability disclosed 5. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/sites/java.com/[java.com]_url_redirection OWASP-Top-10_2010-A10: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project SANS-TOP-23: http://www.sans.org/top25-software-errors/ CWE-601: http://cwe.mitre.org/data/definitions/601.html #yehg [2011-04-24] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Dir

Joomla! 1.6.1 and lower | Information Disclosure & ClickJacking vulnerabilities

Information Disclosure > Full Path Proof-of-Concept: http://attacker.in/joomla161/index.php?Itemid[]= ClickJacking Proof-of-Concept: http://yehg.net/lab/pr0js/pentest/cross_site_framing.php?url=http://attacker.in/joomla161/administrator Vendor References: http://developer.joomla.org/ security/news/347-20110409- core-clickjacking.html http://developer.joomla.org/ security/news/341-20110402- core-information-disclosure. html