exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

Files from Adi Cohen

Email addressadic at il.ibm.com
First Active2011-07-21
Last Active2012-07-11
toStaticHTML HTML Sanitizing Bypass
Posted Jul 11, 2012
Authored by Adi Cohen | Site blog.watchfire.com

The *toStaticHTML* component, which is found in Internet Explorer versions greater than 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content. An attacker is able to create a specially formed CSS that will overcome * toStaticHTML*'s security logic; therefore, after passing the specially crafted CSS string through the *toStaticHTML* function, it will contain an expression that triggers a JavaScript call.

tags | exploit, javascript, xss
advisories | CVE-2012-1858
SHA-256 | 250fdc51b42fbad45e46c18cf75919ff7aaf7e27a4da2764383c71b6233a3cdb
Microsoft Anti-XSS Library Bypass
Posted Jan 19, 2012
Authored by Adi Cohen

The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.

tags | exploit, javascript, bypass
SHA-256 | 9c3724fcd0d3afee3bd1af91d841bc9d029d55edbafef54c733f648ff52a0dc3
Microsoft Internet Explorer toStaticHTML Information Disclosure
Posted Jul 21, 2011
Authored by Adi Cohen

Microsoft Internet Explorer versions 8 and 9 can have the toStaticHTML function bypassed by a specially formed CSS.

tags | exploit, info disclosure
advisories | CVE-2011-1252
SHA-256 | fb6ce3c4e72cb5d523db3230f77e48c753f042b5ed31c6a76a35dce10d03ef03
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close