[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warnings on the download page
From: H D Moore <torspam@xxxxxxxxxxxxxx>
Date: Thu, 8 Mar 2007 19:56:34 -0600
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 08 Mar 2007 20:56:32 -0500
In-reply-to: <20070309010549.GA14032@fscked.org>
References: <200703081612.10419.torspam@metasploit.com> <200703081740.43455.torspam@metasploit.com> <20070309010549.GA14032@fscked.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: KMail/1.9.3

On Thursday 08 March 2007 19:05, Mike Perry wrote:
> Actually, I'm also curious about your on-the-fly applet tag
> generation. Were you aware that it would bypass that
> security.enable_java setting or was it just a general evasive thing
> you did for filtering? Do you have any information if this is specific
> to certain versions/JVMs or if it is a universal hack?

This wasn't meant to be evasive and does not bypass the enable java 
setting on my browser (latest firefox + sun-jre-1.6.0). The reason for 
generating the applet tag on the fly is to enable injection by embedding 
a <script src=""> into an HTML response.

> Have you contacted the Firefox people?

I didn't realize it was a vulnerability. I went to about:config, 
configured this setting to false, and the Java applet no longer loads on 
my system. What systems have you seen this fail on?

-HD

Follow-Ups:
- Re: Warnings on the download page
  - From: Mike Perry

References:
- Re: Warnings on the download page
  - From: H D Moore
- Re: Warnings on the download page
  - From: H D Moore
- Re: Warnings on the download page
  - From: Mike Perry

Prev by Author: Re: Warnings on the download page
Next by Author: Re: Warnings on the download page
Previous by thread: Re: Warnings on the download page
Next by thread: Re: Warnings on the download page
Index(es):
- Author
- Thread