Tuesday, January 13 2009
By Romain on Tuesday, January 13 2009, 07:17 UTC - Stuffs
Marcin and Tyler just started a new website, which is kind of fun: sslfail.com (wall of shame of SSL certificates?)
So now, Google & co, fix your certificates :P
Tuesday, December 9 2008
By Romain on Tuesday, December 9 2008, 14:05 UTC - Vulnerabilities
Today, a friend of mine was really proud to show me the Home Automation installation he just bought. Well, since he lives in France and I am in DC, he showed me the web interface that was able to control the lights etc. in his house. As he wanted to test this domotic system, he only plugged his Christmas tree lights on the system.
Well, maybe I'm only seeing bad stuff around me, but... Déformation professionnelle we'll say! It was so easy to make it blinking with a simple script that I showed it to him. So well, every 5 seconds, it would change the state.
Anyway, this CSRF is not a big deal for him since it's only the Christmas tree lights, it's only a temporary installation and well, it's fun. But after a simple google search, I found another site like my friend's. The URL that Google return is:
http://XXX.XXX.XXX.XXX:88/control_exe.htm;3;1;ON
Which is basically turning on some device... :)
Also, not only this application has tons of CSRF, but also a nice stored XSS which let you do whatever you want with it! And btw, since the Google Robot reported this, it means that every time that it crawls the website (or at least, reaches that particular URL), it will set the device ON :)
Web security enters your house, f34rs!
Friday, December 5 2008
By Romain on Friday, December 5 2008, 10:45 UTC
It's been such a long time since I haven't posted here. I've been quite busy with the new job at Cigital and all the implication.
Anyway, this morning, a collegue of mine show me a piece of javascript he used for create a request to another website (actually, this was just to do a javascript what I did in Python previously). This totally bugged me. He has been able to craft a request (using XHR) from a local file to a distant website... WTF with SOP? After some tests, it seems it's only working with IE7, but well, I didn't test with many browser, only with Firefox 3, Chrome, IE7.
So, I have no idea if this is known for a long time or not, but well, I haven't seen this before.
A simple POC is available here: xhr_SOP_ie7.html
Monday, January 28 2008
By Romain on Monday, January 28 2008, 10:21 UTC - Information
While surfing the web, I found this website: http://opensourcetesting.org/.
Just the perfect repository of testing tools, there are a bunch of them on different testing area (security, functional, quality, unit testing and so on!).
Edit: Added in my security planet!
Last comments