UCSniff 3.0 Released
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
|
|
|
XSS bypassing htmlentities() function
by serge gorbunov
::
Rate this Message:
Hello everyone,
I'm doing a penetration testing of php app. I know that before user data is echoed to the page it goes through htmlentities() php function like this: $filtered_data = htmlentities( $data ) ; $data is some user data that was entered earlier. Then $ filtered_data is echoed sometime later. Is there a way inject code into this application, so later when it gets echoed back to the users my code gets executed? Thanks, Serge ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ |
|
|
Re: UCSniff 3.0 Released
by Joshua Wright
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 > Sipera VIPER Labs has released UCSniff 3.0: > http://ucsniff.sourceforge.net. > > Here are some of the key features of the new version: > > * Real time VoIP and Video monitoring. [ as presented at ToorCon 11, San Diego] > * New codec support, G729, G726, G723. > * GUI version of Windows and Linux. [ as presented at DefCon 17] > * TFTP MitM Modification of IP phone settings. > * New VideoSnarf tool - Converts offline RTP pcap file to media file. > * Windows VLAN implementation, for VLAN Hopping in Windows. As a personal anecdote, I saw Arjun and Jason present the latest developments in UCSniff at ToorCon 11 and was awed at how smoothly the features worked, and the power of the video manipulation features. Jason and Arjun's demo used a Cisco IPTV camera for video surveillance, watching a bottle of water. First, they established MitM (I believe through ARP spoofing) and saved a segment of the existing video traffic. Then, they blocked the actual stream from the camera to the receiver and fed the receiver the old video footage instead, causing a momentary blip on the video monitoring side. Then, they stole the bottle of water, while the video monitoring system happily replayed the old footage. It reminded me of the A-Team episode where Murdoch climbed into the ceiling and lifted a ceiling tile from above, then used a Polaroid camera to take an instant picture of the room from the perspective of a ceiling-mounted camera. Then, he taped the photo to the front of the camera so the security guards saw the same view while the rest of the team went through the room undetected. Well, except that Arjun and Jason's work was much cooler (and a lot less Polaroid-hurry-up-and-develop-waving-action). Congrats to Jason and Arjun for their awesome work, this is a tool I'm looking forward to using in upcoming customer engagements. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkrwPKYACgkQapC4Te3oxYyRyACfewQOOFKXsvaNbswEX8K1zmCR QXsAn0nyHXWealiItBexRniVBHrYqOBO =1NNq -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ |
| Free embeddable forum powered by Nabble | Forum Help |
