Archive for abklabs

[hackersmag] Presentation on “XSS Defeating Concept in (secure)SiteHoster” : ‘nullcon-2011’

Posted in ABK Labs, Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://hackersmag.blogspot.com [5-Mar-2011]

http://hackersmag.blogspot.com/2011/03/presentation-on-xss-defeating-concept.html

Presentation on “XSS Defeating Concept in (secure)SiteHoster” : ‘nullcon-2011’
it’s mainly regarding preventing XSS Attacks with an entire new Concept based on ‘Bug-As-A-Service’ and ‘Attacking-The-Attacker’…
any views/questions/comments/critics/confusions
———-
Presentation & Concept-WhitePaper:
View more presentations and documents from Abhishek Kumar

…..click here to read the full blogpost

Advertisements

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

[hackersmag.blogspot.com] Problem with IEEE 802.1x

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr
Problem with IEEE 802.1x implementation’s fallback option
———————————————————
I was just looking over some gyan for 802.1x implementation ……. saw mention of fallback option …….
MAB i.e. MAC Authnetication Bypass porviding support for Legacy Devices (say Printers) which are not capable of

[hackersmag.blogspot.com] XSS Defeating PoC

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr

@ hackersmag.blogspot.com [6/Sep/2010]

http://hackersmag.blogspot.com/2010/09/xss-defeating-poc-if-have-any-time-for.html

Video Demo of the same PoC: http://www.youtube.com/watch?v=ENiiAccY1v0
WhitePaper is also available at SourceForge link above
I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.
This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user’s browser.

…….click here to read full BlogPost

[hackersmag.blogspot.com] vulnerability report of hrberry.com, by ABK

Posted in Blogroll, security with tags , , , , , , , , , , , , , on September 2, 2010 by abhishekkr

@ hackersmag.blogspot.com [26/Aug/2010]

http://hackersmag.blogspot.com/2010/08/hrberrycom-php-flaw-self-inviting-dos.html

hrberry.com :: php flaw self-inviting DoS, leaked framework and server info [by, ABK]
[]Patched: Yes
[]Product Name: http://www.hrberry.com; a Payroll Helpdesk, serving…
[]…etc…etc…etc…
[]Vuln Summary:
There were validation flaws for GET Request ……. any number of characters consuming processing ……. generated error message with full PATH of PHP file.
Also worked on older un-patched version of OpenSSL.   …click here to read full BlogPost
could also see pro-details at https://sites.google.com/site/abklabs/home/secured/hrberrycom