Archive for WWW

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

Advertisements

[hackersmag.blogspot.com] vulnerability report of hrberry.com, by ABK

Posted in Blogroll, security with tags , , , , , , , , , , , , , on September 2, 2010 by abhishekkr

@ hackersmag.blogspot.com [26/Aug/2010]

http://hackersmag.blogspot.com/2010/08/hrberrycom-php-flaw-self-inviting-dos.html

hrberry.com :: php flaw self-inviting DoS, leaked framework and server info [by, ABK]
[]Patched: Yes
[]Product Name: http://www.hrberry.com; a Payroll Helpdesk, serving…
[]…etc…etc…etc…
[]Vuln Summary:
There were validation flaws for GET Request ……. any number of characters consuming processing ……. generated error message with full PATH of PHP file.
Also worked on older un-patched version of OpenSSL.   …click here to read full BlogPost
could also see pro-details at https://sites.google.com/site/abklabs/home/secured/hrberrycom

IE 9 [they say its good… they say it again]

Posted in Uncategorized with tags , , , , , on March 18, 2010 by abhishekkr

I came I saw But my Install failed 😉

http://techiebond.wordpress.com/2010/03/18/ie9-they-say-good-again/