Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!

20060713

hdm - MOBB bug releases

[[hdm]] has been releasing a number browser bugs this month named MOBB(month of browser bugs). He was able to find these by running different browsers through DOM /CSS / and DHTML fuzzers in an attempt to crash the engines and other ways.

  • Hamachi - DHTML fuzzer that recursively calls XMLHTTP in an attempt to iterate through arrays of possible DHTML element properties. It attempts format string vulnerabilities, long file paths, long urls, and difficult integer injection.

  • CSS-Die - CSSDIE looks for common CSS1/CSS2/CSS3 implementation flaws by specifying common bad values for style values. This is similiar to Hamachi in that it performs format string vulnerabilities, long file paths, long urls, and difficult integer injection.

  • DOM-Hanoi - DOM-Hanoi looks for common DHTML implementation flaws by adding/removing DOM elements. This is done through obj.appendChild and obj.removeChild methods.

  • MangleMe - Mangleme sends format string vulnerabilities, bad characters, malformed javascript & applet requests, long urls, load requests with junk.

Most of his scripts have been attempting to locate vulnerabilities in the following browsers...
konqueror, safari, omniweb, opera, webTV, icab, ie6, mozilla

Posted by shadowbq at 18:03
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)