Dailydave mailing list archives
Poc 2007 notes
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 15 Nov 2007 18:13:59 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So yesterday there were quite a few talks - POC starts early and goes fairly late. I feel bad for the translators because the English speaking presenters tend to get nervous (myself included) and burn through their first 15 slides at a crazy clip before settling down into a staccato approach more suitable for simul-translation. If I understood correctly, one of the things we saw yesterday is that you can put a server: header into a HTTP response to Nessus 3.0 and get CSS, much like someone did to SILICA. According to the presentation the filtering is a bit broken, so this is still possible - and by using Java you get command execution out of it, so it's reasonably useful in some rare situations. Today there's a VMWare talk I'm looking forward to, but there won't be any 0day technical details, just a demo. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPNK3tehAhL0gheoRAn6wAJ9kZYNsVN8qWfQKSkWSriU0bdIyCQCfUkGx Ciy+Y+/qiG6TAoXG0oZUXRk= =1RwT -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Poc 2007 notes Dave Aitel (Nov 15)