Dailydave mailing list archives
Re: Java is fun!
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Wed, 20 May 2009 15:48:14 -0400
Landon was nice enough to leave the .class files non obfuscated for those of you that missed it...
http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/HelloWorldApplet.class http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/t.tmp http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/javax/Exec.class http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/javax/Exec$1.class http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/fun/FunLoader.class http://www.varaneckas.com/jad -KF On May 20, 2009, at 4:39 AM, Dave Aitel wrote:
So here are a couple of blog posts about a great bug that has been used to great effect and is in a CANVAS installation near you!http://blog.cr0.org/2009/05/write-once-own-everyone.html http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.htmlBasically, you get to execute Java code as the user if they visit your web page and have Java turned on. This is default in Fedora, for example, and Bas handily owned my laptop with it. In CANVAS you don't execute commands so much as get a JavaNode connectback (which is somewhat similar to MOSDEF).Anyways, it's one of my favorite updates to CANVAS recently. Go Julian and his wacky ReplaceObject() tricks! :>-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Java is fun! Dave Aitel (May 20)
- Re: Java is fun! KF (lists) (May 20)