Videos

Fri
05
Jun
Editorial_Staff_Team's picture

1 Click Audio Software 2.3.6 (Video) - 2x ActiveX Buffer Overflow Vulnerabilities

1 Click Audio Software 2.3.6 (Video) - 2x ActiveX Buffer Overflow Vulnerabilities

Today the independent researcher metacom disclosed two issues in the dvdtools software 1click audio v2.3.6. The security vulnerability is located in the COM component in the SkinCrafter.dll. The independent security researcher demonstrates in two videos how to exploit the bug via activex component.

The security risk of the buffer overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the vulnerability requires a low privilege system user account and no user interaction. Successful exploitation of the vulnerability results in system compromise by elevation of privileges via overwrite of the registers.

Tue
12
May
Editorial_Staff_Team's picture

Facebook 2015 (Video) - Filter Bypass & Unauthorized Exception Redirect Vulnerability

Facebook 2015 (Video) - Filter Bypass & Unauthorized Exception Redirect Vulnerability

A filter validation issue is existant in the exception-handling that normally redirects to the original facebook source. Ever if an error comes up the website will show the context in the secure exception and redirects on okey click to the original valid source. In case of terminating the string (%00%00_%3F) with extended <_ it is possible to bypass the exception-handling filter exception to redirect invalid source to an external target.

The video demonstrates how to bypass the filter validation by confusing the context copying with the non encoded url that invalid. By generating a payload that is ahead in the display value and atleast in the url ref the target exception redirect can be manipulated.

Pages

Subscribe to RSS - Videos