Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: The Pownce Worm (Yet Another Potential AJAX Worm) . You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

The Pownce Worm (Yet Another Potential AJAX Worm)
by Worthersee at 9:54 am EST, Feb 14, 2008

Here is the story: A couple of days ago I was interested in putting together some research on client-side vulnerabilities found within Adobe AIR applications. The material was supposed to go into my Black Hat talk, which is happening on 27-28 March, btw. I’ve heard that Pownce’s IM client uses Adobe AIR, so I thought that this could be a perfect example I can make use of. Although, there are some very obvious vulnerabilities within the client, which I’ve tested offline btw, I noticed that parts of the requests delivered from the server does not seem to be sanitized at all. After further investigation, I noticed that my personal profile is vulnerable to attack known as Persistent Cross-site Scripting, which is the most serious type of all Cross-site Scripting attacks.

The Cross-Site Scripting condition occurs within a very obscure place and it is restricted to 16 characters. Because of the space restrictions, I was able only inject things like alert(1) and this was pretty much it. Obviously, this is not enough for even an alert(1) command, so other methods for execution were needed in order to make the vector successfully exploitable.

pdp shows us a cool XSS fragmentation attack.


 
 
Powered By Industrial Memetics