Monthly Archives: December 2009

Browsers’ Pain: A recursive function!

I have written a recursive function by using Javascript “setInterval” function which calls itself. Unfortunately, none of the last version of famous browsers such as Internet Explorer (8), Chrome (3.0.195.38), and Mozilla Firefox (3.5.6) blocks this script. Moreover, it takes more than 50% of my CPU which is Intel Core 2 Dou 2.50 GHz.
And the worst one is Mozilla Firefox which stops working after running this script instead of showing a page to stop the script.
This script is:

<script>
function recursiveFunc(){setInterval(“recursiveFunc()”,1);}
recursiveFunc();
</script>

Just save it as an HTML file, and try to open it with your browsers. You can convert “1” to “0” to get better result in Mozilla Firefox and Chrome.
I reported it to Mozilla Firefox as a bug.
Good luck.

Microsoft IIS Semi-Colon Vulnerability

I found a vulnerability in Microsoft IIS when I was searching about a method to execute an ASP file when we can only upload a JPG file.

The result was too simple, but interesting! I need only a semicolon between the “.asp” and the “.jpg” to execute an ASP file. So, the answer was “myfilename.asp;,jpg”. I have written some information about this vulnerability in:

http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf

I’ll try to update this PDF file if there was a need to add or change some information.

Description of this vulnerability from Secunia.com is:

Description:
Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to potentially bypass certain security restrictions and compromise a vulnerable system.

The vulnerability is caused due to the web server incorrectly executing e.g. ASP code included in a file having multiple extensions separated by “;”, only one internal extension being equal to “.asp” (e.g. “file.asp;.jpg”). This can be exploited to potentially upload and execute arbitrary ASP code via a third-party application using file extensions to restrict uploaded file types.

The vulnerability is confirmed on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version 6. Other versions may also be affected.

There are also several websites which wrote about this weakness:

1. Secunia Advisory: Microsoft IIS ASP Multiple Extensions Security Bypass

2. Securityfocus: Microsoft IIS Malformed Local Filename Security Bypass Vulnerability

3. The Register: Microsoft IIS vuln leaves users open to remote attack

4. VUPEN Security: Microsoft IIS File Extension Processing Security Bypass Vulnerability

5. Securitytracker: Microsoft Internet Information Services (IIS) Filename Extension Parsing Flaw May Let Users Bypass Security Controls

Google captured my privacy!

Google will be the best Firewall and Forensic Tool of the near future!

Google will (or already) know the users’ information!

News:

“Google pushes security with Public DNS” -> So, Google DNS can collect all the websites which is viewed by the users …

“Browsers use Google to detect web forgery -> So, a browser send a request to Google before openning a website for you! …

“The best search engine for all” -> So, Google can collect your keywords! …

“The best public mail service” -> So, Google can collect your emails …

“Google owned Youtube” -> So, Google can collect your videos …

“Google codes” -> So, Google can collect your source codes …

“Google documents” -> So, Google can collect your documents …

“Google photos” -> So, Google can collect your photos …

“Google messenger” -> So, Google can collect the messages …

“Most of the websites use Google web analyzer (tracker)” -> So, Google can track the websites’ information and also their customers! …

“Google Wave” -> So, Google can collect the blogs ,e-mails, instant messaging, FTPs, social networking’s, and so on’s information! …

“Google powerful translators” -> So, Google can understand why you are saying in other languages!

“Searchable images/sounds/videos by text or another object!” -> So, Google can search in users’ collected data …

“Chrome OS” -> So, Google can do anything with your computer …

AND etc (see http://www.google.co.uk/intl/en/options/ and http://www.googlelabs.com/)…

We are waiting for the most powerful shopping centre by Google!

However, we should trust Google in order to have happier and easier life!

Google = No Pain, No Gain!

Best wishes ;)

Soroush