Skip to main content

Posts

Showing posts from December, 2011

CSRF - File Upload PoC

A couple of weeks ago I have found myself working on a CSRF File Upload Proof-of-Concept (PoC) for a bug I have found in an Oracle product. I remember that Krzysztof Kotowicz did some research on a similar PoC not long time ago. A quick Google search brought me to his article on invisible arbitrary file upload in Flickr. So instead of reinventing the wheel, I have tried to use his PoC code available here . Unfortunately, the code was not working in my case and I was unsure whether that was depending on the browsers I was using (Firefox 8.0.1 and Chrome 15.0.874.121) and/or on the vulnerable application itself. Consequently, I have spent some time to come up with a PoC (or probably a good term would be a collage ) which would work in my case. The technique used is the same illustrated in Kotowicz's research and more information can be found here . In few words, the exploitation process is divided in two steps: 1) Use XHR to get a binary file and store it as a JavaScript object;

New Blog

I recently decided to use Blogger.com for my blogging activity. Here is the URL of the new blog:  http://blog.malerisch.net All previous articles and research can still be found at my previous site: http://malerisch.net In future, articles will only appear here. So make sure to bookmark this site or follow feeds to get timely updates. Thanks for your attention.