Skip to main content

Posts

Showing posts from December, 2011

CSRF - File Upload PoC

A couple of weeks ago I have found myself working on a CSRF File Upload Proof-of-Concept (PoC) for a bug I have found in an Oracle product.
I remember that Krzysztof Kotowicz did some research on a similar PoC not long time ago. A quick Google search brought me to his article on invisible arbitrary file upload in Flickr. So instead of reinventing the wheel, I have tried to use his PoC code available here.
Unfortunately, the code was not working in my case and I was unsure whether that was depending on the browsers I was using (Firefox 8.0.1 and Chrome 15.0.874.121) and/or on the vulnerable application itself. Consequently, I have spent some time to come up with a PoC (or probably a good term would be a collage) which would work in my case. The technique used is the same illustrated in Kotowicz's research and more information can be found here.
In few words, the exploitation process is divided in two steps:
1) Use XHR to get a binary file and store it as a JavaScript object; 2) Then pe…

New Blog

I recently decided to use Blogger.com for my blogging activity. Here is the URL of the new blog: http://blog.malerisch.net

All previous articles and research can still be found at my previous site: http://malerisch.net

In future, articles will only appear here. So make sure to bookmark this site or follow feeds to get timely updates.

Thanks for your attention.