Monthly Archives: October 2014

SSLv3 and POODLE

By Norman Yue (LinkedIn

For those of you paying attention to mailing lists early last night, you may have noticed a curious email come through, regarding a “Truly scary” SSL3.0 vulnerability about to drop – and drop it did today.

The vulnerability, known as POODLE, allows attackers to partially decipher bits of plaintext, such as session cookies, in conjunction with a man-in-the-middle attack where an attacker can modify traffic. The really scary part (imo) is on Page 3 of the whitepaper:

The expected overall effort is 256 SSL 3.0 requests per byte.

This is amazingly low, meaning that depending on the circumstances of exploitation, your typical web app session cookie can be broken in minutes. Continue reading

Bypassing WAFs with SVG


October 13, 2014

By Julian Berton (LinkedIn)

Recently, I presented a lightning talk at Ruxcon 2014, on a cross-site scripting issue we discovered on a client engagement, and two interesting ways in which we could bypass the WAF present (as well as Firefox’s cross-site scripting filter).

The cross-site scripting issue we found was fairly standard at first, with an initial URI like the following:

localhost:4000/apply_thankyou?uuid=d77a9190-4ace-11e4-b775-bd2f6eee9714&userId=542e239cc6f6f28004c4dae0&result=HC999|SUCCESS

This generates a page like the screenshot below, with the reference number pulled from a vulnerable parameter in a URI, with the “jquery.query.get()” function.

xss_blogpost_Image1

Continue reading