Matt Austin
Post with Large Feature Image and Text feature image

Unsafe Code Execution in static-eval

Two issues in the static-eval node module that can lead to remote code execution.

Elmowned - Hacking Elmo

Build project for an IoT Elmo to prank my friend.

XSS to RCE in Atlassian Hipchat

How An XSS in (Hipchat Native OSX application) can lead to remote code execution. Two issues exist in Atlassian’s HipChat desktop client that allow an attacker to retrieve files or execute remote code...

Google Docs 'ClickJacking' (Information Disclosure)

Google documents leak full name and e-mail address via ClickJacking the 'request permissions' dialog in a private doc.

Flickr XSS (Stored / DOM XSS)

The mobile version of the flicker site accept input from the user controlled data and includes it in the HTML output without proper encoding. This is similar to the bug posted at: Abusing CORS for an XSS on Flickr which is actaully really similar to a bug I found on facebook mobile a few years ago: Facebook XSS via CORS

Facebook FBML DOM Traversal (Information Disclosure)

In a Facebook FBML application some elements are protected with fb_protected=”true”. When transversing the elements with getElementsByTagName sub elements of the protected element can be accessed.

Hacking Facebook with FBML and DOM

Facebook allows developers to build applications using the “Canvas“. Because the canvas apps run on the facebook domain they use a “Sandbox”. This is a subset of HTML called FBML and a limited javascript set called FBJS. The sandbox is basically used to try prevent an attacker form being able to run malicious code.

Facebook also introduced Public Canvas Pages.

Facebook XSS via Cross-Origin Resource Sharing

HTML 5 does not do much to solve browser security issues. In fact it actually broadens the scope of what can be exploited, and forces developers to fix code that was once thought safe.