Dailydave mailing list archives
Java is fun!
From: Dave Aitel <dave () kof immunityinc com>
Date: Wed, 20 May 2009 04:39:57 -0400
So here are a couple of blog posts about a great bug that has been used to great effect and is in a CANVAS installation near you! http://blog.cr0.org/2009/05/write-once-own-everyone.html http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html Basically, you get to execute Java code as the user if they visit your web page and have Java turned on. This is default in Fedora, for example, and Bas handily owned my laptop with it. In CANVAS you don't execute commands so much as get a JavaNode connectback (which is somewhat similar to MOSDEF). Anyways, it's one of my favorite updates to CANVAS recently. Go Julian and his wacky ReplaceObject() tricks! :> -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Java is fun! Dave Aitel (May 20)
- Re: Java is fun! KF (lists) (May 20)