smx-smx

XZ Backdoor symbol deobfuscation. Updated as i make progress

luigigubello

pojntfx

#!/bin/bash

# This script resolves a DID, retrieves an API key, fetches a user's feed,
# and posts a "Hello, world" message to the user's feed.

# Resolve DID for handle
HANDLE='felicitas.pojtinger.com'
DID_URL="https://bsky.social/xrpc/com.atproto.identity.resolveHandle"
export DID=$(curl -G \
    --data-urlencode "handle=$HANDLE" \

tothi

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

zacharysyoung

Import rows of data into individual PDFs

How to get data like this...

Name	Age	Street Address	City	State	Zip
Tami	23	123 Main St	Anytown	Anystate	11111
John	54	456 Second Ave	Anytown	Anystate	22222
Troy	39	789 Last Cir	Anytown	Anystate	99999

mala

This is src doc of my presentation on shibuya.xss #8 (2016-11-14)

• https://speakerdeck.com/mala/shibuya-dot-xss-techtalk-number-8

The main topic is vulnerabilities related to url parser.

• PHP https://bugs.php.net/bug.php?id=73192
• Java/OpenJDK http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/cd0585378c46 (CVE-2016-5552)
• Android https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea%5E%21/ (CVE-2016-5552)