Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
buffer overflow's in RSS ?
Posted by: Anonymous User
Date: October 01, 2006 01:53PM

Is this possible??

Does RSS have flaws which permit injection methods which can lead to control of a site ??

http://www.jasonblogs.com/2006/09/30/iblogthere4imhacked-how-i-hijacked-randy-morins-blog/

Options: ReplyQuote
Re: buffer overflow's in RSS ?
Posted by: rsnake
Date: October 01, 2006 02:10PM

I suppose it's possible if the client that outputs the RSS is either directly injectable, or if the comments themselves are somehow used in a binary somewhere. The site is written in .NET and his blog software is something he calls "Blog#" or "Blog sharp" probably written in C#. If it were another language I'd be more doubtful that it were even possible, but precompiled binaries have a tendancy for this type of thing.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: buffer overflow's in RSS ?
Posted by: Anonymous User
Date: October 01, 2006 02:22PM

ok, thanks Rsnake.

Options: ReplyQuote


Sorry, only registered users may post in this forum.