Acknowledged by Twitter

Finally my name got published on twitter! I reported 2 issues. A logical issue in tweet cards with Fraph and a old vulnerable server hosted by twitter. For reporting them my name got published 🙂




Ophcrack Path Subversion Arbitrary DLL Injection Code Execution


What is DLL Hijacking?

This is how Microsoft describes it

When an application dynamically loads a dynamic-link library without specifying a fully qualified path name, Windows attempts to locate the DLL by searching a well-defined set of directories in a particular order, as described in Dynamic-Link Library Search Order. If an attacker gains control of one of the directories on the DLL search path, it can place a malicious copy of the DLL in that directory. This is sometimes called a DLL preloading attack or a binary planting attack. If the system does not find a legitimate copy of the DLL before it searches the compromised directory, it loads the malicious DLL. If the application is running with administrator privileges, the attacker may succeed in local privilege elevation.

Basically when an application tries to load a DLL without specifying a fully qualified path name Windows tries to load the DLL in a order of directories. If the application attempts to load a DLL by it’s name it should go in this order of directories (x86).

  1. The directory from which the application loaded.
  2. The system directory.
  3. The 16-bit system directory.
  4. The Windows directory.
  5. The current directory.
  6. The directories that are listed in the PATH environment variable.

Overview of Ophcrack 3.6 Continue reading

For the Second Time Acknowledged by Oracle

Last time for reporting a double query SQL injection I got acknowledged. This time for reporting a XSS issue bypassing filters I got acknowledged 🙂


Also mentioned in On-Line Presence Security Contributors in this document:
Happy to disclose responsibly 😉