[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Results of a XSLT fuzzing effort

To: Nicolas Grégoire <nicolas.gregoire@xxxxxxxxx>
Subject: Re: [Full-disclosure] Results of a XSLT fuzzing effort
From: antisnatchor <antisnatchor@xxxxxxxxx>
Date: Fri, 08 Mar 2013 12:39:09 +0000

<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Nice one Nick,<br>
<br>
great job eheh :D<br>
<br>
Cheers<br>
antisnatchor<br>
<br>
<blockquote style="border: 0px none;" 
cite="mid:1362737521.16848.44.camel@banzai" type="cite">
  <div style="margin-left:40px"><hr style="border:none 0;border-top:1px 
dotted #B5B5B5;height:1px;margin:0;" class="__pbConvHr"><br></div>
  <table style="padding-top: 5px;" class="__pbConvTable">
<tbody><tr><td style="padding-top:4px;" valign="top"><img 
src="cid:part1.05020000.04070800@gmail.com" 
photoaddress="nicolas.gregoire@xxxxxxxxx" photoname="Nicolas Grégoire" 
name="compose-unknown-contact.jpg" height="25px" width="25px"></td><td 
style="padding-left:5px;" valign="top"><a moz-do-not-send="true" 
href="mailto:nicolas.gregoire@xxxxxxxxx"; style="color:#2057EF 
!important;text-decoration:none !important;">Nicolas Grégoire</a><br><font
 color="#888888">March 8, 2013 10:12 AM</font></td></tr></tbody>
  </table>
  <div style="color:#888888;margin-left:35px;" __pbrmquotes="true" 
class="__pbConvBody"><br><div>Hi!<br><br>I published last week a blog 
post describing the results of the XSLT<br>fuzzing campaign I did in 
2012. Now that most of the discovered<br>vulnerabilities are patched, 
I've  chosen to give away a dozen of PoC<br>regarding Adobe Reader, 
Microsoft MSXML, Firefox, Webkit, ...<br><br>Even if you are not in XML 
technologies, I think that looking at<br>pathological XSLT code may be 
interesting ;-)<br><br>The article is there: 
<a class="moz-txt-link-freetext" 
href="http://www.agarri.fr/blog/index.html";>http://www.agarri.fr/blog/index.html</a><br><br>Cheers,<br>Nicolas
 
Grégoire<br><br>_______________________________________________<br>Full-Disclosure
 - We believe in it.<br>Charter: 
<a class="moz-txt-link-freetext" 
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted
 and 
sponsored by Secunia - <a class="moz-txt-link-freetext" 
href="http://secunia.com/";>http://secunia.com/</a></div></div>
</blockquote>
</body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Results of a XSLT fuzzing effort
  - From: Nicolas Grégoire

Prev by Date: [Full-disclosure] SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)
Next by Date: Re: [Full-disclosure] Results of a XSLT fuzzing effort
Previous by thread: [Full-disclosure] Results of a XSLT fuzzing effort
Next by thread: Re: [Full-disclosure] Results of a XSLT fuzzing effort
Index(es):
- Date
- Thread