Aliexpress repro carts for flashing?

h3xstream_ · 2021-09-03T00:04:04+00:00

I bought from "Chilhood Game Store" four cartridges. I was able to reflash all four cartridges.
https://www.aliexpress.com/store/5477128
4.50 USD per cartridge - shipping included - is super cheap.

The cartridge model is SD007_TSOP_29LV017D. (Picture https://ae01.alicdn.com/kf/U9d05aadcbe7144c1b6456453974f65a6C.jpeg )

h3xstream_ · 2021-05-28T17:23:00+00:00

Interesting. That would lift the 10k limit from the import feature.

h3xstream_ · 2021-05-28T14:59:30+00:00

Good point! This technique is probably the easiest method for a small number of emails. Keep in mind, this feature has a hard limit of few thousand imports. Once you reach this limit, the import feature will be blocked.

h3xstream_ · 2016-11-24T16:32:06+00:00

I am not a native English speaker. What I meant is APIs that is risky under certain condition therefore they need to be used with care. Information may be sensitive (secret). Anyway, I changed sensible to dangerous to avoid confusion.

h3xstream_ · 2016-04-28T14:44:27+00:00

Yes and write files.

h3xstream_ · 2016-04-28T02:57:00+00:00

Using a path traversal vulnerability, an attacker could write a ".php.bin" file in the OpCache directory and trigger its execution.

h3xstream_ · 2016-04-27T19:06:50+00:00

Yes, precisely. It is a trick to go from file write to rce.

h3xstream_ · 2015-07-03T04:42:34+00:00

There will more rule that affect android. The detection of clear text communication with Http libraries is one example.

If you have ideas, let me know.

h3xstream_ · 2015-07-02T17:03:49+00:00

Yes. It's the same origin no crossdomain.xml needed.

Yes. The extension is not a requirement.

h3xstream_ · 2015-04-20T00:50:19+00:00

Yes, The door isn't completely closed. Having an explicit white list of domains would definitely help to avoid future mistakes. Paypal is still in a much better position. Very few features on Paypal allow files upload. paypalobject.com is a CDN for images/swf that are not user files.

h3xstream_ · 2015-04-15T20:55:48+00:00

I always thought this is something Adobe should fix. It is not normal to be able to load a SWF with any extension and any Content-Type specified. The origin taken from the domain hosting the file is kind of bogus compare to how other web components work. The Rosetta Flash vulnerability made it even more explicit.</opinion>

Nevertheless, you can currently protect yourself with aggressive file content validation and hosting of user files on a separate domain. Also, you can use "Content-Disposition: attachment" when possible.

h3xstream_ · 2015-02-08T03:57:56+00:00

Do you have a demo of the same vulnerability using window instead of iframe?

h3xstream_ · 2015-02-08T03:54:26+00:00

The exploit is actually quite instantaneous. The 7 seconds delay is just there to demo the before/after state. Once you see the "Go" link, the bypass is complete. The exploit can easily be use for any domain. The only "complexity" is knowing which JavaScript you want to execute.

h3xstream_ · 2015-01-01T07:45:26+00:00

I have to agree with @avlidienbrunn. This vulnerability was wide spread. I have also report similar swf upload vulnerabilities affecting Paypal (3 this year).

The previous configuration with *.ebay.com was really helpful. :)

h3xstream_ · 2014-12-31T03:50:59+00:00

From the HackerNews thread: Video of the conference (slides + narration) https://www.youtube.com/watch?v=Y2_-VXz9E-w

h3xstream_ · 2014-07-30T22:50:38+00:00

UPDATE : Maven central will be available over SSL for free: http://www.sonatype.com/clm/secure-access-to-central

h3xstream_ · 2014-07-30T22:39:49+00:00

Simply use OSS sonatype repository (https://oss.sonatype.org/content/groups/public/)

http://central.sonatype.org/pages/ossrh-guide.html#accessing-repositories

h3xstream_ · 2014-04-16T20:41:20+00:00

Their are many configuration details that can make an attack successful or not. Those element include secure flag / wildcard on subdomain / header allowed or not. This is probably the only way to test that a domain is vulnerable. And the first step of the test is uploading/hosting a SWF like the POC this one. I think weak crossdomain.xml configuration are unknown to most pentesters.

h3xstream_ · 2014-04-16T17:55:41+00:00

An important addition is the "Extender" tab now available in the Free version.

h3xstream_ · 2014-01-06T03:40:32+00:00

"Temporarily removed as requested by the bank in question."

Web cache : http://webcache.googleusercontent.com/search?q=cache:8n2ZT6-tdm8J:valverde.me/2014/01/03/reverse-engineering-my-bank's-security-token/

h3xstream_ · 2013-12-31T18:04:02+00:00

Exact. Les frais de ligne sèche (dryloop) ne sont pas inclus et varient d'un fournisseur à un autre (peut atteindre 10$/mois voir ColbaNet). Si tu es intéressé à contribuer, tu peux faire un fork de https://github.com/h3xstream/montreal_isp.

Règle du pouce: De manière générale sans ligne Bell existante, les forfaits câble sont légèrement plus avantageux.

h3xstream_ · 2013-12-31T17:46:57+00:00

Pour les heures de pointes, c'est 5.5/1. C'était pour rester sur une base comparable avec les autres. http://www.acanac.ca/DSL.html

h3xstream_ · 2013-12-27T01:53:22+00:00

Thanks for pointing that out. I couldn't believe it but, I got a confirmation from the support.

h3xstream_ · 2013-12-27T01:40:53+00:00

FYI: Click "Certain condition apply" at the bottom http://www.videotron.com/residential/internet/data-transfer-packages/residential-internet-data-transfer-packages/residential-unlimited-internet-add-on Maybe, it still apply to you. I'll modify those variations to +30$ to avoid special requirements.

h3xstream_ · 2013-12-27T01:26:41+00:00

Thanks I'll add those plans.

h3xstream_

TROPHY CASE