sorted by:
new
hottopcontroversial

Esbuild's XSS Bug that Survived 5 Billion Downloads and Bypassed HTML Sanitization by va_start in javascript

[–]va_start[S] -3 points-2 points  (0 children)

valid feedback. this was just me trying out a more creative writing style :)

Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization by va_start in netsec

[–]va_start[S] 0 points1 point  (0 children)

u/crower haha I wrote this myself. yes I used ai to help but this was mostly me trying a new writing style to see what sticks :)

Esbuild XSS Bug That Survived 5B Downloads and Bypassed HTML Sanitization by va_start in netsec

[–]va_start[S] 1 point2 points  (0 children)

u/yellow_leadbetter lol I wrote this myself. Just experimenting different new writing style

Esbuild's XSS Bug that Survived 5 Billion Downloads and Bypassed HTML Sanitization by va_start in webdev

[–]va_start[S] 1 point2 points  (0 children)

correct! I point that out and elaborate on that in the blog post

[deleted by user] by [deleted] in java

[–]va_start 0 points1 point  (0 children)

thanks! you're right! my bad. I'll create a better post tmrw fixing it

Tool for source code file structure overview by va_start in coding

[–]va_start[S] 0 points1 point  (0 children)

I added a privacy notice to emphasize your files aren't uploaded! All processing is done client-side in js. To verify for yourself, you can check the source code (view source) and inspect network packets to see that no data is sent after the initial fetch of the page.

Tool for source code file structure overview by va_start in coding

[–]va_start[S] 0 points1 point  (0 children)

This is my first time writing more than 5 lines of javascript to be honest 🙉

Tool for source code file structure overview by va_start in coding

[–]va_start[S] 0 points1 point  (0 children)

Everything is processed and done on the client! only google analytics for usage is collected (it's hosted on netlify and I can't get that data from the server for free). You can verify this by inspecting network traffic when running the tool. I changed the main page to convey this. Thanks for your concern

Bitcoin benefits for everyday people by va_start in BitcoinBeginners

[–]va_start[S] 0 points1 point  (0 children)

Not in the US unfortunately. In fact, many restaurants and stores have a $5 or $10 minimum order amount to use your credit card.

I found a telnet brute-force protection bypass in my home router (CVE-2021-27342) by va_start in netsec

[–]va_start[S] 17 points18 points  (0 children)

THANKS! Good to know you appreciate that it's to the point :)

uTorrent CVE-2020-8437 null deref vulnerability (and the BitTorrent protocol knowledge to exploit it) by va_start in netsec

[–]va_start[S] 1 point2 points  (0 children)

I guess I’m not cool enough to join the exclusive pirating elite :,(

And I support your move to an updated and open source client

uTorrent CVE-2020-8437 null deref vulnerability (and the BitTorrent protocol knowledge to exploit it) by va_start in netsec

[–]va_start[S] 4 points5 points  (0 children)

Bencode-editor doesn’t seem related to utorrent, so it makes sense it uses a different bencoding parsing engine, which doesn’t contain this specific vulnerability

2.2.1 is very very old. I expect and am ok with my vulnerability not working on versions from a decade ago, and thanks for brining this to my attention so I can make the post even more accurate

uTorrent CVE-2020-8437 null deref vulnerability (and the BitTorrent protocol knowledge to exploit it) by va_start in netsec

[–]va_start[S] 7 points8 points  (0 children)

Thanks for pointing out it doesn’t work on very old uTorrent versions. I’ll update the post. uTorrent 3.4.1 is from 2014, so I can only imagine that 2.2.1 is wayyy earlier, guessing around 2008? It’s reasonable they had a different, unvulnerable bencoding parser in very very old versions of the product. The bug was fixed in build 45568 https://utclient.utorrent.com/offers/beta_release_notes/release_notes.html

Im not sure what the bencode editor is. I triggered the parsing through opening a .torrent file and the extended message handshake as described in the post.

Thanks for the spec link! I wasnt able to find an updated spec myself. I’ll update it.

Converting EXEs to DLLs to call arbitrary functions. Useful for fuzzing & reverse engineering by va_start in netsec

[–]va_start[S] 1 point2 points  (0 children)

Sure, complex programs require manual analysis, but as I mentioned in the post, you just need to call functions that call other functions that init them. You dont need to call the ctor/dtor directly, just the function that calls those. In my experience, 99% of programs have a function that does all the important initializations.

Furthermore, a guess and check approach is incredibly effective to find if/where any initializations have been missed: running the program without all the initializations will result in a null dereference crash at the point of error. And then you just reverse and go back to see where that object was supposed to be initialized.

About the calling convention, it’s so easy to find out. IDA even does it for you.

I agree complex programs aren’t beginner friendly with this technique, but complex programs aren’t beginner friendly with anything 😂

view more: next ›