Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Hacking & Exploits Hacking Tutorials 10 Unicode exploits - Extension spoofing and many more

Thread Rating:
  • 655 Vote(s) - 3.55 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
10 Unicode exploits - Extension spoofing and many more

Offline woodwaxen601


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
02-03-2011, 06:14 AM

Hidden Content
You must

[To see links please register here]

or

[To see links please register here]

to view this content.


(Source from

[To see links please register here]

(Only Japanese))


Ex1) Yahoo Mail (2005.11)


Hidden Content
You must

[To see links please register here]

or

[To see links please register here]

to view this content.



Ex2) Hotmail (2006.8)


Hidden Content
You must

[To see links please register here]

or

[To see links please register here]

to view this content.



[/*]
  • HACK #4 More more XSS (Do that with expression!)
    • Internet Explorer can use UNICODE or Double Byte to write "expression( )" or "url()"

      ---

      Ex) Double Byte


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.



      Ex) Unicode


      You can use Character to write expression or url.


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.


      Hatena Diary (2005.12)

      Hotmail?Windows Live Mail (2006.11)


      SquirrelMail (2006.12)[/*]
    [/*]
  • HACK #5 more and more XSS (Do that with unvisible charactors)
    • Internet Explorer all Disregard Null Charactor in HTML.


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.


    • Internet Explorer 0x0B or 0x0C treated as SPACE in HTML.


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.


    • Mozilla FireFox 1.5.0.4 and Prior version disregard BOM (U+FEFF; ZERO WIDTH NO-BREAK SPACE).


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.

      • MFSA 2006-42: Web site XSS using BOM on UTF-8 pages


      [/*]
    [/*]
  • HACK #6 bypass mail contents filter.
    1. Outlook Express is also Disregard first bit of 7bit charactor such US-ASCII or ISO-2022-JP.


      Hidden Content
      You must

      [To see links please register here]

      or

      [To see links please register here]

      to view this content.


  • HACK #7 Create same file name(do that with ZERO WIDTH Charactors)
    • by using ZERO WIDTH or Control Charactors a part of file name can make looks like same file name.
      • Invisible Charactors.

        - U+200B ( ZERO WIDTH SPACE )

        - U+200C ( ZERO WIDTH NON-JOINER )

        - U+200D ( ZERO WIDTH JOINER )

        - U+FEFF ( ZERO WIDTH NO-BREAK SPACE )

        - U+202A ( LEFT-TO-RIGHT EMBEDDING )


        [Image: momiji7.png][/*]
      [/*]


  • HACK #8 Directory Traversal (do that with Yen mark)
    • Unicode has backslash (U+005C) and Yen mark(U+00A5).[/*]
    • Yen mark(U+00A5) can use for file name.[/*]
    • Yen mark(U+00A5) convert to Shift-JIS and be backslash(0x5C)[/*]
      • Therefore, in the application not to treat the file name with Unicode Directory Traversal might be happen.

        Ex) DoS might be generated.if application that recurrently enumerates the file .

        and If the folder like "..\".

        Ex)

        - Namazu 2.0.15 (for Windows) prior

        - Hyper Estraier Version 1.0.2 (for Windows) prior

        - Becky! Ver.2.22 prior

        [Image: momiji8.png][/*]
      [/*]


  • HACK #9 registry key that doesn't pretend exist but exist(Do that with ZERO WIDTH Charactor)
    • Registry entry can use UNICODE,so you can use ZERO WIDTH Charactors to camouflaged by using ZERO WIDTH Charactors ,same as file name HACK #7.


      [Image: momiji10.jpg][/*]


  • HACK #10 camouflage the file extension (do that with Bidi)
    • Unicode has "bidirectional algorithm" function.
      show characters to right directional to left directional.
      U+202E(RIGHT-TO-LEFT OVERRIDE; RLO) into file name,file name after RLO,charactors are left side right.
      1. Ex) RLO with file name
        Real file name: this-(U+202E)txt.exe
        File name shown:this-exe.txt
        [Image: momiji9.png]
      [/*]


    • Summary

      1. permitted characters are the MANAGED white list.

      2. Character string is inspection are after regularized.

      3. Don't change after regularized.[/*]
      4. Dont cheated by Unicode that looks like.

      5. The behaviour of difference between a Browser and MUA.(if possible)
      [/*]
    • Reference

      1. [To see links please register here]

      2. [To see links please register here]

        [/*]

      3. [To see links please register here]

      4. [To see links please register here]

      5. [To see links please register here]

      6. [To see links please register here]

      7. [To see links please register here]

      8. [To see links please register here]

      9. [To see links please register here]

      10. [To see links please register here]

      [/*]
    [/*]
    • Originally Posted on

    [To see links please register here]



    [/hide]
    Great stuff. :smile:
    Just to let people know, the exe-spoofing will not work in (at least) Windows 7, when you have hide known extensions enabled.
    Reply

    Offline loafs306262


    Member
    *
    Member
    Posts: 0
    Threads: 0
    Joined: May 2019
    Reputation: 0
    Level: inf [Level]
    Total Points: inf
    Rank nan / 1
    100% to upload Level
    Rank
    Activity inf / 1
    99% to upload your Rank
    Activity
    Experience nan
    100% to upload Experience
    Experience

    Points: 50
    #2
    02-03-2011, 06:56 AM
    Thank the blog. Japanese are really genius.
    Reply

    Offline makameh


    Member
    *
    Member
    Posts: 0
    Threads: 0
    Joined: Oct 2018
    Reputation: 0
    Level: inf [Level]
    Total Points: inf
    Rank nan / 1
    100% to upload Level
    Rank
    Activity inf / 1
    99% to upload your Rank
    Activity
    Experience nan
    100% to upload Experience
    Experience

    Points: 50
    #3
    02-03-2011, 07:02 AM
    wow man i don't know how to thank you! i can use almost all of them in XSS :wub:
    Reply

    « Next Oldest
    Next Newest »


    Forum Jump:


    Users browsing this thread:
    1 Guest(s)

    ©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through