Search the Community
Showing results for tags 'xml'.
Hi guys, i know the title must sound obsolete for ya, but i've seen in the past romanian managed to "hack" a previous version of this game. https://world.triviador.net the security has changed since then, i'm wondering if there's anyone that can still make an xml grabber for it. from what i know, if you search "sharedkey" or "rsapublickey" with a memory viewer through firefox for ex, you can see a huge key. i believe that rsa key is used to encrypt the key used for decrypting the xml. anyway, i have managed to write the actual decryption algorithm for decoding the xml, and maybe
# Exploit Title: Apache Xerces-C XML Parser (< 3.1.2) DoS POC # Date: 2015-05-03 # Exploit Author: beford # Vendor Homepage: http://xerces.apache.org/#xerces-c # Version: Versions prior to 3.1.2 # Tested on: Ubuntu 15.04 # CVE : CVE-2015-0252 Apache Xerces-C XML Parser Crashes on Malformed Input I believe this to be the same issue that was reported on CVE-2015-0252, posting this in case anyone is interested in reproducing it. Original advisory: https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt $ printf "\xff\xfe\x00\x00\x3c" > file.xml $ DOMPrint ./file.xml # Ubuntu 15.0
Not long ago, criminals pushing the Dridex banking Trojan were using Microsoft Excel documents spiked with a malicious macro as a phishing lure to entice victims to load the malware onto their machines. Even though macros are disabled by default inside most organizations, the persistent hackers are still at it, this time using XML files as a lure. Researchers at Trustwave today said that over the past few days, several hundred messages have been corralled that are trying to exploit users’ trust in Office documents with some clever social engineering thrown into the mix in an attempt to convinc