Posts

Showing posts from September, 2009

How to recover RSA private key in a coredump of ssh-agent - Sapheads HackJam 2009 Challenge 6

Image
Last week or so I joined CLGT to take part in HackJam 2009 by Sapheads. AFAIK this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first CTF that Sapheads organizes, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y had done a very good job. To most people's surprise, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contest attacted quite a lot of teams from around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world, and it had quickly become an international competition.

Did I tell you that we're cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 winner? Ha ha ha this is our very first win since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name CLGT was born.

BTW, HackJam 2009 was a success because Sapheads had kept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir promise which is to "provide challenges that greatly resemble real world scenarios and environments, at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time, adding fun and educational ingredients to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m". We really had fun ^_^, not disturbing pains *_*, in solving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges. Thank you Sapheads! We're looking forward to HackJam 2010.

I promised to some people in #sapheads that I would release some writeups about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenges after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 contest ended, and here cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are. Sorry for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 delay, I have been busy working with vendors on

Flickr's API Signature Forgery Vulnerability

Image
Flickr's API Signature Forgery Vulnerability


Thai Duong and Juliano Rizzo


Date Published: Sep. 28, 2009

Advisory ID: MOCB-01

Advisory URL: http://netifera.com/research/flickr_api_signature_forgery.pdf

Title: Flickr's API Signature Forgery Vulnerability

Remotely Exploitable: Yes


1. Vulnerability Description


Flickr is almost certainly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best online photo management and sharing application in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world. As of June 2009, it claims to host more than 3.6 billion images. In order to allow independent programmers to expand its services, Flickr offers a fairly comprehensive web-service API that allows programmers to create applications that can perform almost any function a user on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Flickr site can do.

The Flickr's API consists of a set of callable methods, and some API endpoints. To perform an action using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Flickr's API, you need to select a calling convention, send a request to its endpoint specifying a method and some arguments, and will receive a formatted response.

Many meth…