So we all know about cross-domain vulnerabilities that allow attackers to run code within the security context of the target domain. Typically, they are either a XSS bug on the server-side application, or a bug in the client (web browser plugin or web browser itself). Most of the times, these vulnerabilities require some type of interaction from the victim user. i.e.: being tricked to click on a link or visit a malicious page.

其实这东西国内少数黑客早已知道，只不过没有共享公布而已。有些人是不愿共享，宁愿烂在地里，另外的一些则是用来牟利。
该漏洞最早2006年被国外用来讨论数据库字符集设为GBK时，0xbf27本身不是一个有效的GBK字符，但经过 addslashes() 转换后

变为0xbf5c27，前面的0xbf5c是个有效的GBK字符，所以0xbf5c27会被当作一个字符0xbf5c和一个单引号来处理，结果漏洞就触

发了。

正確的修補方式應該是在資料庫中加上一個型態為 bit 的欄位，紀錄使用者是否有要求重設密碼。但是這樣的修補方式必須要更動到資料庫，而 Joomla 1.5.6 的修補方式只需要覆蓋一個檔案即可。我們認為 Joomla 這算是一個救火的修補方式，也期待在 Joomla 的下一個 major release 中，能夠以加上 bit 欄位的方式來修補這個問題。

Client-side attacks are where its at and being able to send a legitimate looking file to a user to do their double-clicky thing on is the bomb.

MC has released a FileFormat mixin for metasploit which allows you to exploit fun bugs like 08-011 and other bugs that involve a user opening some sort of attachment.

JavaScript is designed as an open scripting language. It is not intended to replace proper security measures, and should never be used in place of proper encryption. See also my article about cross site scripting.

Cain RDP (Remote Desktop Protocol) Sniffer Parser