Wednesday, May 6, 2009

wepawet information disclosure vulnerability?

The night thinking.
I've discovery a worst method to probe object and plugin versioning (is this intended as information disclosure vulnerability?) . From their result about my post for analyse the url, I've seen some variable ,used by the exploiter (j.js from previous post) , with value that usually are not sandbox related.

Can an attacker use this info for, theoretically
, exploiting wepawet ? I hope no

Feedback are welcome.

No comments:

Post a Comment