Wednesday, May 6, 2009

wepawet information disclosure vulnerability?

The night thinking.
I've discovery a worst method to probe wepawet.com object and plugin versioning (is this intended as information disclosure vulnerability?) . From their result about my post for analyse the url 15mm.it, I've seen some variable ,used by the exploiter (j.js from previous post) , with value that usually are not sandbox related.

Can an attacker use this info for, theoretically
, exploiting wepawet ? I hope no


Feedback are welcome.

No comments:

Post a Comment