web start Archives

A Different Form of JAR Hell

John Heasman | June 21, 2008 | codesigner, JAR, jarfile, jarsigner, Java, Resources, signed, web start

In my last post I used a Java applet to steal password hashes. Part two, covering NTLMv2, is on its way. Today however, I'm going to discuss SunSolve #233323 - a vulnerability ...

aut disce, aut discede

And For My Next Trick…

John Heasman | April 17, 2008 | escaping, Java, JNLP, Sun Alert 233323, WAHH, web start

One of the examples given in the "Attacking Application Logic" chapter of The Web Application Hacker's Handbook is entitled "Escaping from Escaping". The prelude to the attack is that the developer has ...

aut disce, aut discede