Using Burp on ActiveX hosts.

When using Burp and you receive a “No response received from remote server.” Check to see if the site requires ActiveX (cheap ip cameras etc). After seeing requiresActiveX=true, the work around was to insert this in to the match & replace.

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36



Symlink Race Conditions

In the 2000s I had found some minor symlink race conditions and wrote short advisories about each one.  For posterity I am posting them again here.  Also to raise the question, is mktemp used so commonly now that tmp symlink type vulnerabilities are no longer an issue?

Keep in mind this was from a while ago, I am hoping that my penmanship and technical skill level have risen since then.


Prismstumbler 0.7.3 File Overwrite

x11amp ver .70 File Overwrite

Flying rev. 6.20 Read any file

Linberto v1.0.2 (Q-Bert clone) File Overwrite