"This is our world now… the world of the electron and the switch, the beauty of the baud"

By

uid0

ยท

Technique of the Week: Reflected File Download (Intro)

Introduction: This is the first of many posts in my “technique of the week” series, wherein I will be choosing a vulnerability and demonstrating it with an explanation as to how it works. For each weekly technique, I will attempt to choose a vulnerability that is uncommon, obscure, under-utilized, or lesser-known. The purpose of this…

Tags:

, , , , , , , , ,

Responses to “Technique of the Week: Reflected File Download (Intro)”

  1. james

    how to did you host malware in http://www.google.com/finance

    Reply
    1. uid0

      The malware technically isn’t HOSTED there, per-se. Instead, the way the URL is crafted tricks the victim’s browser into serving a file. The filename, file extension, and file contents are all specified via HTTP GET params in the address bar… rather than actually being hosted somewhere on google.

      Reply
  2. Technique of the week – SSI (Server-Side Include) Injection – 0xFFFF@blog:~$

    […] first “technique of the week” post covered Reflective File Download. This post will be covering SSI Injection… like with our last “technique of the […]

    Reply
  3. Technique of the week: Log Forgery – 0xFFFF@blog:~$

    […] that the average hacker is likely not aware of. In the past, I’ve covered techniques such as RFD and SSI Injection within the official “technique of the week” series, and additionally, […]

    Reply

Leave a Reply

Discover more from "This is our world now... the world of the electron and the switch, the beauty of the baud"

Subscribe now to keep reading and get access to the full archive.

Continue reading