... neuere Einträge
Thursday, 29. September 2011
Joomla 1.7.0 - XSS
Am Thursday, 29. Sep 2011 im Topic 'Vulnerabilities'
VULNERABILITY DESCRIPTION
Several parameters (searchword, extension, asset, author ) in Joomla!
Core components are not properly sanitized upon submission to the
/index.php url, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.
Source
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29
Several parameters (searchword, extension, asset, author ) in Joomla!
Core components are not properly sanitized upon submission to the
/index.php url, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.
Source
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29
Friday, 23. September 2011
Clickjacking For Shells
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
Bypassing Internet Explorer's XSS Filter
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
By default Internet Explorer 9 has a security system to help prevent Reflective XSS attacks. There are well known shortfalls of this system, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks[1]. This paper is covering three attack patterns that undermine Internet Explorer’s ability to prevent Reflective XSS. These are general attack patterns that are independent of Web Application platform.
Download PDF
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
Download PDF
https://sitewat.ch/files/Bypassing%20Internet%20Explorer%27s%20XSS%20Filter.pdf
Android vulnerabilities
Am Friday, 23. Sep 2011 im Topic 'Vulnerabilities'
The first vulnerability is known as a “Permission escalation vulnerability”, and allows attackers to install additional “arbitrary applications with arbitrary permissions”, without first asking the user if they want to permit such actions. This would allow attackers to access call records, texts, web browsing history and media stored on the device.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.
The second bug only affects the Samsung Nexus S smartphone. It lets attackers gain root access on the device, providing them with full control over the handset. Google has yet to address the security issues.
Tuesday, 20. September 2011
TSRC - Application level attack
Am Tuesday, 20. Sep 2011 im Topic 'Vulnerabilities'
TSRC - Application level attack
Session Race Conditions and Session Puzzling
A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center (HASC) published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once.
The project home page (presentation, whitepaper, training kit)
http://code.google.com/p/puzzlemall/
The following movies demonstrate a few simple TSRC attacks:
Exploiting Temporal Session Race Conditions via Connection Pool Consumption:
http://www.youtube.com/watch?v=woWECWwrsSk
Exploiting Temporal Session Race Conditions via RegEx DoS:
http://www.youtube.com/watch?v=3k_eJ1bcCro
Session Race Conditions and Session Puzzling
A few months ago Shay Chen, Senior Manager at Hacktics Advanced Security Center (HASC) published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once.
The project home page (presentation, whitepaper, training kit)
http://code.google.com/p/puzzlemall/
The following movies demonstrate a few simple TSRC attacks:
Exploiting Temporal Session Race Conditions via Connection Pool Consumption:
http://www.youtube.com/watch?v=woWECWwrsSk
Exploiting Temporal Session Race Conditions via RegEx DoS:
http://www.youtube.com/watch?v=3k_eJ1bcCro
Sunday, 18. September 2011
SpyEye Botnet - SQL
Am Sunday, 18. Sep 2011 im Topic 'Vulnerabilities'
Exploit :
Vulnn type : Blind SQL injection
vuln script : frm_cards_edit.php
Affected version : ALL
May use any botnet from : https://spyeyetracker.abuse.ch/monitor.php
Download
http://pastebin.com/F46U8zwK
by
S4(uR4
Vulnn type : Blind SQL injection
vuln script : frm_cards_edit.php
Affected version : ALL
May use any botnet from : https://spyeyetracker.abuse.ch/monitor.php
Download
http://pastebin.com/F46U8zwK
by
S4(uR4
Thursday, 15. September 2011
webadmin - Shell Upload Vulnerability
Am Thursday, 15. Sep 2011 im Topic 'Vulnerabilities'
Google Dork: intitle:"webadmin.php"
Download: http://wacker-welt.de/webadmin/webadmin.php.gz
by
Caddy-Dz
http://pastebin.com/6YbK7STU
Download: http://wacker-welt.de/webadmin/webadmin.php.gz
by
Caddy-Dz
http://pastebin.com/6YbK7STU
Saturday, 10. September 2011
adobe-website - xss
Am Saturday, 10. Sep 2011 im Topic 'Vulnerabilities'
http://www.adobe.com/cfusion/tdrc/modal/download_suite.cfm?product=XSS
http://www.adobe.com/cfusion/tdrc/modal/signin.cfm?product=XSS
http://www.adobe.com/cfusion/type/search.cfm?category_type=All&term=XSS
http://groups.adobe.com/index.cfm?event=people.login&redirect=XSS
https://tv.adobe.com/login/login?redirect=XSS
http://www.adobe.com/products/creativesuite/mastercollection/buying-guide.html/XSS
by
Josh
http://www.adobe.com/cfusion/tdrc/modal/signin.cfm?product=XSS
http://www.adobe.com/cfusion/type/search.cfm?category_type=All&term=XSS
http://groups.adobe.com/index.cfm?event=people.login&redirect=XSS
https://tv.adobe.com/login/login?redirect=XSS
http://www.adobe.com/products/creativesuite/mastercollection/buying-guide.html/XSS
by
Josh
Friday, 9. September 2011
Ajex File Manager - Deface Or Shell Upload
Am Friday, 9. Sep 2011 im Topic 'Vulnerabilities'
Google Dork:
- intitle: Ajex.FileManager
- inurl: /plugins/editors/AjexFileManager/
*Think it again
Exploit:
- http://[localhost]/patch/plugins/editors/ajexfilemanager/index.html
Live Target:
- http://fiesta-kurkino.ru/scripts/AjexFileManager/
- http://demphest.ru/demo/AjexFileManager/AjexFileManager/index.html
by
Setelah Membaca, Ayo Berbagi
- intitle: Ajex.FileManager
- inurl: /plugins/editors/AjexFileManager/
*Think it again
Exploit:
- http://[localhost]/patch/plugins/editors/ajexfilemanager/index.html
Live Target:
- http://fiesta-kurkino.ru/scripts/AjexFileManager/
- http://demphest.ru/demo/AjexFileManager/AjexFileManager/index.html
by
Setelah Membaca, Ayo Berbagi
Friday, 2. September 2011
eBuddy Web Messenger - XSS
Am Friday, 2. Sep 2011 im Topic 'Vulnerabilities'
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
Exploit example
Plain XSS (Not going to store, nor execute)
alert('eBuddy Persistent XSS');
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.
[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
by
Warv0x
... ältere Einträge
