i know i was just checking. On Fri, Apr 4, 2008 at 5:41 PM, Razi Shaban <[EMAIL PROTECTED]> wrote:
> It's called "a joke." > > -- > Razi > > On 4/4/08, Ureleet <[EMAIL PROTECTED]> wrote: > > r u serious? > > > > > > On Fri, Apr 4, 2008 at 10:48 AM, Micheal Turner <[EMAIL PROTECTED]> > > wrote: > > > n3td3v agenda & Cyber Security group > > > ==================================== > > > > > > Solid Information Security State Release #0012a > > > > > > MARKING: RESTRICTIONS APPLY. > > > FAO: WORLD LEADERS > > > > > > == Introduction == > > > Serious high-risk ultra critical vulnerability has > > > been identified in Remote Help application that maybe > > > used by CIA, NSA and FBI employees when helping > > > colleagues on anti-terror campaigns.RemoteHelp is a > > > minimal http server that allows to view and control a > > > remote pc running a 32-bits version of Microsoft > > > Windows. > > > current version is 0.0.6 and runs stand-alone or > > > installs as a service. > > > > > > == URL == > > > http://sourceforge.net/projects/remotehelp/ > > > > > > == HISTORY == > > > After n3td3v agenda emailed the NSA, SANS and all > > > information security groups and was found not to be > > > taken seriously. High risk proof of concept exploit > > > code has been authored for severe vulnerability in > > > Remote Help application which maybe used by any number > > > of Yahoo!, Google!, Ebay! or NSA employees. This > > > vulnerability gives rise to serious national > > > infrastructure risk and should not be under estimated! > > > > > > == Proof of Concept == > > > I found a vulnerability in the pages.c file which > > > generates the login page dialog and authenticates a > > > user after it checks if your "user" and "pass" > > > parameter match the defaults > > > (user/default) it does this: > > > > > > strncpy(cookie,"user=default; path=/; expires=Sun, > > > 11-May-2030 22:11:40 GMT",1024); > > > > > > for a valid login and for an invalid login it sets an > > > expired cookie like so; > > > strncpy(cookie,"user=default; path=/; expires=Sun, > > > 11-May-1970 22:11:40 GMT",1024); > > > > > > all you have to do is add "Cookie: user=default; > > > path=/; expires=Sun, 11-May-2030 22:11:40 GMT" to your > > > HTTP request and you can bypass > > > authentication to the Remote Help server and access > > > the filesystem/exec commands/view the webcam of the > > > hosts running it. > > > > > > == Credit == > > > > > > n3td3v & documentation help by Michael Turner. > > > > > > "Never trust your employees." > > > > > > > > > > > ___________________________________________________________ > > > Yahoo! For Good helps you make a difference > > > > > > http://uk.promotions.yahoo.com/forgood/ > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: > > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/