Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

[James Matthews]

Thank you for the tool.

On Wed, Aug 20, 2008 at 1:31 PM, Tom Brennan <[EMAIL PROTECTED]> wrote:

>
> Guess he has not been to www.owasp.org recently...
>
> ==
> Sent via blackberry, call 973-202-0122 to further discuss this email if
> required.
>
> -Original Message-
> From: "Michael Krymson" <[EMAIL PROTECTED]>
>
> Date: Wed, 20 Aug 2008 15:18:24
> To: 
> Subject: Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2008:178 ] xine-lib

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2008:178
 http://www.mandriva.com/security/
 ___

 Package : xine-lib
 Date: August 20, 2008
 Affected: 2008.0
 ___

 Problem Description:

 Alin Rad Pop found an array index vulnerability in the SDP parser
 of xine-lib.  If a user or automated system were tricked into opening
 a malicious RTSP stream, a remote attacker could possibly execute
 arbitrary code with the privileges of the user using the program
 (CVE-2008-0073).
 
 The ASF demuxer in xine-lib did not properly check the length of
 ASF headers.  If a user was tricked into opening a crafted ASF file,
 a remote attacker could possibly cause a denial of service or execute
 arbitrary code with the privileges of the user using the program
 (CVE-2008-1110).
 
 The Matroska demuxer in xine-lib did not properly verify frame sizes,
 which could possibly lead to the execution of arbitrary code if a
 user opened a crafted ASF file (CVE-2008-1161).
 
 Luigi Auriemma found multiple integer overflows in xine-lib.  If a
 user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or
 CAK file, a remote attacker could possibly execute arbitrary code
 with the privileges of the user using the program (CVE-2008-1482).
 
 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1110
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1161
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 6aa7eae08e4878a56216c21d2895d38a  
2008.0/i586/libxine1-1.1.8-4.7mdv2008.0.i586.rpm
 e7f1553bf63778f25d9fbf730d5b120c  
2008.0/i586/libxine-devel-1.1.8-4.7mdv2008.0.i586.rpm
 75e68e91207e014f287b93cdd664a073  
2008.0/i586/xine-aa-1.1.8-4.7mdv2008.0.i586.rpm
 accb9c34f5046451b66142bdd6a21706  
2008.0/i586/xine-caca-1.1.8-4.7mdv2008.0.i586.rpm
 0e4198ff66564f160945bd8a73932482  
2008.0/i586/xine-dxr3-1.1.8-4.7mdv2008.0.i586.rpm
 44853bc05ede93786675969cdfd2b009  
2008.0/i586/xine-esd-1.1.8-4.7mdv2008.0.i586.rpm
 833f7be8ad722fde7dcae24633914556  
2008.0/i586/xine-flac-1.1.8-4.7mdv2008.0.i586.rpm
 ee032b270eb9bd4a639ed9f011be8965  
2008.0/i586/xine-gnomevfs-1.1.8-4.7mdv2008.0.i586.rpm
 cc9adb7d0af33e3b8bcc067c6c62d57d  
2008.0/i586/xine-image-1.1.8-4.7mdv2008.0.i586.rpm
 020e8b3d47d6e1d29fa0ec4d48d6c6fd  
2008.0/i586/xine-jack-1.1.8-4.7mdv2008.0.i586.rpm
 e927b440649d60abc0ab86dbba263af9  
2008.0/i586/xine-plugins-1.1.8-4.7mdv2008.0.i586.rpm
 613c9490440b26a3734a447b73bddf67  
2008.0/i586/xine-pulse-1.1.8-4.7mdv2008.0.i586.rpm
 ca31b8372982abf3ca3736116e91435f  
2008.0/i586/xine-sdl-1.1.8-4.7mdv2008.0.i586.rpm
 3d7cdb0be5abf9432dcfa6b69decec9c  
2008.0/i586/xine-smb-1.1.8-4.7mdv2008.0.i586.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  
2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 1f58d28dfaa98b7eccf058752e41631c  
2008.0/x86_64/lib64xine1-1.1.8-4.7mdv2008.0.x86_64.rpm
 150013536fe38899fcdad61c704cab5c  
2008.0/x86_64/lib64xine-devel-1.1.8-4.7mdv2008.0.x86_64.rpm
 67471aea2b6f46ae6850199b85f1bba0  
2008.0/x86_64/xine-aa-1.1.8-4.7mdv2008.0.x86_64.rpm
 b2178ce163ff3351685f7b94bef06069  
2008.0/x86_64/xine-caca-1.1.8-4.7mdv2008.0.x86_64.rpm
 fdda01f542e4ecdfd51d2fc695eae8ca  
2008.0/x86_64/xine-dxr3-1.1.8-4.7mdv2008.0.x86_64.rpm
 03faa97b40b0eb24c5934b1764378324  
2008.0/x86_64/xine-esd-1.1.8-4.7mdv2008.0.x86_64.rpm
 4af8a886dbbb412b3c3820d354f889f2  
2008.0/x86_64/xine-flac-1.1.8-4.7mdv2008.0.x86_64.rpm
 ce33c99a46cba4ac745af5d5b4bb399d  
2008.0/x86_64/xine-gnomevfs-1.1.8-4.7mdv2008.0.x86_64.rpm
 512b93a5a0c602358c911f07dffcdae1  
2008.0/x86_64/xine-image-1.1.8-4.7mdv2008.0.x86_64.rpm
 6c8233325169f39d9d753abd604a4bcf  
2008.0/x86_64/xine-jack-1.1.8-4.7mdv2008.0.x86_64.rpm
 5a0afda6905461d13a21ac7fd8b27eee  
2008.0/x86_64/xine-plugins-1.1.8-4.7mdv2008.0.x86_64.rpm
 66cf6873a4013533e7bb2ef664ae9830  
2008.0/x86_64/xine-pulse-1.1.8-4.7mdv2008.0.x86_64.rpm
 8166bc1bc60957cabfc2038adf10f4df  
2008.0/x86_64/xine-sdl-1.1.8-4.7mdv2008.0.x86_64.rpm
 6f5708f3d355a95b307158996d28bfea  
2008.0/x86_64/xine-smb-1.1.8-4.7mdv2008.0.x86_64.rpm 
 36aea6a4873e1f868ddf08c4d7eefe02  
2008.0/SRPMS/xine-lib-1.1.8-4.7mdv2008.0.src.rpm
 ___

[Full-disclosure] [ MDVSA-2008:177 ] xine-lib

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2008:177
 http://www.mandriva.com/security/
 ___

 Package : xine-lib
 Date: August 20, 2008
 Affected: 2008.1
 ___

 Problem Description:

 Guido Landi found A stack-based buffer overflow in xine-lib
 that could allow a remote attacker to cause a denial of service
 (crash) and potentially execute arbitrary code via a long NSF title
 (CVE-2008-1878).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
 ___

 Updated Packages:

 Mandriva Linux 2008.1:
 10db71c6a43508d36ba8d93f290f72d6  
2008.1/i586/libxine1-1.1.11.1-4.2mdv2008.1.i586.rpm
 106e82cbd1e2ed40f533fe6d28f2ccfb  
2008.1/i586/libxine-devel-1.1.11.1-4.2mdv2008.1.i586.rpm
 80f94cbfc8be99ea04de884066a5b95e  
2008.1/i586/xine-aa-1.1.11.1-4.2mdv2008.1.i586.rpm
 9d42258f0e3ae0128d054ae53805cbd8  
2008.1/i586/xine-caca-1.1.11.1-4.2mdv2008.1.i586.rpm
 31d7177e7ae1b81e89fc28811ba4567e  
2008.1/i586/xine-dxr3-1.1.11.1-4.2mdv2008.1.i586.rpm
 b0a98953adc702b1921135412ad603cd  
2008.1/i586/xine-esd-1.1.11.1-4.2mdv2008.1.i586.rpm
 086ee1475478bd3e64a3dc4b9f677dcd  
2008.1/i586/xine-flac-1.1.11.1-4.2mdv2008.1.i586.rpm
 43e7881b465be3ed1df25247af758692  
2008.1/i586/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.i586.rpm
 e07999dc5149e38ed39a778e46298523  
2008.1/i586/xine-image-1.1.11.1-4.2mdv2008.1.i586.rpm
 fdc64b384993234582716d49beadd3e0  
2008.1/i586/xine-jack-1.1.11.1-4.2mdv2008.1.i586.rpm
 6ec501e08df57145bcf1eeb4730f43dd  
2008.1/i586/xine-plugins-1.1.11.1-4.2mdv2008.1.i586.rpm
 6d0a6630688d65cad364fb4b60449867  
2008.1/i586/xine-pulse-1.1.11.1-4.2mdv2008.1.i586.rpm
 cb42e25b94a5c6bbf640878cedef4ab1  
2008.1/i586/xine-sdl-1.1.11.1-4.2mdv2008.1.i586.rpm
 61dc627d3b187ba4cf0281b956b7fa56  
2008.1/i586/xine-smb-1.1.11.1-4.2mdv2008.1.i586.rpm
 b032fa9c5083bcc6130b550983efb024  
2008.1/i586/xine-wavpack-1.1.11.1-4.2mdv2008.1.i586.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  
2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a9ff3e2ff6df1a32a53f5c18d4f0385a  
2008.1/x86_64/lib64xine1-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 87c32e02d5cd1fb408e934a2dc3007ba  
2008.1/x86_64/lib64xine-devel-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 59375c9ce1868bb410b03851d6798718  
2008.1/x86_64/xine-aa-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 f45bcfce4d66d8a2b683371dd7030e37  
2008.1/x86_64/xine-caca-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 4775483c71308e162ef87b99ac303d90  
2008.1/x86_64/xine-dxr3-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 bdb716d2e1bd7477a78cba9725b93b90  
2008.1/x86_64/xine-esd-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 5bfe733f4a30232c91c573238fc3beb2  
2008.1/x86_64/xine-flac-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 7ac3d2c4b723f5e72727d8719d50b35c  
2008.1/x86_64/xine-gnomevfs-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 401c5dbc008597aa06774b3eeb02e57d  
2008.1/x86_64/xine-image-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 2957efe6941036a9f97621068587614f  
2008.1/x86_64/xine-jack-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 acdba1ff341e79ce14b31aeecfb5d573  
2008.1/x86_64/xine-plugins-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 0b5a46d078f22d304e413e7772992903  
2008.1/x86_64/xine-pulse-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 312ef813d09a5dfd7456e9a3a500fc06  
2008.1/x86_64/xine-sdl-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 ad61d3fd3e66e92f18464e5622cba4c3  
2008.1/x86_64/xine-smb-1.1.11.1-4.2mdv2008.1.x86_64.rpm
 74380a1f6f47ae4ba8f88031b39304a5  
2008.1/x86_64/xine-wavpack-1.1.11.1-4.2mdv2008.1.x86_64.rpm 
 b8c89ebf6906c01d471205934bcdcfd3  
2008.1/SRPMS/xine-lib-1.1.11.1-4.2mdv2008.1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrLcLmqjQ0CJFipgRAp23AJ49CR1uJr/8p9/aV9YmWSCeR7C0iwCg4QCI
bvyTd48CZg+Yaqi3nHJHXU4=
=CBFe
-END PGP SIGNATURE-

___
Full-Disclosu

Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper

[Marco Slaviero]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Ferruh Mavituna wrote:
| This is a short whitepaper about a new way to exploit Blind SQL
Injections.
| It's implemented in BSQL Hacker (
| http://labs.portcullis.co.uk/application/bsql-hacker/ ).
|
| *It is possible gather information from a target server with a 66%
reduction
| in the number of requests made of the server (compared to normal Blind SQL
| Injection), requiring two rather than six requests to retrieve each char.
| *
| *Download:
| *https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf
|
|
|
| Regards,

[Already responded off-list, but for the benefit of those interested in
the various options for outbound channels in sql injection here's a
summary:]

The approach proposed is interesting as it reduces the number of
requests required to extract a byte, however it will probably increase
the total time required to extract a byte as compared with a bit-by-bit
approach. (Of course, in certain circumstances it's possible to extract
a byte in a single request if the database query or cgi doesn't timeout,
by waiting for the ordinal value of the character in question.)

The half byte technique (nibble technique?) could be a good thing, since
it would stand a greater chance of flying under threshold-based monitors
than a bit-by-bit approach, but would also decrease the speed of the attack.

For those interested in timing (errors/dns) as an outbound channel, we
wrote a paper last year along with a PoC tool. Both are accessible at
http://www.sensepost.com/research/squeeza/
We decided on the bit-by-bit approach as we tended to be less prone to
falling asleep while waiting for output as compared to other timing
strategies we attempted...

Regards
- --
marco
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREDAAYFAkism1sACgkQiAIcbqYz6hlx0QCfeQLTIWeYOur5hTE8WSrpWgzv
n24An0VJ/UB5HmOuZdrn0wgpadLeieyg
=RmrE
-END PGP SIGNATURE-



 ** CRM114 Whitelisted by: From [EMAIL PROTECTED] **

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

[Tom Brennan]

Guess he has not been to www.owasp.org recently...

==
Sent via blackberry, call 973-202-0122 to further discuss this email if 
required.

-Original Message-
From: "Michael Krymson" <[EMAIL PROTECTED]>

Date: Wed, 20 Aug 2008 15:18:24 
To: 
Subject: Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability

[CORE Security Technologies Advisories]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

  Core Security Technologies - CoreLabs Advisory
   http://www.coresecurity.com/corelabs/

   vBulletin Cross Site Scripting Vulnerability


*Advisory Information*

Title: vBulletin Cross Site Scripting Vulnerability
Advisory ID: CORE-2008-0813
Advisory URL: http://www.coresecurity.com/my-advisory
Date published: 2008-08-20
Date of last update: 2008-08-19
Vendors contacted: vBulletin team
Release mode: Coordinated release


*Vulnerability Information*

Class: XSS flaw
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A 
CVE Name: N/A   


*Vulnerability Description*

vBulletin [1] is a community forum solution for a wide range of users,
including industry leading companies. A XSS vulnerability has been
discovered that could allow an attacker to carry out an action
impersonating a legal user, or to obtain access to a user's account.
This flaw allows unauthorized disclosure and modification of
information, and it allows disruption of service.


*Vulnerable Packages*

. vBulletin 3.7.2 Patch Level 1.
. vBulletin 3.6.10 Patch Level 3.
. Older versions are probably affected too, but they were not checked.


*Non-vulnerable Packages*

. vBulletin 3.7.2 Patch Level 2.
. vBulletin 3.6.10 Patch Level 4.


*Vendor Information, Solutions and Workarounds*

vBulletin team has released patches for this flaw (see [2]), and new
fixed versions of vBulletin (3.6.11 and 3.7.3) will be available on
Tuesday, August 26th. Refer to [3] for more details.


*Credits*

This vulnerability was discovered and researched by Federico Muttis from
Core Security Technologies.


*Technical Description / Proof of Concept Code*

This is a Cross Site Scripting (XSS) vulnerability within vBulletin
community forum solution. In order to exploit this flaw the following
option needs to be activated:
'http://victim/vBulletin/profile.php?do=editoptions' (Show New Private
Message Notification Pop-Up enabled). There are many forums with this
option enabled by default for all new users.

The title is not being encoded in the following rendered HTML code:

/---



- ---/

The variable '$newpm[title]' in 'install/vbulletin-style.xml' was
previously de-sanitized in 'global.php' and only slash-escaping survives:

/---

//
#
// get new private message popup
$shownewpm = false;
if ($vbulletin->userinfo['pmpopup'] == 2 AND
$vbulletin->options['checknewpm'] AND $vbulletin->userinfo['userid'] AND
!defined('NOPMPOPUP'))
{
$userdm =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdm->set_existing($vbulletin->userinfo);
$userdm->set('pmpopup', 1);
$userdm->save(true, 'pmpopup'); // 'pmpopup' tells db_update to issue a
shutdownquery of the same name
unset($userdm);

if (THIS_SCRIPT != 'private' AND THIS_SCRIPT != 'login')
{
$newpm = $db->query_first("
SELECT pm.pmid, title, fromusername
FROM " . TABLE_PREFIX . "pmtext AS pmtext
LEFT JOIN " . TABLE_PREFIX . "pm AS pm USING(pmtextid)
WHERE pm.userid = " . $vbulletin->userinfo['userid'] . "
AND pm.folderid = 0
ORDER BY dateline DESC
LIMIT 1");

$newpm['username'] =
addslashes_js(unhtmlspecialchars($newpm['fromusername'], true), '"');
$newpm['title'] = 
addslashes_js(unhtmlspecialchars($newpm['title'],
true), '"');
$shownewpm = true;
}
}

- ---/

Which of course allows XSS attacks.

The 'alert' Proof of Concept (PoC) exploit would be to write a PM to the
user you want to attack with this subject:

/---

- -->alert(/xss/.source)

[Full-disclosure] [ MDVSA-2008:176 ] mtr

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2008:176
 http://www.mandriva.com/security/
 ___

 Package : mtr
 Date: August 20, 2008
 Affected: Corporate 4.0
 ___

 Problem Description:

 A stack-based buffer overflow was found in mtr prior to version 0.73
 that allowed remote attackers to execute arbitrary code via a crafted
 DNS PTR record, when called with the --split option (CVE-2008-2357).
 
 The updated packages provide mtr 0.73 which corrects this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357
 ___

 Updated Packages:

 Corporate 4.0:
 c98d0d2dd309c5e2c682f9856fc4a3f4  
corporate/4.0/i586/mtr-0.73-0.1.20060mlcs4.i586.rpm
 30ec5571b686d8cca39b298ce4e2bf85  
corporate/4.0/i586/mtr-gtk-0.73-0.1.20060mlcs4.i586.rpm 
 b7167d193a2deb8fdd9b95d3bcaf4675  
corporate/4.0/SRPMS/mtr-0.73-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 740038eccdac13acd2bedb4469ecbbfc  
corporate/4.0/x86_64/mtr-0.73-0.1.20060mlcs4.x86_64.rpm
 402ab38bff420a063010b88593e0fc5f  
corporate/4.0/x86_64/mtr-gtk-0.73-0.1.20060mlcs4.x86_64.rpm 
 b7167d193a2deb8fdd9b95d3bcaf4675  
corporate/4.0/SRPMS/mtr-0.73-0.1.20060mlcs4.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrF2xmqjQ0CJFipgRAoN9AKDswTeqPU5xaFFInlBddSlMK2etlwCfeqOx
gRxEkoZdoJ/un1RQL037zLQ=
=mQNB
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

[Michael Krymson]

That depends. How does your definition differ between script kiddies and a
pen-tester that wants to maximize efficiency, especially over a task that
might be boring to accomplish manually or develop one's own script for?

What would you like OWASP to do for you? Feel free to offer suggestions!

On Wed, Aug 20, 2008 at 10:05 AM, Robert Holgstad <[EMAIL PROTECTED]>wrote:

> so does owasp do anything useful or just cater to script kiddies?
>
>
> On Wed, Aug 20, 2008 at 9:42 AM, James Fisher <
> [EMAIL PROTECTED]> wrote:
>
>>
>> A new version of the OWASP DirBuster Project is ready to be downloaded.
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2008:175 ] yelp

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2008:175
 http://www.mandriva.com/security/
 ___

 Package : yelp
 Date: August 20, 2008
 Affected: 2008.0, 2008.1
 ___

 Problem Description:

 A format string vulnerability was discovered in yelp after version
 2.19.90 and before 2.24 that could allow remote attackers to execute
 arbitrary code via format string specifiers in an invalid URI on the
 command-line or via URI helpers in Firefox, Evolution, or possibly
 other programs (CVE-2008-3533).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 a719b8c3aea21146f01af266c3b45fc7  
2008.0/i586/yelp-2.20.0-3.7mdv2008.0.i586.rpm 
 0d2ef45c8b12d4f07161b92be7601a2f  2008.0/SRPMS/yelp-2.20.0-3.7mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5412717db7dd8419ce9b28c4de7307ab  
2008.0/x86_64/yelp-2.20.0-3.7mdv2008.0.x86_64.rpm 
 0d2ef45c8b12d4f07161b92be7601a2f  2008.0/SRPMS/yelp-2.20.0-3.7mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 6f58eb4d621798e98aec55cda0900990  
2008.1/i586/yelp-2.22.0-2.4mdv2008.1.i586.rpm 
 10880d9090a2cb089674fca828560fe5  2008.1/SRPMS/yelp-2.22.0-2.4mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 bd939bf4ff92cf5171e59ffac790a9f4  
2008.1/x86_64/yelp-2.22.0-2.4mdv2008.1.x86_64.rpm 
 10880d9090a2cb089674fca828560fe5  2008.1/SRPMS/yelp-2.22.0-2.4mdv2008.1.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrEFAmqjQ0CJFipgRAuLEAJ9KDSCeFyY8HjcJzlM1SGEfWoEI2ACgpNvN
xqbFKzWnaU80M6SlfK8aUzk=
=LKaS
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

[William McAfee]

A pen tester could use it to see if they can use it to find directories
for admin scripts that rely on the assumption that the attacker does not
know where to find it.

On Wed, 2008-08-20 at 10:05 -0500, Robert Holgstad wrote:
> so does owasp do anything useful or just cater to script kiddies?
> 
> On Wed, Aug 20, 2008 at 9:42 AM, James Fisher
> <[EMAIL PROTECTED]> wrote:
> 
> A new version of the OWASP DirBuster Project is ready to be
> downloaded.
> 
> If you are not familiar with this OWASP project, DirBuster is
> a multi
> threaded java application designed to brute force directories
> and
> files names on web/application servers. Often is the case now
> of what
> looks like a web server in a state of default installation is
> actually
> not, and has pages and applications hidden within. DirBuster
> attempts
> to find these.
> 
> Features include:
> 
> * Multi threaded has been recorded at over 6000
> requests/sec
> * Works over both http and https
> * Scan for both directory and files
> * Will recursively scan deeper into directories it finds
> * Able to perform a list based or pure brute force scan
> * DirBuster can be started on any directory
> * Custom HTTP headers can be added
> * Proxy support
> * Auto switching between HEAD and GET requests
> * Content analysis mode when failed attempts come back as
> 200
> * Custom file extensions can be used
> * Performance can be adjusted while the program in running
> * Supports Basic, Digest and NTLM auth
> 
> Further information and downloads can be found at
> https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
> 
> James Fisher
> 
> 
> This message was sent using IMP, the Internet Messaging
> Program.
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OWASP DirBuster 0.11.1 Released

[Robert Holgstad]

so does owasp do anything useful or just cater to script kiddies?

On Wed, Aug 20, 2008 at 9:42 AM, James Fisher <
[EMAIL PROTECTED]> wrote:

>
> A new version of the OWASP DirBuster Project is ready to be downloaded.
>
> If you are not familiar with this OWASP project, DirBuster is a multi
> threaded java application designed to brute force directories and
> files names on web/application servers. Often is the case now of what
> looks like a web server in a state of default installation is actually
> not, and has pages and applications hidden within. DirBuster attempts
> to find these.
>
> Features include:
>
> * Multi threaded has been recorded at over 6000 requests/sec
> * Works over both http and https
> * Scan for both directory and files
> * Will recursively scan deeper into directories it finds
> * Able to perform a list based or pure brute force scan
> * DirBuster can be started on any directory
> * Custom HTTP headers can be added
> * Proxy support
> * Auto switching between HEAD and GET requests
> * Content analysis mode when failed attempts come back as 200
> * Custom file extensions can be used
> * Performance can be adjusted while the program in running
> * Supports Basic, Digest and NTLM auth
>
> Further information and downloads can be found at
> https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
>
> James Fisher
>
> 
> This message was sent using IMP, the Internet Messaging Program.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OWASP DirBuster 0.11.1 Released

[James Fisher]

A new version of the OWASP DirBuster Project is ready to be downloaded.

If you are not familiar with this OWASP project, DirBuster is a multi  
threaded java application designed to brute force directories and  
files names on web/application servers. Often is the case now of what  
looks like a web server in a state of default installation is actually  
not, and has pages and applications hidden within. DirBuster attempts  
to find these.

Features include:

 * Multi threaded has been recorded at over 6000 requests/sec
 * Works over both http and https
 * Scan for both directory and files
 * Will recursively scan deeper into directories it finds
 * Able to perform a list based or pure brute force scan
 * DirBuster can be started on any directory
 * Custom HTTP headers can be added
 * Proxy support
 * Auto switching between HEAD and GET requests
 * Content analysis mode when failed attempts come back as 200
 * Custom file extensions can be used
 * Performance can be adjusted while the program in running
 * Supports Basic, Digest and NTLM auth

Further information and downloads can be found at
https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

James Fisher


This message was sent using IMP, the Internet Messaging Program.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper

[Sir Mordred]

Great (and simple) idea!

Further optimization of the side-channel transfer rate could be
possible (depending on the victim response times and other factors),
so limiting it to 4 bits per query is unnecessary.

Details: http://www.logris.org/security/deep-blind-sql-injection

Cheers,
Mordred

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] BSQL Hacker 0.9.0.7 - Advanced SQL Injection Framework / Tool

[Ferruh Mavituna]

BSQL Hacker is an automated SQL Injection Framework / Tool designed to
exploit SQL injection vulnerabilities virtually in any database.

It ships with Automated Attack modules which allows to dump whole database:

   - SQL Server
   - ORACLE
   - MySQL (*experimental*)

Attack Templates :

   - MS Access
   - MySQL
   - ORACLE
   - PostgreSQL
   - MS SQL Server

Also you can write your own attack template for any other database as well (
*see the manual for details*). New attack templates and exploits for
specific web application can be shared via Exploit Repository.

BSQL Hacker aims for experienced users as well as beginners who want to
automate SQL Injections (especially Blind SQL Injections).

It supports :

   - Blind SQL Injection (Boolean Injection)
   - Full Blind SQL Injection (Time Based)
   - Deep Blind SQL Injection (a new way to exploit BSQLIs, explained in
   here : http://labs.portcullis.co.uk/application/deep-blind-sql-injection/
   )
   - Error Based SQL Injection

It allows metasploit alike exploit repository to share and update exploits
and attack tempate.

*Download, Screenshots, Source Code and More Information :*
http://labs.portcullis.co.uk/application/bsql-hacker/

*Injection Wizard Video:
*http://www.vimeo.com/1536040?pg=embed&sec=1536040

-- 
Ferruh Mavituna
http://ferruh.mavituna.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/