Re: [Full-disclosure] Slashdot defacement screenshot
and we should believe a photo? sweet. -- Founder/Activist http://fusecurity.com/ | Free Security Technology ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot defacement screenshot
it must be true if it's on the internet sunjester wrote: and we should believe a photo? sweet. -- Founder/Activist http://fusecurity.com/ | Free Security Technology ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Former British cop 'has bank details of 40 million people'
http://www.news.com.au/technology/story/0,28348,25828444-5014239,00.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Stored XSS on Communigate Pro 5.2.14 and prior versions
- Description The Communigate Pro webmail framework is prone to a stored Cross Site Scripting vulnerability through crafted plain text email messages. - Affected version: 5.2.14 and prior as reported from Communigate: http://www.communigate.com/cgatepro/History52.html - Details This vulnerability can be exploited if an attacker sends a plain text message to the victim address containing a malicious crafted URL; the internal parser fails to parse the malicious URL and executes Javascript code every time user reads the message. An attacker may be able to use this vulnerability to steal sensitive information from a user's computer (e.g. current SessionID) or force the user's computer to execute stealed operations. - Example of crafted URL http://www.example.com/z=;scriptalert(document.cookie)/scriptf= - Patch Install Communigate Pro 5.2.13 5.2.15 15-Jul-2009: * Bug Fix: WebUser: 5.1.2: links in plain text messages could be processed incorrectly. - Communigate http://www.communigate.com/cgatepro/ -- Andrea Purificato http://rawlab.mindcreations.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISecAuditors Security Advisories] Joomla! 1.5.12 Multiple Full Path Disclosure vulnerabilities
= INTERNET SECURITY AUDITORS ALERT 2009-009 - Original release date: July 21st, 2009 - Last revised: July 23rd, 2009 - Discovered by: Juan Galiana Lara - Severity: 5/10 (CVSS Base Score) = I. VULNERABILITY - Joomla! 1.5.12 Multiple Full Path Disclosure vulnerabilities II. BACKGROUND - Joomla! is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications. Many aspects, including its ease-of-use and extensibility, have made Joomla! the most popular Web site software available. Best of all, Joomla! is an open source solution that is freely available to everyone. III. DESCRIPTION - This vulnerability could allow a malicious user to view the internal path information of the host due to some files were missing the check for JEXEC. IV. PROOF OF CONCEPT - The attacker can get the full path of the instalation of Joomla! browsing to any of this urls: http://example.com/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php http://example.com/joomla-1.5.12/libraries/joomla/client/ldap.php http://example.com/joomla-1.5.12/libraries/joomla/html/html/content.php The information obtained contais the full path to the files: bParse error/b: syntax error, unexpected T_CLONE, expecting T_STRING in b/var/www/joomla-1.5.12/libraries/joomla/utilities/compat/php50x.php/b on line b100/bbr / bFatal error/b: Class 'JObject' not found in b/var/www/joomla-1.5.12/libraries/joomla/client/ldap.php/b on line b21/bbr / bFatal error/b: Class 'JLoader' not found in b/var/www/joomla-1.5.12/libraries/joomla/html/html/content.php/b on line b15/bbr / V. BUSINESS IMPACT - Full path disclosure vulnerabilities enables an attacker to know the path to the web root. This information can be used in order to launch further attacks. VI. SYSTEMS AFFECTED - Joomla! versions prior and including 1.5.12 are vulnerable. VII. SOLUTION - Upgrade to version 1.5.13 VIII. REFERENCES - http://www.joomla.org http://www.isecauditors.com IX. CREDITS - This vulnerability has been discovered by Juan Galiana Lara (jgaliana (at) isecauditors (dot) com). X. REVISION HISTORY - July 21, 2009: Initial release. July 23, 2009: Last revision. XI. DISCLOSURE TIMELINE - July 21, 2009: Discovered by Internet Security Auditors. July 21, 2009: Vendor contacted. July 22, 2009: Joomla! publish update. Great job. July 24, 2009: Advisory published. XII. LEGAL NOTICES - The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. Internet Security Auditors accepts no responsibility for any damage caused by the use or misuse of this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot hacked?
How can one work as a CISSP? Please enlighten us, as it seems you get God-almighty-like superpowers when you manage to land on a job like that. Myself, I'm still a Not a CISSP. http://www.veracode.com/blog/2008/04/not-a-cissp/ On Thu, 2009-07-23 at 23:24 +, Danila Wartho wrote: Hello Valter, To: compsec...@hotmail.com CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Slashdot hacked? From: valdis.kletni...@vt.edu Date: Thu, 23 Jul 2009 18:23:57 -0400 On Thu, 23 Jul 2009 21:47:42 -, Compsec Guy said: What's wrong with Slashdot today? Oh my ghod, it's full of jews!! I don't see what the point is in pulling in the Germans in this discussion.. (Hint: Before posting to a worldwide list asking what's wrong with a site, a few things to check: 0) Wait at least 5-10 minutes to make sure it's not a short-lived issue that will be fixed before people have a chance to read your mail. Go have a beer, or a cookie, or something else age-appropriate. It will probably be better by the time you get back. The reverse should also apply. Now, did you wait 5-10 minutes to see if it was really hacked? 1) Ask a friend (preferably in another country, or at least a different ISP) whether they see the issue as well. I work as a CISSP at an ISP. I know how these things works. You're out of control, man! 2) Describe any steps you've taken to verify the problem isn't at your end. For instance, if you're using somebody else's wireless connection, maybe this happened to you: http://www.ex-parrot.com/pete/upside-down-ternet.html There's no need. As I said, I'm a CISSP. Now you get back to school, seems as if you still got stuff to learn about how the Internet works. 3) Bill Joy's Law of Demos: Never precede a demo with anything more predictive than 'Watch This!'. When reporting a problem, don't do that. Give at least a rough idea of what you are observing - site times out, connection refused, connects but no pages returned, all pages have either goatse or n3td3v pictures on them, etc... You've got an attitude problem. I'm sorry, but you need help. For the record, it looks fine from here (at least the front page) Latest story posted: Ask Slashdot: How To Vet Clever Ideas Without Giving Them Away? on Thursday July 23, @06:00PM Posted by timothy on Thursday July 23, @06:00PM from the don't-clever-ideas-want-to-be-free? dept. So what do you *think* the problem is? You tell me. - Danila __ Inte bara e-post - Windows LiveT är mycket mer än din inkorg. Mer än bara meddelanden -- .: ANTI-SPAM C.E.S.A.R :. Esta mensagem foi automaticamente classificada como LEGÍTIMA Se você acredita que É SPAM clique aqui ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ulisses Montenegro ulisses.montene...@cesar.org.br Engenheiro de Sistemas Centro de Estudos e Sistemas Avançados do Recife http://www.cesar.org.br/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Drupal 6 Date/Calendar XSS Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vulnerability Report
Date of Original Vendor Contact: May 19, 2009 11:45 GMT -0400
Report Number: 8890
Author: Justin C. Klein Keane jus...@madirish.net
Details of this vulnerability are also posted at the public URL
http://lampsecurity.org/drupal-date-xss-vulnerability
Description of Vulnerability
-
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL that provides extensibility through various
third party modules. The Date and Calendar modules
(http://drupal.org/project/date, http://drupal.org/project/calendar)
provides functionality for constructing views based on dates for
calendar type displays. The Calendar module suffers from a cross site
scripting (XSS) vulnerability due to the fact that it does not properly
sanitize names during display.
Systems affected:
- -
Drupal 6.12 with Date 6.x-2.2, Calendar 6.x-2.1 and Views 6.x-2.6 was
tested and shown to be vulnerable
Impact
- --
Authenticated users can exploit this vulnerability to escalate privilege
and take control of the web server process.
Mitigating factors:
- ---
Attacker must have 'use date tools' permissions in order to exploit this
vulnerability. Permissions to 'administer views' are required to be
affected by the XSS (otherwise injected code results on pages to which
the user is denied access).
Proof of concept:
- -
1. Install Drupal 6.12.
2. Install Views, Date, and Calendar and enable all functionality
through Administer - Modules
3. Click Administer - Content management - Date Tools
4. Click 'Date wizard' to create a new content type
5. Enter scriptalert('xss');/script in the Content type label
textarea
6. Enter arbitrary data in other fields
7. Click 'save' to view JavaScript alert
Alternatively this XSS can also be triggered by viewing content type:
1. Click Administer - Content management - Date tools
2. Click the 'calendar_date' link next to the new content type
3. Observe JavaScript alert
Alternatively this XSS can also be triggered by editing the new view
from Administer - Site building - Views and clicking 'Edit' next to
the new 'calendar_date' view.
Timeline:
- ---
05-19-09 Drupal security notified of vulnerability
05-21-09 Drupal security acknowledges vulnerability, advises June 3 fix
06-02-09 Drupal security advises module maintainer asks for extension,
advise June 10 fix
06-10-09 Drupal security advises revised fix schedule
07-23-09 ORIGINATOR advises over a month has passed without update and
that disclosure will be made within 24 hours unless circumstances have
changed. ORIGINATOR receives no response.
07-24-09 Public disclosure
Patch
- --
In order to mitigate this vulnerability apply the following patch:
- --- calendar/includes/calendar_plugin_display_page.inc 2009-01-10
15:04:17.0 -0500
+++ calendar/includes/calendar_plugin_display_page.inc 2009-07-24
08:55:23.234846590 -0400
@@ -107,7 +107,7 @@ class calendar_plugin_display_page exten
$options['calendar_date_link'] = array(
'category' = 'calendar_settings',
'title' = t('Add new date link'),
- - 'value' = !empty($default) ? node_get_types('name', $default)
: '',
+ 'value' = !empty($default) ? check_plain(node_get_types('name',
$default)) : '',
);
}
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iQD1AwUBSmm1bZEpbGy7DdYAAQKPIgb+O9ptCtRsCVvOTBfqZmMYClds1CHtBDWq
wdvEYiK6tsuVIcU6rEFjgGnrIEYz3mGTjxtIrdi9Y6YMfBKOX3TsjPt0SfjD3EwM
PLn40cRITh1vOXyvxqUZYDeOwh/3hdOZ1ecGG7vcpcClcc+dcIjrZxLzFy+qkClE
1JxkRIY8xrYMUM1uwBOvbx9n8C40RPhJJuqlrl3g44BLtkCjKuHL0DjGXeuJRRRB
AS4fI2YjwSHJv8I8KqiBy25tJgtCXxoSS81Wk6uXshlbgk4kfUP/MXtYQA/m+5SV
2tBY5Bn5qx8=
=h7na
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot defacement screenshot
Or is some anonymous m1sp311ing twit s41d it was --On Friday, July 24, 2009 01:48:57 -0500 Cance Consulting cance.consult...@gmail.com wrote: it must be true if it's on the internet sunjester wrote: and we should believe a photo? sweet. -- Paul Schmehl (pa...@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ p7seBoJQRuf6n.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Oracle CPUjul2009
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi. Information about four vulnerabilities patched in Oracle CPUjul2009: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html ... is published at: CVE-2009-1970: http://blogs.conus.info/node/26 CVE-2009-1963 http://blogs.conus.info/node/25 CVE-2009-1019 http://blogs.conus.info/node/24 CVE-2009-1020 http://blogs.conus.info/node/23 - -- My PGP public key: http://yurichev.com/dennis.yurichev.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpqGgMACgkQ1YPmFmJG++NFPgCeMamcAUCDukcKDtD97hHddD1k DmoAnjnmgL5o336jjgWDegy+Fb6ah2nZ =izCd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slashdot hacked?
On Thu, 23 Jul 2009 21:47:42 -, Compsec Guy said: What's wrong with Slashdot today? Oh my ghod, it's full of ponies!! (Hint: Before posting to a worldwide list asking what's wrong with a site, a few things to check: 0) Wait at least 5-10 minutes to make sure it's not a short-lived issue that will be fixed before people have a chance to read your mail. Go have a beer, or a cookie, or something else age-appropriate. It will probably be better by the time you get back. 1) Ask a friend (preferably in another country, or at least a different ISP) whether they see the issue as well. 2) Describe any steps you've taken to verify the problem isn't at your end. For instance, if you're using somebody else's wireless connection, maybe this happened to you: http://www.ex-parrot.com/pete/upside-down-ternet.html 3) Bill Joy's Law of Demos: Never precede a demo with anything more predictive than 'Watch This!'. When reporting a problem, don't do that. Give at least a rough idea of what you are observing - site times out, connection refused, connects but no pages returned, all pages have either goatse or n3td3v pictures on them, etc... For the record, it looks fine from here (at least the front page) Latest story posted: Ask Slashdot: How To Vet Clever Ideas Without Giving Them Away? on Thursday July 23, @06:00PM Posted by timothy on Thursday July 23, @06:00PM from the don't-clever-ideas-want-to-be-free? dept. So what do you *think* the problem is? pgpJgzJgAZyZq.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] GIF89A - Maximum expected value of LZW Minimum Code Size
Hi, What is maximum value that can be used for LZW Minimum Code Size for GIF89A images?. My guess is 11 decimal as the maximum output code value is FFF (12 bits). It seems that this field can be used to generate buffer flows in remote machines. Thanks -nsmurthy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
