It's no secret that there are tons of broadband routers/modems with
exposed admin interfaces (HTTP/SSH/Telnet/whatever) using default/weak
credentials.
While the Chuck Norris botnet is interesting in that it shows that the
problem is real, it shouldn't surprise anyone who has researched the
Hi there,
We just published a research paper on the topic of attacking magstripe
gift cards with a focus on unauthorized purchases. It is based on
research conducted on a large number of UK gift cards.
The paper also provides a series of guidelines and tips for developers
and systems architects
it's always been possible to steal local files if you can convince a
user to open a harmless html file from their local filesystem. this
is possible because the scripting code runs within local context (in
FF terminology - not sure what Safari calls it).
last time i checked [1] [2] FF didn't even
I couldn’t find any public PoC for this phpMyAdmin vulnerability, so I
wrote one:
http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
--
Adrian P. | Senior
.
2008/10/31 Adrian P [EMAIL PROTECTED]:
Hello folks,
Yesterday, I presented for the first time [1] a new method to perform
universal website hijacking by exploiting content filtering features
commonly supported by corporate firewalls. I briefly discussed [2] the
finding on GNUCITIZEN
just said it was a recent
(or as you might put it, *recent*) example of this type of
vulnerability. I've this sort of vuln myself with client software and
so has a number of other people I know. Glad to see the majority of
your email is completely irrelevant.
2008/11/1 Adrian P [EMAIL
Hello folks,
Yesterday, I presented for the first time [1] a new method to perform
universal website hijacking by exploiting content filtering features
commonly supported by corporate firewalls. I briefly discussed [2] the
finding on GNUCITIZEN in the past without giving away the details, but
http://www.gnucitizen.org/blog/call-jacking
* Call Jacking: Phreaking the BT Home Hub *
OK, this is a bit of a funny attack - although it could also be used
for criminal purposes! After playing with the BT Home Hub for a while
(again!) [1], pdp and I discovered that attackers can steal/hijack
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5
It's known that UPnP [1] is inherently insecure for a very simple
reason: administrative tasks can be performed on a Internet Gateway
Device (IGD) without needing to know the admin password whatsoever!
This on its own is quite
http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs
The following vulns were found on 24 June 2007 and were tested against
firmware V1.00.06. The specific persistent XSS holes mentioned in this
advisory were fixed by Cisco on firmware
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
The BT Home Hub, which is probably the most popular home router in the
UK, is susceptible to critical vulnerabilities.
BT's plan is to sneak one of this boxes into every UK home. Not only
does the BT Home Hub support broadband but
There are two vanilla XSS on 'wp-register.php'. Only versions =2.0.1
appear to be affected.
More info can be found on GNUCITIZEN's BlogSecurity:
http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/
Regards,
--
pagvac
gnucitizen.org, ikwt.com
On 9/7/07, Henri Lindberg - Smilehouse Oy [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Louhi Networks Oy
-= Security Advisory =-
Advisory: Buffalo AirStation WHR-G54S Web Management CSRF
14 matches
Mail list logo