Hi,
[EMAIL PROTECTED] wrote:
---8--- full quote deleted ---8---
Members are expected to maintain a reasonable standard of netiquette
when posting to the list.
since you mentioned netiquette: Learn to quote.
GTi
___
Full-Disclosure - We believe in
Hello Andrew,
I shall completely ignore the e-mails that followed your reply, as they
seem to me completly out of the subject and and the same time some of
which offensive to me!
Let's go into more detauls on that backdoor.
I created the file test1.sh containing:
[EMAIL PROTECTED]:~/hacki$ cat
[EMAIL PROTECTED] wrote:
Are you saying I just injected my system with an account with root access
hiding somewhere? Please, clarify.
as you can tell by the subject, this is a BACKDOOR, you run it as root,
and yes, than it works and creates a new root account
you ran it as a normal user, so
Hello Rik,
and how on earth can you make root run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the new application root will be installing to run as
expected?
Indeed, it is hard to tell what it actually does... unless you
[EMAIL PROTECTED] wrote:
Hello Rik,
and how on earth can you make root run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the new application root will be installing to run as
expected?
snip
very simple, YOU own the box
[EMAIL PROTECTED] wrote:
Hello Rik,
and how on earth can you make root run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the new application root will be installing to run as
expected?
If you need someone to spell out
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-002
Advisory ID: PHPADSNEW-SA-2006-002
Date:
The Security Forum, hosted by the Tel Aviv University, is back for another
year!
3rd of December, 2006. 18:00 (6 P.M.).
Location: Tel Aviv University Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp
Site: http://www.cs.tau.ac.il/tausec/
Attendance is free.
Schedule:
-
18:00 -
J. Oquendo,
Sorry for my ever asking for clarification on plague.
Keep the good work.
Maybe I will be unsubscribed by the time you read those lines, who knows?
cheers,
-nik
[EMAIL PROTECTED] wrote:
Hello Rik,
and how on earth can you make root run that piece of code? Do you have
to
===
Ubuntu Security Notice USN-368-1 October 23, 2006
qt-x11-free vulnerability
CVE-2006-4811
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu
Luis,
Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator%COMSPEC% /K
dir\\?\AA
AAA
A
For some reason this didn't make it to the list, so forwarding...
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station http://www.thebunker.net
Marshborough Road
Sandwich
cheers man,
i'd do the same;-)
-nik
You always get these i'm l33t and like to insult people kind of goons on
unmoderated lists.
They're good for a laugh, but usually I just ignore them or if they are
particularly odious I filter them to trash. There's still good
information
to be found
Le Lundi 23 Octobre 2006 18:07, Tillmann Werner a écrit :
Luis,
Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator%COMSPEC% /K
dir\\?\AA
A
AA A
As requested by several of the folks that went to hack.lu - 2006 I have
posted the code for the 'GenerationTwo' InqTana variant at
http://www.digitalmunition.com/hacklu.html
For those that missed it Thierry Zoller of nruns demonstrated a remote
exploitation of CVE-2005-1333 as a means to
NameVarious Cross-Site-Scripting Vulnerabilities in Oracle Reports
[REP01], [REP02]
SeverityLow Risk
CategoryCross Site Scripting (CSS/XSS)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 18 July 2006 (V 1.0)
NameSQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES
Systems Affected Oracle APEX/HTMLDB
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 18 October
Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG
Name Cross-Site-Scripting Vulnerabilitiy in Oracle APEX
NOTIFICATION_MSG
Systems AffectedOracle APEX/HTMLDB
SeverityMedium Risk
CategoryCross Site Scripting (XSS/CSS)
Vendor URL
Name Cross-Site-Scripting Vulnerability in Oracle APEX
WWV_FLOW_ITEM_HELP
Systems AffectedOracle APEX/HTMLDB
SeverityMedium Risk
CategoryCross Site Scripting (XSS/CSS)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at
NameModify Data via Inline Views (8107967) [DB09]
Systems AffectedOracle 9i - 10g Rel. 2
SeverityHigh Risk
CategoryUnauthorized Access
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 October 2006 (V
NameSQL Injection in Oracle package SYS.DBMS_SQLTUNE_INTERNAL (6980745)
[DB10]
Systems AffectedOracle 8i-10g Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory
Name SQL Injection in Oracle package SYS.DBMS_CDC_IMPDP [DB04]
Systems AffectedOracle 10g
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 October 2006 (V
Name SQL Injection in Oracle package MDSYS.SDO_LRS (7569081) [DB13]
Systems AffectedOracle 9i Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18
Name SQL Injection in Oracle package XDB.DBMS_XDBZ0 [DB01]/[DB15]
Systems AffectedOracle 9i Rel.2 - 10g Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory
Dear List,
Thanks Kevin for all your time and commitment :)
Slides of the talk (Hack.lu) : http://secdev.zoller.lu/research/hack_lu_2006.pdf
Bluetooth_Cracker : http://secdev.zoller.lu/research/bluetoothcracker.htm
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951
This looks more like the command processor itself is reporting an error
because of length. The %COMSPEC% variable is kind of an odd thing to
use if the shell is already open (you usually see that in VBS to call
the current command shell followed by the /K to keep it open). Then
again I could be
I got a Data Execution Prevention popup message from Windows using the
%COMSPEC% string below as well as just the dir\\?\ string as well.
On 10/23/06 12:31 PM, C. Hamby [EMAIL PROTECTED] wrote:
This looks more like the command processor itself is reporting an error
because of length. The
You always get these i'm l33t and like to insult people kind of goons on unmoderated lists.They're good for a laugh, but usually I just ignore them or if they are particularly odious I filter them to trash. There's still good information to be found every now and again on this list.
On 10/23/06,
On 10/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
This works on Windows SP2 : The system doesn't reply The filename or
extension is too long.
but cmd crash.
Is there a reason that a buffer overflow in cmd.exe matters?
If the attacker is sending arbitrary input to cmd.exe, haven't they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1198-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
October 23rd, 2006
Dear Brian Eaton,
file://
?
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
I don't know whether anyone here uses this software, but I wanted to
report this somewhere. The software in question is a subscription web
service called Comment, run by Bedford St. Martins (a publisher). The
main site is at http://comment.bedfordstmartins.com/ . The only
version I have used
Brian Eaton wrote:
Is there a reason that a buffer overflow in cmd.exe matters?
If the attacker is sending arbitrary input to cmd.exe, haven't they
owned the box anyway?
Without trying to test anything, it just may be exploitable via a
shortcut file or a Packager package, either embedded
file://
?
OK, I'll bite. Why are file:// URLs relevant to the discussion?
It allows arbitrary data to be passed to CMD.EXE, without first owning the
system.
___
Full-Disclosure - We believe in it.
Charter:
Aren't cross-zone urls disallowed by default, though?
Matt Flaschen
Peter Ferrie wrote:
file://
?
OK, I'll bite. Why are file:// URLs relevant to the discussion?
It allows arbitrary data to be passed to CMD.EXE, without first owning the
system.
On 10/23/06, Peter Ferrie [EMAIL PROTECTED] wrote:
file://
?
OK, I'll bite. Why are file:// URLs relevant to the discussion?
It allows arbitrary data to be passed to CMD.EXE, without first owning the
system.
You're telling me that a web page I view in IE can do this?
cmd.exe /K
Vendor: Shop-Script (a division of WebAsyst LLC)
Application: Shop-Script (www.shop-script.com)
I. Descriptions:
Shop-Script is a PHP based shopping cart. Multiple links of
shop-script are vulnerable to a new form of application attack
technique called HTTP Response splitting (aka CRLF
Matthew Flaschen [EMAIL PROTECTED] to Peter, full-disclosure
Aren't cross-zone urls disallowed by default, though?
I agree with Matthew Brian. If cmd.exe can be run from a browser
using file:// irrespective of cross-zone security boundaries then
there are *much* other urgent things to be
what up with that ?
iframe src='gopher://;centerinputbuttonH1bheeelo_word'
width=100% height=100%
:(
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
39 matches
Mail list logo
