Ghost (or Ghosts):
Do not taunt the lad! I believe he is onto something.
In fact, anonymous sources in the Internet Underground assert that
there are indeed numerous _other_ exploitable vectors in the
application under Mssr. WHK's watchful eye, including (it would seem),
Remote File Inclusion, SQ
[Advisory Summary]
---
Advisory Author : Adriel T. Desautels
Researcher : Kevin Finisterre
Advisory ID : NETRAGARD-20091219
Product Name: Mac OS X Java R
You are very stupid.
On Tue, Dec 29, 2009 at 12:12 PM, WHK wrote:
> Is not a feature, the vulnerabilities are controled by
> /vulnerabilities/[id vuln]/* no in file view_source.php.
>
> If an sistem have SQL inyection is a feature?
> mysql_query(' select * from '.$_GET['table']);
> is a feature?
Is not a feature, the vulnerabilities are controled by
/vulnerabilities/[id vuln]/* no in file view_source.php.
If an sistem have SQL inyection is a feature?
mysql_query(' select * from '.$_GET['table']);
is a feature?
___
Full-Disclosure - We believe
Another Bug in RealPlayer Plus 11
Dec 29, 2009
-- Affected Vendors:
Real Networks
-- Affected Products:
RealPlayer Plus 11
-- Vulnerability Details:
After instalation of RealPlayer Plus 11 is possible to iniciate Real
Player while viewing a website using HTML and Internet Explorer 8.
It loads u
The app is meant to be vulnerable so this is not a disclosure but a feature.
--Original Message--
From: WHK
Sender: full-disclosure-boun...@lists.grok.org.uk
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] File Disclosure in DAMN VULNERABLE WEB APPversion
1.0.6
Sent: Dec 2
The problem is here:
vulnerabilities/view_source.php Line 11 and 12:
$id = $_GET[ 'id' ];
$security = $_GET[ 'security' ];
vulnerabilities/view_source.php Line 41:
$source = @file_get_contents(
DVW
On Tue, Dec 29, 2009 at 12:08 PM, T Biehn wrote:
> This is a hiroshima versus 'harmless' mountain demonstration debate,
> Lee. Because the post includes the raw data including ports, passwords
> and ranges one must assume
no, I don't >have< to make that assumption
> that "Cilia Pretel Gallo"
On Tue, 29 Dec 2009 02:23:24 PST, Cilia Pretel Gallo said:
> Also, connections on ports 23 and 80, from any IP address, will access the
> modem configuration options. Last year that could be done only from private
> IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from
> anywher
Dear List,
WAFP is an easy to use Web Application Finger Printing tool written in
ruby using sqlite3 databases for storing the fingerprints.
The release talk was just today at the 26c3 in Berlin, Germany. The
slides are also available...
Website: http://mytty.org/wafp/
Repository: http://code.g
Just another point to add to the dangers, once they have access to the
router/modem simply setting up some port forwarding is going to give internal
access, quick look at the DHCP client list forward the most prominent ports
that are in use or stick interesting clients in a DMZ and attack away.
This is a hiroshima versus 'harmless' mountain demonstration debate,
Lee. Because the post includes the raw data including ports, passwords
and ranges one must assume that "Cilia Pretel Gallo" was appealing to
the lowest common denominator, to a group of individuals where
checking NRO whois db for
On Tue, Dec 29, 2009 at 10:23 AM, T Biehn wrote:
> This is an orgiastic dump of information, you must really hate ETB; or
> you must be really excited for lulz.
>
or you're hoping that full disclosure will get ETB to fix the problem.
Regard,
Lee
> -Travis
>
> On Tue, Dec 29, 2009 at 5:23 AM, C
This is an orgiastic dump of information, you must really hate ETB; or
you must be really excited for lulz.
-Travis
On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
wrote:
> I've recently discovered a security hole on the modems (which double as
> routers) used by a Colombian ISP - ETB.
>
>
==
Secunia Research 29/12/2009
- AproxEngine Multiple Vulnerabilities -
==
Table of Contents
Affected Software
FreeWebshop.org: multiple vulnerabilities
Yorick Koster, March 2009
Abstract
--
I've recently discovered a security hole on the modems (which double as
routers) used by a Colombian ISP - ETB.
It so happens that all incoming connections to an IP address on said ISP on
port 23 or port 80 land on the modem instead of the computer(s) connected to
it. Even if one tries to redir
A new version of Wapiti was released : version 2.2.0.
Wapiti is a security scanner looking for vulnerabilities in web
applications.
The Wapiti code is platform independant (written in Python) and released
under the terms of the GPL license.
What's new in this version :
Added a manpage.
Int
18 matches
Mail list logo