Hi Guys,
I think I possible may have found a vulnerability with using RDP / Terminal
services on windows 2003.
If you lock down a server and only allow users who connect to your RDP
connection to run certain applications, users can bypass this and run ANY
application they want. You can do
There is a section in RCP-Tcp Properties on the server under Environment for
Do not allow an initial program to be launched. Always show the desktop.
- Original Message -
From: wicked clown
To: Full-Disclosure@lists.grok.org.uk
Sent: Friday, March 26, 2010 5:04 AM
Subject:
Cheers for that,
I take it back that I haven't found an vulnerability :(, but by default this
isn't enabled which is scary !!
On Fri, Mar 26, 2010 at 9:57 AM, Mr. Hinky Dink d...@mrhinkydink.comwrote:
There is a section in RCP-Tcp Properties on the server under
Environment for Do not allow
There's nothing scary about it. I believe you are incorrectly asserting
that the inclusion of the start the following program on connection has
something to do with locking down the server and/or only allow(ing) users
who connect to your server to run certain applications. I would suggest
Hello Full-Disclosure!
I want to warn you about security vulnerabilities in TooFAST.
-
Advisory: Vulnerabilities in TooFAST
-
URL: http://websecurity.com.ua/4053/
-
Timeline:
17.03.2010 - found vulnerabilities.
Thank you for your comment.
What I was referring to it being scary is that if you create a locked down
group policy that is tighter than a ducks bum and you forget that single
tick (I admit I didn't knew of that option and I bet lots of other people
didn't know about it) you leave your system to
Paypal is affected by an XSS vulnerability where it fails to validate
input for the following url:
https://www.paypal.com/xclick/business=
One can add arbitrary javascript with no need for any filter evasion.
https://www.paypal.com/xclick/business=script alert(xss); /script
As far as I
I think you still misunderstand.
The option you refer to has nothing to do with locking down the server. When
you say things like a locked down group policy that is tighter than a ducks
bum what exactly are you talking about?
Selecting don't allow a startup program to be run simply forces the