Re: [Full-disclosure] Google open redirect

> As for minimal risk I personally don't agree. I have leveraged Unvalidated > URL Redirections in the past to attack clients of sites all the time. It's > highly trivial to point to a site with a metasploit browser bug patiently > waiting and amass quite a large number of sessions in a short perio

Re: [Full-disclosure] Google open redirect

As for minimal risk I personally don't agree. I have leveraged Unvalidated URL Redirections in the past to attack clients of sites all the time. It's highly trivial to point to a site with a metasploit browser bug patiently waiting and amass quite a large number of sessions in a short period of tim

Re: [Full-disclosure] Google open redirect

> _Open_ URL redirectors are trivially prevented by any vaguely sentient > web developer as URL redirectors have NO legitimate use from outside > one's own site so should ALWAYS be implemented with Referer checking There are decent solutions to lock down some classes of open redirectors (and repla

Re: [Full-disclosure] Google open redirect

secure poon wrote: > Problem: > > Google suffers from an open redirect that can be used to trick users into > visiting sites not originating from google.com No -- the real problem here is that Google never learns from these... > Example: > > http://www.google.com/local/add/changeLocale?current

[Full-disclosure] [HITB-Announce] HITB2012AMS Call For Papers Now Open

The Call for Papers for the third annual HITBSecConf in Europe is now open! This year, we're moving to a new, bigger and better venue -- the award winning Okura Hotel right in middle of Amsterdam with easy access via public transportation. #HITB2012AMS will be a quad-track conference featuring keyn

Re: [Full-disclosure] PenTest mag

What are you talking about? The entire time I asked questions cause I wasn't in a position to check myself. The Wordpress qoute was just a reference to the frequent vulnerabilities in plugins and themes. I didn't give a rat ass if the site was secure or not, I was asking questions to confirm if it

Re: [Full-disclosure] PenTest mag

Slightly hard to understand what you're saying but I think I get the point. Reminds me of a qoute from someone "No self respecting hacker would use Wordpress". Can't remember where I read that. On Dec 7, 2011 3:41 PM, "xD 0x41" wrote: > ah k, i have not really looked at it but ye, xss has never r

Re: [Full-disclosure] PenTest mag

hrm interesting! that showed up a bug, but in sql not xss... i have no idea but, this is what my browser spat out "); jQuery("#user_email").val(""); }); if this means maybe... there is a value wich could be added then, it would be interesting to look at WP code, even for my OWN sake. On 8 Dece

Re: [Full-disclosure] PenTest mag

ah k, i have not really looked at it but ye, xss has never ranked to highly with me... but, i guess if it were to be defaced, then people would probably cal it *hacked* lol... i guess people dont get it yet, no one uses theyre web box, as theyre actual, 'safe' ox...not anyone i know. anyhow ye.

Re: [Full-disclosure] PenTest mag

Thank you :) no where near a laptop all day. Nice work tom. Those guys are idiots indeed. On Dec 7, 2011 3:36 PM, "Ferenc Kovacs" wrote: > > http://pentestmag.com/wp-login.php?action=register&user_login=john@somewhere.com%3C/sCrIpT%3E%3CsCrIpT%3Ealert(87118)%3C/sCrIpT%3E > > 2011/12/8 Gage B

Re: [Full-disclosure] PenTest mag

http://pentestmag.com/wp-login.php?action=register&user_login=john@somewhere.com%3C/sCrIpT%3E%3CsCrIpT%3Ealert(87118)%3C/sCrIpT%3E 2011/12/8 Gage Bystrom > Not really. It it isn't exploitable in any sense of the word its not a > vulnerability. It's akin to opening up firebug, writing the gen

Re: [Full-disclosure] PenTest mag

Not really. It it isn't exploitable in any sense of the word its not a vulnerability. It's akin to opening up firebug, writing the generic xss PoC and calling the site vulnerable :P I'd love to bash on these guys as much as you want to, but let it be a real vulnerability. If it is one, then kudos.

Re: [Full-disclosure] PenTest mag

haha well, good stuff...another flawed seller/spreader of shit is uncovered, good work tomy .. That bug is not one wich is , say, 0day, it is one wich auto updates would have handled... i guess the guy dont know how to configure auto uopdating, or , maybe likes his plugins for WP tomuch... wp has

Re: [Full-disclosure] PenTest mag

it does not matter, it's about the fact that someone who publishes such a newspaper should know his stuff.. Tomy Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. 00:04: > Nice, but is it stored? Or at least reflective? > > On Dec 7, 2011 2:59 PM, "Tomy" wrote: > > still v

Re: [Full-disclosure] PenTest mag

Nice, but is it stored? Or at least reflective? On Dec 7, 2011 2:59 PM, "Tomy" wrote: > > still vulnerable: > > sample: > http://pentestmag.com:80/wp-login.php?action=register > (XSS) > > e-mail: > john@somewhere.comalert(87118) > > > LOL >

Re: [Full-disclosure] PenTest mag

still vulnerable: sample: http://pentestmag.com:80/wp-login.php?action=register (XSS) e-mail: john@somewhere.comalert(87118) LOL Wiadomość napisana przez xD 0x41 w dniu 7 gru 2011, o godz. 23:30: > Tomy supp...@vs-db.info ___ Full-Disclo

Re: [Full-disclosure] PenTest mag

ahh . lol, i think i misunderstood the post, because i was actually thinking you meant that the *next* post up, was stating there was 23pages, and, this is indeed misleading.. lol, i totally agreed with you, it is how the posts are structured i think i mustve seen your 'misleading' as meaning, the

[Full-disclosure] ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-344 December 7, 2011 - -- CVE ID: CVE-2011-4253 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendo

[Full-disclosure] ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-345 December 7, 2011 - -- CVE ID: - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:P/A:C - -- Affected Vend

[Full-disclosure] ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-343 December 7, 2011 - -- CVE ID: CVE2011-4260 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --

[Full-disclosure] ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-342 December 7, 2011 - -- CVE ID: CVE-2011-2653 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - -- Affected Vendors:

[Full-disclosure] ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-341 December 7, 2011 - -- CVE ID: CVE-2011-3319 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors

[Full-disclosure] ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-340 December 7, 2011 - -- CVE ID: CVE-2011-3248 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Ve

Re: [Full-disclosure] one of my servers has been compromized

You use everything but the compromised box, right. And that's because of the proliferation of kernel rootkits in the first place. Userland rootkits can be defeated quickly, easily, and sometimes by accident. A kernel rootkit can only realistically be beaten by other machines monitoring the network,

Re: [Full-disclosure] PenTest mag

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/12/2011 20:46, xD 0x41 wrote: > umm, its not misleading atall.. this is the first look and, i > understood well, if you bother to visit the address... theyre > 'teasers' so, you dont get a FULL magazine or, kit, you opnly get the > first like cha

[Full-disclosure] XSS, SQLi and IL vulnerabilities in Zeema CMS

Hello list! I want to warn you about Cross-Site Scripting, SQL Injection and Information Leakage vulnerabilities in Zeema CMS. It's Ukrainian commercial CMS. - Affected products: - Vulnerable are all versions of Zeema CMS. -- Details:

Re: [Full-disclosure] one of my servers has been compromized

>From a computer science standpoint there's a difference, of course, but not from an investigation standpoint. Say the kernel has a rootkit and is creating files. How do you find those files? If it's opening network connections, how do you find out what those connections are and what process

Re: [Full-disclosure] PenTest mag

...wellI guess it is 23 pages :/ but that's more annoying then if they gave out just 3 full pages On Dec 7, 2011 12:58 PM, "xD 0x41" wrote: > its like a snippet from each page.. > > > On 8 December 2011 07:56, Gage Bystrom wrote: > > Lol I get that, but was the teaser 23 pages? > > > > On De

Re: [Full-disclosure] PenTest mag

its like a snippet from each page.. On 8 December 2011 07:56, Gage Bystrom wrote: > Lol I get that, but was the teaser 23 pages? > > On Dec 7, 2011 12:53 PM, "GloW - XD" wrote: >> >> Well, it does force a registration, even for the teasers, thats rude, >> but yes, it does have a teaser for each

Re: [Full-disclosure] PenTest mag

Lol I get that, but was the teaser 23 pages? On Dec 7, 2011 12:53 PM, "GloW - XD" wrote: > Well, it does force a registration, even for the teasers, thats rude, > but yes, it does have a teaser for each issue.. still, is FD the place > for these things, i dont know.. > > > On 8 December 2011 07:5

Re: [Full-disclosure] PenTest mag

Well, it does force a registration, even for the teasers, thats rude, but yes, it does have a teaser for each issue.. still, is FD the place for these things, i dont know.. On 8 December 2011 07:51, Gage Bystrom wrote: > I didn't actually bother to get the teaser but I have to ask, was the free

[Full-disclosure] [SECURITY] [DSA 2361-1] chasen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2361-1 secur...@debian.org http://www.debian.org/security/Florian Weimer December 07, 2011

Re: [Full-disclosure] PenTest mag

I didn't actually bother to get the teaser but I have to ask, was the free content in the teaser 23 pages? If it is, then they weren't misleading in the email. Otherwise, they are being rude. On Dec 7, 2011 12:46 PM, "xD 0x41" wrote: > umm, its not misleading atall.. this is the first look and,

Re: [Full-disclosure] PenTest mag

And quite annoying. Why do you even need an email address in the first place? You're already pulling people in from a mailing list. And its rude to require anything at all to access the content you're presenting to FD. After all that's one of the primary reasons so many people hate jsacco. On Dec 7

Re: [Full-disclosure] PenTest mag

umm, its not misleading atall.. this is the first look and, i understood well, if you bother to visit the address... theyre 'teasers' so, you dont get a FULL magazine or, kit, you opnly get the first like chapter/pages, thats similar to many other *products* , not freebies... On 8 December 2011 0

Re: [Full-disclosure] PenTest mag

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/12/2011 10:02, Olga Głowala wrote: > New issue of PenTest StarterKit is out! > > 23 pages of free content, feat. Gabriel Marcos - When computer Attacks > > The link to download is below: > http://pentestmag.com/pentest-starterkit-211-2/

Re: [Full-disclosure] Google open redirect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm very courious to know why Google is not taking caring about Open Redirection issues. I know what Chris think about it: http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html Anyway, IMHO I guess it's better and stealthie

[Full-disclosure] Google open redirect

Problem: Google suffers from an open redirect that can be used to trick users into visiting sites not originating from google.com Example: http://www.google.com/local/add/changeLocale?currentLocation=http://www.bing.com http://www.google.com/local/add/changeLocale?currentLocation=http://www.tub

Re: [Full-disclosure] one of my servers has been compromized

Oh it certainly is a distinction, and that very distinction is important enough to have caused the creation of kernel rootkits in the first place: the kernel is absolute. There is nothing any software can do without the kernel. For instance say you got a guy with a userland rootkit. He wants to hi

[Full-disclosure] [ MDVSA-2011:181 ] proftpd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:181 http://www.mandriva.com/security/ _

Re: [Full-disclosure] one of my servers has been compromized

But whether you have a kernel rootkit or not isn't all that important. In either case the system is going to be doing unwanted things, and you detect those unwanted things with the usual system utilities. If a kernel rootkit didn't affect userland, what would be its purpose? Even to transmit

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

Alright, let´s stop assuming things then. Anyhow, congrats for the great work. Nice chat, btw. Att, Pablo Ximenes 2011/12/7 Dan Rosenberg > On Wed, Dec 7, 2011 at 10:02 AM, Pablo Ximenes wrote: > > Hi, > > > > 2011/12/7 Dan Rosenberg > >> > >> On Wed, Dec 7, 2011 at 9:09 AM, Pablo Ximenes

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

On Wed, Dec 7, 2011 at 10:02 AM, Pablo Ximenes wrote: > Hi, > > 2011/12/7 Dan Rosenberg >> >> On Wed, Dec 7, 2011 at 9:09 AM, Pablo Ximenes wrote: >> >> >> >> That's a good question.  As you've mentioned, the URL falls within the >> HTTP request, the entirety of which is protected by SSL.  So I

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

Hi, 2011/12/7 Dan Rosenberg > On Wed, Dec 7, 2011 at 9:09 AM, Pablo Ximenes wrote: > > > That's a good question. As you've mentioned, the URL falls within the > HTTP request, the entirety of which is protected by SSL. So I would > argue that the URL is content that should remain secret in an

Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos

Yes this was closed pretty fast. FB is already facing numerous Privacy breach issues.. in US/Canada http://ftc.gov/opa/2011/11/privacysettlement.shtm On Tue, Dec 6, 2011 at 11:55 AM, Lamar Spells wrote: > Is it possible that FB fixed that quickly? It worked for me at about > 10:00 AM Eastern th

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

On Wed, Dec 7, 2011 at 9:09 AM, Pablo Ximenes wrote: > Hi, > > 2011/12/7 Dan Rosenberg >> >> And I was really hoping I wouldn't get dragged into another discussion >> on this... > > > Well, if it serves of any consolation, discussions are good for making > things more clear, I´d assume. Sorry, th

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

Hi, 2011/12/7 Dan Rosenberg > And I was really hoping I wouldn't get dragged into another discussion > on this... > Well, if it serves of any consolation, discussions are good for making things more clear, I´d assume. Sorry, though. > On Wed, Dec 7, 2011 at 7:55 AM, Pablo Ximenes wrote: >

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

And I was really hoping I wouldn't get dragged into another discussion on this... On Wed, Dec 7, 2011 at 7:55 AM, Pablo Ximenes wrote: > Hi All, > > Based on what I read from the post, basically Rosenberg recognises he has no > clue about what happens with the rest of affected phone models: > > "

Re: [Full-disclosure] OMIGOD CIQ HACKING THE WORLD.

Hi All, Based on what I read from the post, basically Rosenberg recognises he has no clue about what happens with the rest of affected phone models: * "One important thing to note is that this represents the metrics that are submitted to the CarrierIQ application by the code written by Samsung. T

Re: [Full-disclosure] Carrier IQ for your phone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/12/2011 19:15, security+li...@internecto.net wrote: >> Java updates bundle McAfee crap >> Adobe updates bundle toolbars >> Heck, even FoxIT Reader bundles Ask toolbar. > > As an aside - Reading the name 'FoxIT reader' and can't help but wonder >

Re: [Full-disclosure] distributing passwords to users

Ok, You have been harsh enough on the poor solution the user is going to choose. Are you willing to give him some advise or directions where he should go to? A textbook sentence I always learned was: You can burn a person with many words, it is better to help him with few in the right direction!

Re: [Full-disclosure] Carrier IQ for your phone

> Java updates bundle McAfee crap > Adobe updates bundle toolbars > Heck, even FoxIT Reader bundles Ask toolbar. As an aside - Reading the name 'FoxIT reader' and can't help but wonder - does it have anything to do with security company Fox-IT https://www.fox-it.com/en/home ?

Re: [Full-disclosure] FB privacy breach - view PRIVATE Facebook photos

Is it possible that FB fixed that quickly? It worked for me at about 10:00 AM Eastern this morning. Sent from my iPhone 4 On Dec 6, 2011, at 10:36 AM, darway yohansen wrote: > I just tested this and i don't get the same options as in step 5 " Help us > take action by selecting additional ph

Re: [Full-disclosure] distributing passwords to users

I would, except I have no clue what it is he intends to do. Even then there's no reason to, its already been done for me. As I explained to the former Isp employee guy, the isp was doing the right thing to accomplish similar goals(I presume, like I said I have no clue why the OP wants to do what h

Re: [Full-disclosure] distributing passwords to users

O.o and you act like what he wants is a good thing? Getting /any/ service account with that file would be better than pillaging an entire server of ssh keys. With ssh keys you know you only got access to a few more servers on the network, maybe not even root or admin unless you got lucky and score