://www.vtigercrm.com
Advisory
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Onga
/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Para
PHP filesystem attack vectors
Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendorhttp://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco "ascii" Ongaro (ascii AT
://www.zabbix.com/
Advisory http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3
ty
itself has been found by a 20 line perl script which includes debugging
and xml output.
Additionally please remember that we are in Italy.
I'm sure you understand.
Kind regards,
Francesco `ascii` Ongaro
http://www.ush.it/
___
Full-Disclosure -
irmation.asp?kw=&url=javascript:alert(document.domain);
bye!
Francesco `ascii` Ongaro
http://www.ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan&quo
we tested FormMail and want to warn people who deployed FormMail and
will deploy FormMail we posted an advisory for FormMail. Hope this open
your mind.
Bye,
ascii
ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disc
Advisory http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT i
ystems were able to
disrupt the DNS server operation for more than one day and the effi-
ciency of such attack was very high."
14.000 bots to take down one DNS server? UMH.
Cordially,
Francesco `ascii` Ongaro
http://www.ush.it/
Original url: http://www.zone-h.org/news/id
attack vector"). A deja vu of a Cervantes novel.
I understand your point and disagree, do you understand mine while still
disagreeing?
Cordially,
Francesco `ascii` Ongaro
http://www.ush.it/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
to resort to
things like debug.exe.
See the makescr.pl script shipped with SQL Ninja.
Bye,
Francesco `ascii` Ongaro
http://www.ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
5: Known. 100% already shown in our paper.
Tip 6: "This is obvious and was known for a long time."
[etc..]
Summarizing our feeling is that ONSEC published a paper that mostly
rehash the contents of a paper* that is a rehash of research published
by others, incorrectly citing (or better
bility/
worst URL ever seen :)
-%E2%80%93-
argh.
ascii
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/
Advisory http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
Authors Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
Francesco "ascii" Onga
OUND
No fix available.
VI. VENDOR RESPONSE
"We were able to reproduce the issues you reported on 5.2,
and are working on releasing a security update shortly.
We expect to release this update within the next 3 to 4 weeks,
after running some more tests."
VII. CVE INFORMATION
CVE-2010-3909
http://sourceforge.net/mailarchive/forum.php?thread_id=9091328&forum_id=46247
http://sourceforge.net/mailarchive/forum.php?thread_id=9089995&forum_id=46247
ascii - http://www.ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.
ith an hidden vnc server and
something like pyvnc2swf (very effective and optimized)
on a uber-compromised system (and with fine human surveillance)
the only way are fast-expiring out-of-band methods as rodrigob said
ascii - http://www.ush.it
__
ng passed to the db
and cast integers (int)intval($_GET['id'])
seems KAPDA Researchers researched this 'vuln' too fast : )
ascii - http://www.ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20060119
NOTE: This work only with REGISTER_GLOBALS ON on many versions of PHP5
(tested on 5.0.5, 5.1.1, 5.1.2).
This vulnerability defeat PmWiki global sanitizing code and allow
remote arbi
PHP5 Globals Vulnerability
Name PHP5 Globals Vulnerability
Systems Affected PHP5 (verified on 5.1.1 and 5.1.2)
Severity Critical
Vendorwww.php.net
Advisory http://www.ush.it/2006/01/25/php5-globals-vulnerability/
AuthorFrancesco "
-dyn.de/
Advisory http://www.ush.it/team/ush/hack-collabtive048/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3
://www.ush.it/team/ush/hack-moodle193/moodle193.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT
http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20060316
I. BACKGROUND
Milkeyway is a software for the management and administration of
internet access within public structures and framewo
D~~
CONTACT
8D~~
ascii [EMAIL PROTECTED]
1-888-565-9428
CISSP CCE GIPS GHTQ GWAS CAP SSCP
___
Full-Disclosure - We believe in it.
Charter: http
ike informative mails and yours efforts, just
post on the right mailing list : )
regards, ascii, http://www.ush.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
e ces 2 ligne (à la ligne 12 de dir.php)
> $chemin=ereg_replace ("..\/", "", $chemin); $chemin=ereg_replace
> ("..\%2F", "", $chemin); normalement ca devrait bloquer les petits
> malins :)
http://www.phpscripts-fr.net/commentaires/commentaires_scripts.p
://www.mantisbt.org/
Advisory http://www.ush.it/team/ush/hack-mantis111/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Date 20080520
I. BACKGROUND
From the Mantis web sit
pdf isn't
enough to metabolize all that stuff
regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
ps: flash 8 is fixed : )
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
w.now[REMOVEME]names.org/images/funny.php
so nothing new, just a botnet gang
read the attachment for extended notes
regards,
Francesco 'ascii' Ongaro
http://www.ush.it
findings.txt.bz2
Description: application/bzip
___
Full-Disclosure - We beli
pdp (architect) wrote:
> hei man, this is not a news :)
hehe, the maintainer should update the changelog with
this feature then :-)
i suggest this fix for the directory traversal bug
path = str_replace('../', '', path);
regards,
Francesco 'asc
bypass for the filter is in the signature of the same mail
> path = str_replace('../', '', path);
>
> regards,
> Francesco 'ascii' Ongaro
> http://www.ush.it/
>
> ..././..././..././..././
> how can't you love funsec?
cause ..././..././..././.
Justin Frydman - Thinkweb Media wrote:
> Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then?
i have the same feeling
tested on multiple wp instances and can't reproduce on >= 2.0.1 <= 2.0.7
regards, Francesco 'ascii&#
age of extract() by a developer
could be his fault there is no secure usage of
import_request_variables() and this is surely a PHP fault.
Regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
___
Full-Disclosure - We believe in it.
Charter: http
http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
Authors Francesco `ascii` Ongaro ([EMAIL PROTECTED])
Stefano `wisec` di Paola ([EMAIL PROTECTED])
Date 20070307
I. BACKGROUND
Php Nuke is a CMS written in PHP. This advisory is just an example on
how to exploit
t...)
the just fixed _POST and so on? nice : )
i really appreciate your work with php, keep up with the disclosure!
Regards,
Francesco 'ascii' Ongaro
http://www.ush.it/
ps: add some smiles in your mails or people will get confused about the
tone of your speaking : )
___
more than an XSS, this is just an example advisory on an example product
See you,
Francesco `ascii` Ongaro
http://www.ush.it/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spon
/
Additional (it) http://www.ush.it/team/ascii/hack-PHP-iCalendar/adv.txt
AuthorFrancesco 'aScii' Ongaro (ascii at katamail . com)
Date 20051023
I. BACKGROUND
PHP iCalendar is a php calendar, more information is available at the
vendor site.
II. DESCRIPTION
PHP
/
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20051125
FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable
to multiple XSS. The impact is a little bigger since datas will be
stored in a flat file and the result of a single
-statistik/
AuthorFrancesco aScii Ongaro (ascii at katamail . com)
Date 20051119
PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other
-multiple-vulnerabilities/
Advisory
http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt
AuthorFrancesco "aScii" Ongaro (ascii at katamail . com)
Date 20051128
WebCalendar is vulnerable to four SQL Injection (files activity_log.php,
admin_h
uot;Classes\skype\shell\open\command", "", "%SystemDrive%\Program
Files\Skype\Phone\Skype.exe" "/uri:%1"
0x1,"Classes\Skype.Content\Shell\Open\Command", "",
"%SystemDrive%\Programs\Skype\Phone\Skype.exe" "/file:%1"
0x2,"
r so it's a
security issue
http://www.ekloges.ypes.gr/pages/index.html?javascript:alert(%22helo%22);
have you notified the webmaster?
bye,
Francesco `ascii` Ongaro
http://www.ush.it/
___
Full-Disclosure - We believe in it.
Charter: http://lists.gro
Original Photo Gallery Remote Command Execution
Name Original Photo Gallery Remote Command Execution
Systems Affected Original 0.11.2 version and below
Severity High
Vendorhttp://jimmac.musichall.cz/original.php
Advisory
http://www.ush.it/team/ascii/hack
;--
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
this is basically a proxy, it can make get/post requests to http
only hosts, saturate the server bandwidth *PLUS* naturally fetch any
local file : )
http://sectroyer.
rday, April 14, 2007
http://exploit.blogosfere.it/2007/04/firefox-chrome-crash.html
regards,
Francesco `ascii` Ongaro
http://www.ush.it/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Brian Eaton wrote:
> To summarize what I've heard from various sources: I am missing
> something important. =) Both PHP and ASP.NET will decode these
> characters into their ASCII equivalents.
(AFAIK)
Only ASP.NET/IIS decodes that automatically.
PHP *can* do that as like JS
Brian Eaton wrote:
> (Cracking up that somebody going by the handle ascii is commenting on
> character encoding issues. =)
hehe funsec apart, Brian, i can confirm you that the 3APA3A poc works as
expected. i really don't know what benefits can stem from defending asp
(or any other l
vent is handled,
> allowing the focus to be moved between the two. This enables the
> attacker to read arbitrary files on victim's system.
many thanks for sharing this : )
it's a pretty serious vulnerability as said by Zalewski
regards,
Francesco `
Dave Hull wrote:
> Yep. This is nothing new (and nothing noble), there are at least a
> handful of web sites that will buy zero days.
>
> Maybe we should start zeBay.
Because you are noble? Or to start something new?
Bye, Michele Sandrelli
___
Full-Dis
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This is the ASCII Master in full effect.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
1 - 100 of 115 matches
Mail list logo
