Advisory location:
http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
I. Introduction
Today the majority of wired Internet connections is used with an
embedded NAT router, which allows using the same Internet connection
with
I don't see a captcha bypass, all I see is a wget command with Cookie
and Session ID and such.
while true; do echo Yes, I am blind!; done
Am 2013-08-26 18:04, schrieb kevin philips:
Hi Adam,
As discussed, this issue just a captcha bypass problem. Except this case, I
don't know google
Hi Adam,
As discussed, this issue just a captcha bypass problem. Except this case, I
don't know google still uses this captcha somewhere or not :). Anyway,
thank you Adam! Your reply is a very clear way to explain it.
See more:
https://www.owasp.org/index.php/Testing_for_Captcha_(OWASP-AT-008)
folks,
I found CAPTCHA re-riding attack issue in
https://google.comhttps://webmail.vng.com.vn/owa/redir.aspx?C=MBNlh708PUqi0Yw_S1rA3DV_zLusddAIGU0MzN53skrHcqWc0vyF9vEfJjFxlgVRJcDYBVS8nws.URL=https%3a%2f%2fgoogle.com
.
PoC:
Loop request with correct captcha (in this case the value of captcha is
What exactly is a re-riding attack? Is that just another name for replay?
And does this only work in the sorry/continue context for google.com? If
so, I don't think it's really that big of a deal either. Repeated requests,
typically, are the cause of the sorry/continue page, so I can't see how
A new issue of PenTest Regular has just been released.
See what articles you will find inside:
- Phishing Attack with Social Engineering Toolkit (SET)
- Input Filter – Restrictions, Service Validation Evasion Bypass
Methods (Part#1)
- Security of Enterprise Wireless Networks
- Android as a
Hello list!
I want to warn you about security vulnerabilities in WordPress Attack
Scanner plugin for WordPress.
These are Information Leakage vulnerabilities. This is security plugin. In
my 63 advisories about different vulnerabilities in WordPress plugins
(http://websecurity.com.ua/3397/)
On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
Information Leakage (WASC-13):
http://site/wp-content/plugins/path/data.txt
http://site/wp-content/plugins/path/archive.txt
Folder path can be WP-Attack-Scanner or WP-Attack-Scanner-Free.
Unrestricted access to the data - they
haven't you ever watched the wizard of oz? attack trees...
- Original Message -
From: Peter Dawson
To: full-disclosure@lists.grok.org.uk
Sent: Monday, May 28, 2012 9:20 AM
Subject: Re: [Full-disclosure] Info about attack trees
== there are no such thing as an attack tree.
Eh
Yesterday, Stefan published a paper describing a vulnerability in WPS that
allows attackers to recover WPA/WPA2 keys in a matter of hours (
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
).
Code has been posted to implement the attack:
. What do you consider to be doing it
right?
Thanks,
- Jeff
-Original Message-
From: Gage Bystrom [mailto:themadichi...@gmail.com]
Sent: Saturday, December 24, 2011 5:21 PM
To: Forristal, Jeff; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Using hardware to attack
Is be surprised if anyone related to security actually thought WPS was
remotely safe, bout time some actually released a public tool to brute it
though :P
On Dec 29, 2011 2:02 AM, Craig Heffner cheff...@devttys0.com wrote:
Yesterday, Stefan published a paper describing a vulnerability in WPS
-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Using hardware to attack software
While it was slightly interested to read, and I do not doubt the intention
of the whitepaper, I believe it to be nearly useless. All it is, as they
say, is a 'call-to-arms' to add additional
On Tue, Dec 27, 2011 at 2:30 PM, Gage Bystrom themadichi...@gmail.com wrote:
... My main criticisms
involved presentation of your work that I believed could wind up coining
useless buzz words, proliferation of bad terminology, and enforcing
incorrect paradigms.
in infosec they call this
On Fri, Dec 23, 2011 at 2:27 PM, Forristal, Jeff
jeff.forris...@intel.com wrote:
Folks on this list may be interested in a recent whitepaper talking about
types of attacks that leverage PC hardware to attack local software.
i look forward to the next installment:
'Hardware involved wetware
On Tue, 27 Dec 2011 15:52:50 PST, coderman said:
Password recovery and information disclosure attacks involving
hardware resources are under-represented within the security industry.
With a growing number of attackers moving beyong pure cyber attack
scenarios into blended hardware on flesh
Folks on this list may be interested in a recent whitepaper talking about types
of attacks that leverage PC hardware to attack local software. Hardware
reflected injection, anyone?
Paper is available at
http://www.forristal.com/material/Forristal_Hardware_Involved_Software_Attacks.pdf
While it was slightly interested to read, and I do not doubt the
intention of the whitepaper, I believe it to be nearly useless. All it
is, as they say, is a 'call-to-arms' to add additional classification
of vulnerabilities. Almost all of those attacks described are really
driver attacks. The
Software : Orion SolarWinds 10.1.2 - SP1
XSS
-
On Mon, Aug 29, 2011 at 7:46 PM, coderman coder...@gmail.com wrote:
On Mon, Aug 29, 2011 at 4:35 PM, coderman coder...@gmail.com wrote:
...
tech details http://pastebin.com/ff7Yg663
doh, try http://pastebin.com/SwCZqskV
It looks like Mozilla will be revoking trust in the DigiNotar root,
On Tue, Aug 30, 2011 at 11:58 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Aug 29, 2011 at 7:46 PM, coderman coder...@gmail.com wrote:
On Mon, Aug 29, 2011 at 4:35 PM, coderman coder...@gmail.com wrote:
...
tech details http://pastebin.com/ff7Yg663
doh, try
You'll note that later versions of Chrome protect against this via
HTTP Strict Transport Security.
http://www.chromium.org/sts
http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
Google includes their cert fingerprints (see kGoogleAcceptableCerts) in:
On Mon, 29 Aug 2011 17:38:14 -0500, Ferenc Kovacs tyr...@gmail.com wrote:
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
Just saw this posted. Not sure of authenticity.
http://pastebin.com/ff7Yg663
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
On Mon, Aug 29, 2011 at 3:38 PM, Ferenc Kovacs tyr...@gmail.com wrote:
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225ahl=en
any thoughts?
sure:
- PRUNE YOUR ROOTS
- public key pinning == useful [0]
- perspectives == useful [1]
- google's cert catalog == useful [2]
-
On Mon, Aug 29, 2011 at 4:35 PM, coderman coder...@gmail.com wrote:
...
tech details http://pastebin.com/ff7Yg663
doh, try http://pastebin.com/SwCZqskV
___
Full-Disclosure - We believe in it.
Charter:
http://www.voltairenet.org/IMG/pdf/gates-wikileaks.pdf
Fax from John McCain to Senate Chairman Carl Levin.
The initial assessment in no way discounts the risk to national security;
however,
the review to date has not revealed
any sensitive intelligence sources and methods compromised by this
-disclosure-boun...@lists.grok.org.uk] On Behalf Of PsychoBilly
Sent: Tuesday, October 26, 2010 4:00 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] wikileaks still under attack, pressure revved
up
http://www.voltairenet.org/IMG/pdf/gates-wikileaks.pdf
Fax from John McCain
: Cal Leeming c...@foxwhisper.co.uk
Subject: Re: [Full-disclosure] wikileaks still under attack, pressure revved up
To: Harry Behrens ha...@behrens.com
Cc: full-disclosure@lists.grok.org.uk
Date: Saturday, October 23, 2010, 9:57 PM
So, it appears Wikileaks is now back online.. And they have put a new
So, it appears Wikileaks is now back online.. And they have put a new
'warlogs' database online.. They do appear to have filtered out various
things (there's ---'s in place of where words should be)... I don't know
if this is like a cut down version of what they have, but it's is
tediously
On Thu, Oct 21, 2010 at 3:43 PM, BMF badmotherfs...@gmail.com wrote:
...
So some are playing it up but [some] is playing
it down. Who ya gonna believe?
C. None of the above.
if they are mute or non-publishing it is by decision or apathy... you
can always distribute - just how much do you
1+ propaganda victim ( man! you're a hacker, don't you remember? )
[[ Cal Leeming [Simplicity Media Ltd] ]] @ [[ 21/10/2010 23:59
]]--
I apologise for this, I had heard this in, what I had believed to be, a
credible news report.
1+
Off topic but...
On 22 October 2010 07:06, Jonathan Medina jonmed...@gmail.com wrote:
the information it provides to insurgents endangers our sources and the
families of
sources that have provided us with valuable information.
These people are giving you information but would be well aware
://cryptome.org/0002/wikileaks-unlike.htm
Thanks
--- On Thu, 10/21/10, Harry Behrens ha...@behrens.com wrote:
From: Harry Behrens
ha...@behrens.com
Subject: [Full-disclosure] wikileaks still under attack, pressure revved up
To: full-disclosure@lists.grok.org.uk
Date: Thursday, October 21, 2010, 4:32 PM
Then prove it. I don't care if you're married to the queen of England: your
statement that WL has hurt the troops carries no ground without evidence.
http://www.salon.com/news/opinion/glenn_greenwald/2010/10/17/wikileaks/index.html
On Thu, Oct 21, 2010 at 3:06 PM, Jonathan Medina
Well I think 'Twatter' risks alienating the sex professional community
who you will need to buy in, something a little more upmarket perhaps.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
On Thu, 21 Oct 2010 13:06:15 PDT, Jonathan Medina said:
I am in the military, currently in Iraq, and these Wikileaks posts
have hurt us more than people realize. It does two things, first, it
demonstrates our tactics and procedures which allow insurgents to
conduct more effective attacks
The more knowledge of your enemy tactics you have the better no?
And though I would still prefer actual proof of the info, the Pentagon
top brass debunking is something they would do if it were true as well?
valdis.kletni...@vt.edu wrote:
As a result, even 100% perfect knowledge of our
Sorry to all of those who think this is gossiping, but:
Wikileaks has been down for ca. 2 weeks now during which time the US has
at least cut off their financial channels.
This during a period where WL has announced another major leak release
this time re. Iraq.
What is also extremely
This will be my first and last post on this topic (again).
I've just finished watching some videos about what wikileaks have been
doing.
It appears that they released a bunch of documents that revealed information
such as GPS co-ords + details of those who co-op'd with soldiers. He also
posted
Hi Cal,
I can appreciate his previous efforts, but what he has done here is put many
lifes at risk, both civilians and soldiers.
Agreed.
Just to play devils advocate:
Would Barrack Obama also be culpable? His campaign platform included a
withdrawl from Iraq (Afghanistan was a different story).
-disclosure-boun...@lists.grok.org.uk] On Behalf Of Cal Leeming
[Simplicity Media Ltd]
Sent: Thursday, October 21, 2010 9:51 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] wikileaks still under attack, pressure revved up
This will be my first and last post on this topic (again
Am 21.10.2010 18:54, schrieb T Biehn:
An entity that has the resources that would provoke such a hollywood
esque tweet wouldn't have the ability to gag the twitter account
before this release?
would it, would it want to, has it missed it..who knows?
Wouldn't that mean the tweet is a load
I believe that most of the times it is not what you defend but how you
defend it.
I believe in Government transparency but the way WL is going about it
it's not right, in my honest opinion.
So this is good news in my opinion...
-r
___
Full-Disclosure -
I have seen nothing released that reveals sensitive information such as GPS
co-ords + details of those who co-op'd with soldiers.
This is a rumor. If you have proof that this is not a rumor, please post it.
On Thu, Oct 21, 2010 at 11:51 AM, Cal Leeming [Simplicity Media Ltd]
According to the secretary of defense, it's definitely a rumor:
A letter from Secretary of Defense Robert M. Gates to
Comittee of Armed Services Chairman Carl Levin dated August 16 but
recently made available to the public says, The initial assessment in
no way discounts the risk to national
I apologise for this, I had heard this in, what I had believed to be, a
credible news report.
On Thu, Oct 21, 2010 at 8:58 PM, Camden Buzard camde...@aptalaska.netwrote:
According to the secretary of defense, it's definitely a rumor:
A letter from Secretary of Defense Robert M. Gates to
-disclosure] wikileaks still under attack, pressure revved
up
I believe that most of the times it is not what you defend but how you
defend it.
I believe in Government transparency but the way WL is going about it it's
not right, in my honest opinion.
So this is good news in my opinion...
-r
I am in the military, currently in Iraq, and these Wikileaks posts
have hurt us more than people realize. It does two things, first, it
demonstrates our tactics and procedures which allow insurgents to
conduct more effective attacks against us, and second, the information
it provides to insurgents
On Thu, Oct 21, 2010 at 11:32 AM, Charles Timko
charles.ti...@hotmail.com wrote:
Agreed. I am all for the transparency, but WL is possibly putting our troops
at risk by releasing military strategy. I wouldn't expect JA to think that
From:
Gmail JSON Hijacking Attack Technique
Author:
pz [http://hi.baidu.com/p__z]
hi_heige [http://hi.baidu.com/hi_heige]
Team: http//www.80vul.com
Release Date: 2010/10/14
Overview:
Google Defensives JSON Hijacking by javascript-loops ,like :
throw 1; , but it can bypass by IE8 Css
Yeah, it's an intentional JOKE to MustLive who's been posting web stuffs.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
How ironic...
On Fri, Sep 10, 2010 at 11:07 PM, valdis.kletni...@vt.edu wrote:
On Fri, 10 Sep 2010 22:52:46 +0200, Stefano Angaran said:
I think that was a joke
You're new here, aren't you? :)
___
Full-Disclosure - We believe in it.
Hello full disclosure!!
I like to warn you about vulnerability in many is systems.
In using this nmap I find vulnerability:
c:\nmap -sSV -P0 c:\win95\system\nmap.exe
The c:\win95\system\nmap.exe application cannot be run in Win32 mode.
This is confirmed in Linux:
# ./nmap -sSV
On Fri, 10 Sep 2010 16:32:16 EDT, musnt live said:
c:\nmap -sSV -P0 c:\win95\system\nmap.exe
# ./nmap -sSV -P0 /usr/speling/Собака/bin/nmap
That's not a vulnerability, that's a fucktard who's running security tools
without a clue how to properly invoke them.
Unless of course you want to
I think that was a joke
Il 10/09/2010 22:48, valdis.kletni...@vt.edu ha scritto:
On Fri, 10 Sep 2010 16:32:16 EDT, musnt live said:
c:\nmap -sSV -P0 c:\win95\system\nmap.exe
# ./nmap -sSV -P0 /usr/speling/Собака/bin/nmap
That's not a vulnerability, that's a fucktard who's running
On Fri, 10 Sep 2010 22:52:46 +0200, Stefano Angaran said:
I think that was a joke
You're new here, aren't you? :)
pgp4e6HJsqGE3.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter:
This isn't a vulnerability, also the stuff below, not really English.
Good luck next time though!
Andrew
On 9/10/2010 4:32 PM, musnt live wrote:
Hello full disclosure!!
I like to warn you about vulnerability in many is systems.
In using this nmap I find vulnerability:
I agree, it is not a very useful bug
On Fri, Sep 10, 2010 at 8:48 PM, valdis.kletni...@vt.edu wrote:
On Fri, 10 Sep 2010 16:32:16 EDT, musnt live said:
c:\nmap -sSV -P0 c:\win95\system\nmap.exe
# ./nmap -sSV -P0 /usr/speling/Собака/bin/nmap
That's not a vulnerability, that's a fucktard
I've been reading FD for some time but never posted, that seemed quite
an opportunity to jump in the conversation without saying nonsenses ^^
Il 10/09/2010 23:07, valdis.kletni...@vt.edu ha scritto:
On Fri, 10 Sep 2010 22:52:46 +0200, Stefano Angaran said:
I think that was a joke
You're
iKAT - Interactive Kiosk Attack Tool v3
http://ikat.ha.cked.net
It is with my great pleasure that i would like to introduce iKAT v3.
iKAT - The Interactive Kiosk Attack Tool is the world's premier
Internet Kiosk/Citrix/Thin-Client hacking tool.
Designed
*Introduction*
This test allows attackers to discover local installation paths in websites
using PHP in which the error messages hasn´t been completely blocked. The
idea is to use the http parameters to perform an explicit data type
conversion to generate a non-managed exception which shows the
Since I couldn't see any mention of a fix, here you go my tiny rant.
The example vulnerable code is faulty on multiple levels. One shouldn't rely
on automated typecasting, but explicitly mark which kind of typecasting.
The main priciple here is NOT typecasting, but making bad code look bad.
Here,
Flickr's API Signature Forgery Vulnerability
http://netifera.com/research/flickr_api_signature_forgery.pdf
September 29, 2009
--Affected Web Sites
A lot of web sites provide API service whose architecture is the same
as Flickr's API. They are potentially vulnerable.
We don't have a complete
-about-new-dos-attack-vectors/
)
Kind regards,
Jorrit
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There's been some buzz about a new bug within the TCP/IP-protocol.
According to the people who discovered it, it affects some if not
all
OSes. They explain it a little bit in an interview (URL below)
without
telling any details.
Fyodor released some
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There's been some buzz about a new bug within the TCP/IP-protocol.
According to the people who discovered it, it affects some if not
all
OSes. They explain it a little bit in an interview (URL below)
without
telling
CSRF can be used to cause denial-of-service attacks against mobile phones by
flooding the phone with SMS and service messages.
Mobile phone service providers in Israel, and throughout the world, provide
a web interface to send SMS messages. Fortunately, they limit the SMS
sending web interface to
In the Control Field of a TCP segment I noticed the following values:
URG 0
ACK 0
PSH 0
RST 0
SYN 1
FIN 1
I assume the checksum is OK, is this an attack packet? If not, why not? If
so, what is the attacker probably trying to achieve?
___
On 10/15/07, Kelly Robinson [EMAIL PROTECTED] wrote:
In the Control Field of a TCP segment I noticed the following values:
URG 0
ACK 0
PSH 0
RST 0
SYN 1
FIN 1
I assume the checksum is OK, is this an attack packet? If not, why not? If
so, what is the attacker probably trying to achieve?
Hi all
Due to some server problems , the website remain down
for one day.Now its up.You can look into the desired issue at:
http://zeroknock.blogspot.com/2007/03/rootlitcom-prone-to-redirection-and.html
http://zeroknock.metaeye.org/analysis/rootkit_red.xhtml
Regards
Zeroknock
Hello lists, hello Roger. It's me again.
Sorry for annoyance, but there is one more attack vector with pre-open
files I meant, but forgot to mention. It seems dangerous enough and need
to be investigated for different applications. It's theoretical attack
against application relying on
Hello, it is my new advisory:
Problem:Blind sql injection attack in INSERT syntax
Product:PHP-nuke =8.0
Web page:http://phpnuke.org/
Credit:Maciej `krasza` Kukla
@mail:[EMAIL PROTECTED]
homepage:www.krasza.int.pl
1.Description
(...)PHP-Nuke 8.0 Final version. This version includes a new
Amen!
On 2/6/07 9:56 PM, James Matthews [EMAIL PROTECTED] wrote:
Yes they hit the .org servers! Maybe this is a little wake up call for all the
people that don't put money into computer security!
On 2/6/07, Juha-Matti Laurio [EMAIL PROTECTED] wrote:
According to
According to
http://seattlepi.nwsource.com/business/1700AP_Internet_Attacks.html
Experts said the unusually powerful attacks lasted for hours but passed
largely unnoticed by most computer users, a testament to the resiliency of the
Internet.
Public CERT sources are pointing to this TEAM
Yes they hit the .org servers! Maybe this is a little wake up call for all
the people that don't put money into computer security!
On 2/6/07, Juha-Matti Laurio [EMAIL PROTECTED] wrote:
According to
http://seattlepi.nwsource.com/business/1700AP_Internet_Attacks.html
Experts said the unusually
On Sun, 14 Jan 2007, Neil Kettle wrote:
Solving the resultant formula, and hence *breaking* MD5 (computing
collisions, invariant IV's [which has already been done by similar
techniques], etc..) is equivalent to SAT, and thus NP-Complete
requiring exponential time by conjecture.
It is obvious
Andrew Farmer wrote:
On 12 Jan 07, at 08:05, Slythers Bro wrote:
hi,
sorry but i know nothing about the real physical quantic theory
i'am not a physician
i just know there are 3 states : 0 ,1 and unknow
...
This approach won't work for anything beyond the most trivial
cryptographic
hi,
sorry but i know nothing about the real physical quantic theory
i'am not a physician
i just know there are 3 states : 0 ,1 and unknow
How? In what way? look in the .rar
i used this lib for coding fuckmd5.cpp
You did? I can't see any sign of tri-state logic in the final source
code.
ok
On 12 Jan 07, at 08:05, Slythers Bro wrote:
hi,
sorry but i know nothing about the real physical quantic theory
i'am not a physician
i just know there are 3 states : 0 ,1 and unknow
...
This approach won't work for anything beyond the most trivial
cryptographic computations: attempting to
Slythers Bro [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
this is a mathematic tool where all bits of a double word have 3 states :
one , zero and
unknow
i implemented the addition , multiplication (with an integer), a new
concept fusion
(equivalent to = ) , and all basic
Flaw in Syn Attack Protection on non-updated Microsoft OSes, can lead to DoS
Summary
It is possible to mount a DoS attack against Windows 2000/2003 hosts where
the SYN attack protection has been enabled. The attacker can consume all CPU
resources of the victim host making it unresponsive.
While
82 matches
Mail list logo