On Fri, Aug 04, 2006 at 12:35:48AM +0100, pdp (architect) wrote:
For that purpose three prerequisites are needed:
1. page that is controlled by the attacker, lets call it evil.com
2. border router vulnerable to XSS
do you need javascript in all cases? unless you badly need http POST,
pdp (architect) wrote:
2. border router vulnerable to XSS
Main lessons to be learned:
* The border still exists, but is only important for QoS purposes.
* Do not manage routers via http
Schanulleke.
___
Full-Disclosure - We believe in it.
Charter:
Hi, i discover a possible file name extension spoofing in yahoo messenger 8.0.0.863 (lastest),obviously this requires that the option "Hide extension for known file types" is enabled in Windows, you need to send a file with this name for example: Annakournikova and her
this is a url that carries an XSS attack http://192.168.0.1/criptbla/script
On 8/4/06, Peter Dawson [EMAIL PROTECTED] wrote:
interesting..but forgive my ignorance
can you further articulate ...a URL that will exploit the XSS flow in the
border router in a broader context ??
On 8/3/06, pdp
Yo.
Schanulleke wrote:
pdp (architect) wrote:
2. border router vulnerable to XSS
Main lessons to be learned:
* The border still exists, but is only important for QoS purposes.
* Do not manage routers via http
I just know someone is contemplating a javascript snmp client as I write
this
No dude, XSS random sites is just lame. There is no
competition, this kinda shit belongs on http://www.elitehackers.info. Not a
SecList.
Especially http://disabilitydatabase.mla.gov.uk,
have you no shame?
Ed
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
codeslagSent:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1143-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 4th, 2006
In most cases JavaScript is required. Flash 7 has the flexibility to
perform cross domain requests, however this is fixed in Flash 8. Java
Object are quite the same in that respect. Of course, in certain
situations it might be possible to trick the browser.
The proposed scenario takes advantage
Did not attend BlackHet either however I doubt this is the attack vector.
2. border router vulnerable to XSS
Just as fingerprinting normal web servers, the web server used for
router HTTP management can be fingerprinted, hence the router vendor
itself. Use well known default
Dear pdp (architect),
pa xecuted of the border router domain
I'd like to see a border router serving images on port 80 ???
Doesn't make sense, really ;) No pun intented.
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
Severity:High - Full system compromise possible
Date:04 August 2006
Discovered by: Matthew Hall ([EMAIL PROTECTED]) (Credits for original
discovery to Greg Sinclair)
Discovered on: 03 Aug 2006
Summary:
Lack of input sanitisation in the Linux based
you are right but not completely... :)
HTTP PORT is not possible on domain different from the current domain,
unless browser hacks is employed.
regards
On 8/4/06, Zed Qyves [EMAIL PROTECTED] wrote:
Did not attend BlackHet either however I doubt this is the attack vector.
2. border router
;) absolutely no worries mate, maybe I wasn't clear enough... I was
referring to home routers. In general I am talking about devices that
have http or https communication channels. This is because of
JavaScript's limitations. Although, by using Java you can do all sorts
of other stuff.
regards
pdp (architect) wrote:
HTTP PORT is not possible on domain different from the current domain,
unless browser hacks is employed.
I'm guessing you mean HTTP POST :)
You can definitely POST any FORM to a third party domain without hacks
just by calling the submit() method of your FORM which
Dear pdp (architect),
pa BTW, there are quite a lot cisco devices that have http open on local
pa LAN vulnerable to IOS HTTP Authorization Vulnerability.
That's my point, I have done an ehaustive amount of pentest, I have
never come accross a router with accessible HTTP port. Maybe that's
this is a very good point. :) cheers for that
then the problem is not actually sending a HTTP POST request but
getting the result from it or even modifying the headers. None of the
modern browsers allows you to read the iframe source. Well, actually
it is more likely to get thins working on
I agree with you. Sometimes routers do not have http enabled although
I believe that most administrators enable this service to perform
easy/remote administration tasks. However, it is quite common to find
http enabled devices. :) printers, wireless printers, cameras... you
name it. Attacking
Hi,
I recently noticed some spam comments to my blog. Upon looking at the
link they were linking back to it is an aggregation of various people
RSS from their blogs.
Upon examining the domains and their whois info they all appear to be
registered with ProtectFly. Their whois information does not
Hi All,
Gmail stores mails in Temp folder for faster access.but i have observer it fails toremove mail from the temp files after the session is ended.
any user who has access physical access to the system can read mail and contact information of the Gmail user.
Discloses information which is
Dear Dan B,
Yes and no, this is going on for years now. You can try to report them
to ICANN I found a special website where you can submit domain names
with false information. As far as I know (!) this is being tolerated.
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36
Dear List ,
http://googleresearch.blogspot.com/2006/08/all-our-n-gram-are-belong-to-you.html
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000
___
Full-Disclosure - We believe in it.
Charter:
TZ Yes and no, this is going on for years now. You can try to report them
TZ to ICANN I found a special website where you can submit domain names
Sorry not ICANN, I meant to say Internic :
http://wdprs.internic.net/
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951
I'm having some trouble believing this hasn't been reported before. If you
have a linksys router handy, please check to see whether it is vulnerable to
this attack. It's possible that all of the linksys router web UIs have the
same bug. Hopefully the problem is isolated to one particular
I'm reading your message in gmail and there is nothing in my temp
folder... not that i'd expect there to be. Gmail can't just create
files on your computer without your permission, it it can your
settings are wrong or your browser is broken. In other words if your
gmail mails are ending up in
He means a temp folder on the gmail server.I verified an attachment being available even after being signed out.On 04/08/06, Stan Bubrouski
[EMAIL PROTECTED] wrote:I'm reading your message in gmail and there is nothing in my temp
folder... not that i'd expect there to be.Gmail can't just
if thats on the gmail server, then the same gmail servers /clusters hold all other information collateral .. that is CC#, Phones, names. pwds etc ...andwhen GHhealth comes out your blood type and if you want your SIN# too..!!
So whats the big deal with the temp folder atthe server end being
Title: CA eTrust Antivirus WebScan vulnerabilities
CA Vulnerability ID (CAID): 34509
CA Advisory Date: 2006-08-03
Discovered By:
Matt Murphy of the TippingPoint Security Research Team
Impact: Remote attacker can execute arbitrary code.
Summary: Ca eTrust Antivirus WebScan is a free,
Hi!
This
is another XSS vulnerability at Symantec.com and there are like 40 more (!)
Just
curious, can guys at Symantec read log files?
Example in my blog at
http://www.securitylab.ru/blog/tecklord/165.php
Have
a nice day
Valery
___
As I see it, the real issue is just how secure do you think email really is? If someone really wants to read that FW you sent to your mom, there are plenty ways for them to do this, especially if they have physical access to the computer you used. Computer Forensics can be quite interesting and
ok, but want do you want to do with a stolen session on symantec ? get
free AV ?
fred
Valery Marchuk wrote:
Hi!
This is another XSS vulnerability at Symantec.com and there are like 40
more (!)
Just curious, can guys at Symantec read log files?
Example in my blog at
ok, but want do you want to do with a stolen session on symantec ? get
free AV ?
Are you really known that it can be used only for stolen session?
XSS may use for fishing, farming, XSS proxy and other..
Can we trust security company, which can not protect your corporate Web site?
On 8/4/06, Peter Dawson [EMAIL PROTECTED] wrote:
if thats on the gmail server, then the same gmail servers /clusters hold all other information collateral .. that is CC#, Phones, names. pwds etc ...andwhen GHhealth comes out your blood type and if you want your SIN# too..!!
So whats the big
On Fri, 4 Aug 2006 11:45:01 -0500 John Dietz wrote:
if it were. If the information you are sending/receiving is of a
particularly sensitive nature, I would suggest you find some other medium,
such as SSL with encryption.
If the information is of sensitive nature, it is compulsory to use
2006/8/5, Denis Jedig
[EMAIL PROTECTED]:
On Fri, 4 Aug 2006 11:45:01 -0500 John Dietz wrote: if it were.If the information you are sending/receiving is of a particularly sensitive nature, I would suggest you find some other medium, such as SSL with encryption.
Even
connections with SSL can be
Yes, I realize SSL is not that secure either, but I was just using it as an example in comparison to plain ole pure-text email. The point I was making is not to assume your emails are in any way private/secure. You must use something else if you want any kind of secure communications medium. There
Yes having a private registration is legal at least in the US. Godaddy
also does it. They charge extra for it.
People do this so spam bots will not harvest their email on their domain
registration. I personally don't think it is a good idea unless someone
wants to do something wrong with
FWIW-- All replies [less one], on this thread was seeded thru a gmail account :)-
go figure.. thread titled Gmail emails issue !!!
On 8/4/06, John Dietz [EMAIL PROTECTED] wrote:
Yes, I realize SSL is not that secure either, but I was just using it as an example in comparison to plain ole
is not registration by proxy an accepatable practice by Registers ?
If harvesting is being done and malious activites [spam and whatever] then just contact the register admin and let them know..
On 8/4/06, Nancy Kramer [EMAIL PROTECTED] wrote:
Yes having a private registration is legal at least
Nice find. But probably not a big deal since these are just home-use
routers, right?
Well, maybe not.
1. Sandia nuclear plant scada network recommended gear doc (October, 2005):
http://www.sandia.gov/scada/documents/NSTB_NSIT_V1_2.pdf
You'll see when you read the doc that the crux of the
On 8/4/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
I'm reading your message in gmail and there is nothing in my tempfolder... not that i'd expect there to be.Gmail can't just create
files on your computer without your permission, it it can yoursettings are wrong or your browser is broken.In other
==You're wrong there, lets look at Yahoo Messenger
Dude, screw yahoo..who cares !! Everyone here, is posting using gmail , includingyourself !!
On 8/4/06, n3td3v [EMAIL PROTECTED] wrote:
On 8/4/06, Stan Bubrouski
[EMAIL PROTECTED] wrote:
I'm reading your message in gmail and there is nothing
Microsoft informs about ten existing Windows flaws and two Office flaws at
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Some of the upcoming security bulletins have Critical severity.
Maybe it's time to release a fix to remarkable old Msjet40.dll issue reported
by HexView as
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200608-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
I've found only mandriva has suitable setuid binary
details - http://karol.wiesek.pl/files/lesstif-advisory.pdf
K.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Dear list,
let me present you the public release of a fuzzer presented at 22c3:
Autodafé is a fuzzing framework able to uncover buffer overflows by
using the fuzzing by weighting attacks with markers technique.
http://autodafe.sourceforge.net
You will find a paper explaining the technique
Hi Martin,
Martin Vuagnoux wrote:
Dear list,
let me present you the public release of a fuzzer presented at 22c3:
Autodafé is a fuzzing framework able to uncover buffer overflows by
using the fuzzing by weighting attacks with markers technique.
http://autodafe.sourceforge.net
You will
n3ntl3 wrote :
The same happens on Yahoo Messenger file share. If the client cannot connectpeer to peer then the file being sent will be stored on the server as a temp
file. The Yahoo system cannot verify that the file has been successfullydownloaded by the intended party, so the file is left on
47 matches
Mail list logo