<< Previous Next >>
Web Application
to be unacceptable, discontinue usage".
*** WORKAROUNDS ***
Common web application workarounds apply, like virtual patching from a web
application firewall or similar solutions. However most of the reported issues
can be mitigated by running the application only inside the virtual appliance
or in properly configured web servers.
Secure Network would like to thank Citrix for its support during the
Privilege escalation in bytehoard 2.1
Background
Bytehoard is a web application written in PHP that serves as a file
storage and sharing system.
It has two levels of security, a user level and an admin level. Login is
required but it can be configured to allow anyone to obtain a user level
account if desired.
Product description:
VMWare Infrastructure is a virtualized environment that
allows multiple virtual machines (VMs) to run on a single
physical server. Management can be performed via a
Struts-based web application, or via a thick client. Both
the web interface and the thick client effect all changes
through SOAP calls to an XML web service.
Credit: David Byrne & Tom Leavey of Trustwave's SpiderLabs
File Download Injection
=======================
Affects most web application platforms, including Java, .NET, PHP, Cold
Fusion.
This attack involves the use of header injection, particularly the
Content-Disposition header, to subvert HTTP responses from trusted
domains. Attackers can use this technique to inject a malicious file
download with an arbitrary filename (.html, .exe, .swf, .mov, .msi,
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-004
Description
------------------
Redmine is a flexible project management web application written using
Ruby on Rails framework.
Details
-------------------
Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1.
==============================================================
---[ Introduction
Web Crawler is a utility designed for testing and demonstration of the WebEngine open source library features. This program gathers information about the resources of a specified web server by analyzing references in the HTML markup, text, and JavaScript code. Additionally, a query is sent to the Web Of Trust knowledge base to obtain information about the analyzed site. This check demonstrates analysis of web application vulnerabilities.
The main features provided by the application are listed below:
- JavaScript analysis aimed at receiving references with simulation of a DOM structure
- Access to the contents of web servers via HTTP
Type of vulnerability: Cross-Site Scripting (XSS) - Reflected
Exploit Vectors: Local and Remote
Vulnerability Description: The Web application management interface of Server Monitor contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks. Arbitrary client side code such as JavaScript can be included into certain parameters throughout the Web application. The following parameters and Web pages have been tested and verified; however, it is likely more views and parameters within the application are vulnerable:
event-history.asp (siteid, type) parameter
admin-history.asp (siteid, type) parameters
dashboard-view.asp (siteid, id) parameters
device-events.asp (siteid, dn) parameters
Details are presented at http://www.informit.com/
<http://www.informit.com/articles/article.aspx?p=1016102>
In summary, the AXIS 207W is vulnerable to numerous attacks. Some of
these are related to wireless protocol vulnerabilities, but the majority
are exploitable via the web application interface included with the
camera. The most significant issue is that a CSRF attack against a user
logged in as an administrator can lead to root access of the Linux based
operating system on the camera. As a result, the camera can be turned
into an internal resource for any malicous hacker, through which custom
scripts can be launched. This can include port scans, banner grabbing,
BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012
- Fortinet FortiWeb Web Application Firewall Policy Bypass -
============================================================
1) Affected Product
Fabricant: Fortinet
Product name: FortiWeb
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# Web Application: FAR - PHP Project version:1.0
# Vendor's Address :www.far-php.ro
################################################################
################################################################
1. Impact on Business
=====================
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application
Servers, taking complete control of the SAP system.
With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.
- - Risk Level: High
(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/DirectAdmin )
Abstract:
=========
A Vulnerability Laboratory Researcher discovered a Cross Site Scripting Vulnerability on DirectAdmins Management Web-Application.
Report-Timeline:
================
2012-03-31: Vendor Notification
3. *Vulnerability Description*
The Cisco Secure Desktop web application does not sufficiently verify if
a well-formed request was provided by the user who submitted the POST
request, resulting in a cross-site scripting vulnerability.
In order to be able to sucessfully make the attack, the Secure Desktop
application on the Cisco Appliance must be turned on.
== Overview ==
CodeScan Labs (http://www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, VP-ASP was selected as one of
the test applications. We downloaded a demo of VP-ASP from the VP-ASP
4. *Vulnerability Description*
Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it.
For additional information, please read [1].
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected.
Description:
Bugs https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 and
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 allowed a web
application to replace the XML parser used by Tomcat to process web.xml,
context.xml and tld files. If a web application is the first web
application loaded, these bugs allow that web application to potentially
view and/or alter the web.xml, context.xml and tld files of other web
applications deployed on the Tomcat instance.
Description
-----------------------------------
TWiki® is a flexible, powerful, and easy to use enterprise wiki,
enterprise collaboration platform, and web application platform. It is
a Structured Wiki, typically used to run a project development space,
a document management system, a knowledge base, or any other groupware
tool, on an intranet, extranet or the Internet.
Problem Description:
Multiple vulnerabilities has been found and corrected in tomcat5:
When running under a SecurityManager, access to the file system is
limited but web applications are granted read/write permissions to
the work directory. This directory is used for a variety of temporary
files such as the intermediate files generated when compiling JSPs
to Servlets. The location of the work directory is specified by
a ServletContect attribute that is meant to be read-only to web
applications. However, due to a coding error, the read-only setting
management, security management, service desk, asset management, and
process management solutions to organizations. The company's software is
used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: The
Landesk web application does not sufficiently verify if a well-formed
request was provided by the user who submitted the request. Using this
information an external remote attacker can run arbitrary code using the
'gsbadmin' user (that is the user running the web-server).
In order to be able to successfully make the attack, the administrator
> # \___ >__| \___ >\/\_/ #
> # est.2007 \/ \/ forum.darkc0de.com #
>
> ################################################################
>
> # Web Application: FAR - PHP Project version:1.0
> # Vendor's Address :www.far-php.ro
> ################################################################
>
>
> ################################################################
interface. These include XSS Type I, XSS Type II, weak session
management and insecure default configuration.
XSS Type 1:
-----------
Web application fails to validate and/or htmlencode user input when
handling erroneous requests. This allows attacker to inject HTML and
client-side scripts to victim's browser by creating suitable links.
This vulnerability cannot be used for session hijacking, because
CMC-TC PU II requires each valid request to contain current session
=========================================================
1. OVERVIEW
The Help Content web application of Eclipse IDE was vulnerable to
Cross Site Scripting (XSS) Vulnerability.
2. PRODUCT DESCRIPTION
First let me start by saying im not writing to flame anyone (or whatever you kids say these days). I know its can be a daunting to release a paper to the security community because if any of its incorrect you're gonna hear about it.
However releasing a paper and claiming it to be a new class (or sub-class) of vulnerability, well im sorry, its like wearing Gold football boots, you better get it right after a statement like that.
If this paper was titled "Bypassing Broken Input Validation Filters" then there would be no problems. However none of what exists in this document is new, in fact most of it is in the Web Application Hackers Handbook or in much older papers. Constructing attackers of all kinds to bypass black list filters is a common duty of the web application tester, also take a look at all of the recent SQL injection worms.
The main thing wrong here is claiming it to be something new, or even claiming it to be a "sub-class", it not!
Its several methods for encoding sql queries or tricking multi layered input validation/sanitisation routines, none of which are new, all of which are implemented by every pen/app tester i have ever worked with.
#######################################################################
Introduction:
-------------
Cyrill Brunschwiler of Compass Security discovered a web application
security flaw in the OpenCMS OAMP comments module.
Description:
------------
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
The 'locale' parameter used in web page help/topics/iastop_cs/iastop_cs_farm_page.html (part of Oracle Help component) is vulnerable to cross-site scripting attacks. User supplied input to this parameter is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
Note: Since the venue is a restricted area, it is mandatory for each participant to register via email with dharmeshmm at mastek dot com. This would help generating gate passes for all individuals for the event. Else participant will not be able to attend the same.
Interested in Speaking at the event??
1. The topic of the event should be on "Privacy in the 21st Century", so all talks should be related to it (we should be addressing the Web Application side of Privacy (for example what happens to Privacy with SQL Injection, XSS and issues like pdp's Snoop)
2. All events are recommended to have the same panel discussion on the subject "What is the current state of Privacy on Web Application Security? and what should we be focusing on?").
3. Drop in a mail to dharmeshmm at mastek dot com to confirm your presentation.
submitted papers to the MyReview system lets unintended users download
these documents. This information leakage can be used to illegally
retrieve sensitive or licensed documents.
I. Description
The MyReview web application is an open-source web application used in
the research community To manage the paper submission and paper review
phases of conferences. Based on the well known PHP+MySQL framework and
distributed under the GNU General Public License, it has been used by
thousands of conferences worldwide.
Incorrect management of the submission and camera ready versions of
== Overview ==
CodeScan Labs (www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, Xoops was selected as one of
the test applications. We downloaded Xoops from the Xoops website
http://rgaucher.info
Andres Riancho wrote:
> List,
>
> Moth is a VMware image with a set of vulnerable Web Applications and
> scripts, that you may use for:
> - Testing Web Application Security Scanners
> - Testing Static Code Analysis tools (SCA)
> - Giving an introductory course to Web Application Security
>
From this month’s issue we plan to start a new section on secure coding. This section will essentially focus on good coding practices and snippets to mitigate various vulnerabilities.
This issue covers following articles:-
0x00 Tech Gyan - XSS – The Burning issue in Web Application
0x01 Tool Gyan - Sysinternals Suite
0x02 Mom's Guide - Decoding ROT using the Echo and Tr Commands in your Linux Terminal
0x03 Legal Gyan - Provisions of Sec. 66B
0x04 Matriux Vibhag - How to enable WiFi on Matriux running inside VMWare
0x05 Code Gyan - Local File Inclusion
<<Previous Next>>
|
