<< Previous Next >>
web based
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
(Copy of the Vendor Homepage: http://www.dream-autos.com/ )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in the Car Portal v3.0 web application.
Report-Timeline:
================
2012-04-24: Public or Non-Public Disclosure
4. *Vulnerability Description*
Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it.
For additional information, please read [1].
***********************************************************************
Summary
Metrica Service Assurance Framework implements a distributed,
object-oriented, J2EE-based architecture. It work with a Web-based
user interfaces, from end-user report generation to detailed system
administration and configuration.
***********************************************************************
works if the caching Microsoft DNS server does not use a forwarder. If a
forwarder is used the attacker will observe the transaction IDs
generated by the forwarder.
To demonstrate this kind of attack and to make testing DNS server
transaction IDs easier we created a web-based DNS TX ID analyzer
(http://www.scanit.be/dns-tx-id-test.html). That web page makes your
browser send queries to your DNS server for hosts in cache-poisoning.net
domain. Your DNS server will send the queries to our DNS server which is
authoritative for cache-poisoning.net domain. Our DNS servers records
the transaction IDs that it received and they get displayed back to you
management, security management, service desk, asset management, and
process management solutions to organizations. The company's software is
used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: The
Landesk web application does not sufficiently verify if a well-formed
request was provided by the user who submitted the request. Using this
information an external remote attacker can run arbitrary code using the
'gsbadmin' user (that is the user running the web-server).
In order to be able to successfully make the attack, the administrator
Workaround
Within PeopleSoft, select the “Enable password controls” checkbox and then define the number of days that a password is valid. The actual number of days does not matter for this purpose.
When an account is locked because of too many login attempts, the administrator can unlock the account and then manually set the status of the password for the account to “expired”. This will force the user to change the password during the next login.
An alternative workaround is to create a custom Web application policy in the SecureSphere Web Application Firewall. The policy match criteria would include the URL prefix of the PeopleSoft login page (the action URL for the authentication form) and the number of occurrences within a specified period of time.
Discovered by:
Yaniv Azaria of Imperva’s ADC
About:
Easy File Sharing Web Server is an extremely popular web-based file sharing application that has been in use for years.
It is a fast, easy to use commercial, standalone "all-in-one" file-sharing web server.
Customers use a built-in interface to point to files they wish to publish via a menu-driven web application (typically full drives or directories). Files can be shared anonymously, or via EFSWS's built-in user management. EFSWS has built-in SSL encryption to prevent logons from being sent in the clear (as well as all other access). Users log in, and are presented with a menu of files that have been published and that are made available for download.
EFSWS uses the MGH Software "myDB" database plug-in to store db information such as file location, user information (password in the clear), files, forum information, etc. A free db parser is available at:
http://www.mghsoft.com/
Please see vendor site and db engine site for more details.
About
*****
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
Type of vulnerability: Cross-Site Scripting (XSS) - Reflected
Exploit Vectors: Local and Remote
Vulnerability Description: The Web application management interface of Server Monitor contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks. Arbitrary client side code such as JavaScript can be included into certain parameters throughout the Web application. The following parameters and Web pages have been tested and verified; however, it is likely more views and parameters within the application are vulnerable:
event-history.asp (siteid, type) parameter
admin-history.asp (siteid, type) parameters
dashboard-view.asp (siteid, id) parameters
device-events.asp (siteid, dn) parameters
Application : Pre Ads Portal
version : <= 2.0
Vendor : http://www.preproject.com/ads.asp
Description :
Pre ADS Portal is a Web Application which is used to submit your personal
listings into different categories. You can add your's Listings into the
following categories or can also add, edit and delete categories and
sub categories from admin section. Pre ADS Portal fully customizable website
for ads submission solution with golden and featured listings features.
First let me start by saying im not writing to flame anyone (or whatever you kids say these days). I know its can be a daunting to release a paper to the security community because if any of its incorrect you're gonna hear about it.
However releasing a paper and claiming it to be a new class (or sub-class) of vulnerability, well im sorry, its like wearing Gold football boots, you better get it right after a statement like that.
If this paper was titled "Bypassing Broken Input Validation Filters" then there would be no problems. However none of what exists in this document is new, in fact most of it is in the Web Application Hackers Handbook or in much older papers. Constructing attackers of all kinds to bypass black list filters is a common duty of the web application tester, also take a look at all of the recent SQL injection worms.
The main thing wrong here is claiming it to be something new, or even claiming it to be a "sub-class", it not!
Its several methods for encoding sql queries or tricking multi layered input validation/sanitisation routines, none of which are new, all of which are implemented by every pen/app tester i have ever worked with.
Note: Since the venue is a restricted area, it is mandatory for each participant to register via email with dharmeshmm at mastek dot com. This would help generating gate passes for all individuals for the event. Else participant will not be able to attend the same.
Interested in Speaking at the event??
1. The topic of the event should be on "Privacy in the 21st Century", so all talks should be related to it (we should be addressing the Web Application side of Privacy (for example what happens to Privacy with SQL Injection, XSS and issues like pdp's Snoop)
2. All events are recommended to have the same panel discussion on the subject "What is the current state of Privacy on Web Application Security? and what should we be focusing on?").
3. Drop in a mail to dharmeshmm at mastek dot com to confirm your presentation.
1. Impact on Business
=====================
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application
Servers, taking complete control of the SAP system.
With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.
- - Risk Level: High
Product description:
Netbiter® webSCADA (WS100/WS200) is one of polular products in industrial automation, allowing to organize remote access to field devices based on MODBUS TCP through Ethernet, GSM, GPRS channels. The Netbiter is equipped with both Ethernet and a built-in GSM/GPRS modem for communication to remote equipment. This means that it can both communicate over an Ethernet LAN and wireless using the built-in modem. In addition it also supports an external GPS receiver to keep track of its geographical position. Netbiter solution had embedded WEB-server and HMI, which provides management functions by operations on detection of alarms and emergencies with the subsequent notification by SMS, E-mail, SNMP protocol.
URL: Intellicom Innovation AB (http://www.intellicom.se)
Vulnerability description:
1. Local File Disclosure (WASC Web Application Threat Classification):
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00
2. Users information disclosure:
/cgi-bin/read.cgi?file=/home/config/users.cfg
Advisory Reference : NS-11-008
Description
------------------
Symphony is a web-based content management system (CMS) that enables
users to create and manage websites and web applications of all shapes
and sizes—from the simplest of blogs to bustling news sites and
feature-packed social networks.
Details
-------------------
About
*****
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
* Advances in attacking interpreted languages - Justin Ferguson, IOActive
* One Token to Rule Them All: Post-Exploitation Fun in Windows Environments
- Luke Jennings, MWR InfoSecurity
* Building the bridge between the Web Application and the OS: GUI access
through SQL Injection - Alberto Revelli, Portcullis
* Satellite Systems - Adam Laurie, RFIDIOt.org
* Browser Exploits - Attacks and Defense - Saumil Shah, Net Square
== Overview ==
CodeScan Labs (www.codescan.com), has recently released a new source
code scanning tool, CodeScan. CodeScan is an advanced auditing tool
designed to check web application source code for security vulnerabilities.
CodeScan utilises an intelligent source code parsing engine, traversing
execution paths and tracking the flow of user supplied input.
During the ongoing testing of CodeScan ASP, Xoops was selected as one of
the test applications. We downloaded Xoops from the Xoops website
Fixed versions: 4.01-3 (and later)
Description:
Applicure dotDefender is a Web Application Firewall that can be installed on
Windows and Linux servers.
From their website (applicure.com):
"dotDefender is the market-leading software Web Application Firewall (WAF).
dotDefender boasts enterprise-class security, advanced integration capabilities,
Andre Gironda - A little TLC for your SDL
Bruno G Oliveira - Knowing and Enjoying the Cold Boot Attack
Chema Alonso & Jose Parada - RFD (Remote File Downloading) using Blind Techniques
Chris Gates - New School Information Gathering
Christian Heinrich - Google Denied
David Byrne - Advanced Techniques in Automated Web Application Testing
Dennis Brown - Anatomy of the Asprox/Danmec Botnet
Joshua Brashars - Owning telephone entry systems (aka why you shouldn't sleep so well)
Sergey Bratus, Cory Cornelius, Daniel Peebles, & Axel Hansen - Active Fingerprinting of 802.11 APs
Strom Carlson - Why your mother will never care about Linux (a rant)
Stephan Chenette - Ultimate Script Deobfuscation: Browser Hooking versus simulation
4. *Vulnerability Description*
Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it.
This vulnerability can be exploited to force a logged in Administrator
The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected.
Description:
Bugs https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 and
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 allowed a web
application to replace the XML parser used by Tomcat to process web.xml,
context.xml and tld files. If a web application is the first web
application loaded, these bugs allow that web application to potentially
view and/or alter the web.xml, context.xml and tld files of other web
applications deployed on the Tomcat instance.
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# Web Application: FAR - PHP Project version:1.0
# Vendor's Address :www.far-php.ro
################################################################
################################################################
> # \___ >__| \___ >\/\_/ #
> # est.2007 \/ \/ forum.darkc0de.com #
>
> ################################################################
>
> # Web Application: FAR - PHP Project version:1.0
> # Vendor's Address :www.far-php.ro
> ################################################################
>
>
> ################################################################
#######################################################################
Introduction:
-------------
Cyrill Brunschwiler of Compass Security discovered a web application
security flaw in the OpenCMS OAMP comments module.
Description:
------------
Description
-----------------------------------
TWiki® is a flexible, powerful, and easy to use enterprise wiki,
enterprise collaboration platform, and web application platform. It is
a Structured Wiki, typically used to run a project development space,
a document management system, a knowledge base, or any other groupware
tool, on an intranet, extranet or the Internet.
* Software Security: State of the Practice 2008 (Gary McGraw)
Topics
* The OWASP ESAPI project - Dave Wichers
* Trends in Web Hacking Incidents: What's hot for 2008 - Ofer Shezaf
* Evaluation Criteria for Web Application Firewalls - Ivan Ristic
* HTML5 security - Thomas Roessler
* The OWASP Orizon Project internals - Paolo Perego
* Remo presentation (Input Validation) - Christian Folini
* Best Practices Guide: Web Application Firewalls (OWASP German chapter) -
Alexander Meisel
--------------------------- beenudel1986@gmail.com -------------------------
Web Application : phpechocms v 2.0 rc3
Flaw : RFI
Severity : High
path : http://site.com/kernel/smarty/Smarty.class.php
==============================================================
---[ Introduction
Web Crawler is a utility designed for testing and demonstration of the WebEngine open source library features. This program gathers information about the resources of a specified web server by analyzing references in the HTML markup, text, and JavaScript code. Additionally, a query is sent to the Web Of Trust knowledge base to obtain information about the analyzed site. This check demonstrates analysis of web application vulnerabilities.
The main features provided by the application are listed below:
- JavaScript analysis aimed at receiving references with simulation of a DOM structure
- Access to the contents of web servers via HTTP
<<Previous Next>>
|
