DO NOT
0001560 - Recon does not require speakers use their real names
0001600 - Recon does not provide attendee or speaker information to third-parties
0001620 (except where necessary for registration/payment)
* w0rd, n0w ph0r th3 g00dz..
* [DeC] DO NOT DISTRIBUTE PRIVATE !!! [DeC]
*
* dr0pv4x.c
* t0p-s3kR1t w4r3z k0m1n' @ ya
* str8 fr0m the k0d3l1n3
* -th3 phr3zh pr1nc3 0f b3llk0r3
TZ>> 16.04.2009 - IBM answers
TZ>> [..] "We are not an open source company, so the internal workings of
TZ>> our proprietary software is not something we publicly disclose.
TZ>> We do not provide our products for free to all of the independent
TZ>> testers that might be interested in our product lines--the number
TZ>> of requests simply would not be scalable or manageable if
TZ>> we did"
TZ>> 17.04.2009 - As I have no way to reproduce and IBM gives no details
> password, you can always reset it via AD or resetting the SAM.
>
>
>
*** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. ***
http://localhost/ewiki/fragments/css.php?ewiki_id=1&ewiki_action=../../../../../../../../etc/passwd%00
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
http://localhost/yblog/uss.php?action=2&done=1&n=<script>alert(/xss/)</script>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
>> password, you can always reset it via AD or resetting the SAM.
>>
>>
>>
>
> *** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. ***
>
</form>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
try error till you got it!
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
# 2008/5/24 - chrO.ot group #
If you feel you have a presentation that would be appropriate but that does not meet the guidelines in this CFP, feel free to submit it anyway as we sometimes accept out-of-scope talks that are so cool and compelling they’ll obviously be of interest to ShmooCon attendees. Just be sure to include information explaining your reasoning so we can better evaluate your proposal.
--== SUBMISSION PROCEDURE ==--
ShmooCon VII will continue to use a web based submission process. Please DO NOT just mail us your CFP response. Visit https://cfp.shmoocon.org and be prepared with the following information:
Speaker name(s) and contact information
Presentation Title
Track preference
Keywords and 2-3 sentence abstract
try error till you got it!
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
# 2008/5/24 - chrO.ot group #
II. DESCRIPTION
This CMS is affected by multiple remote security flaws,
such as SQL Injection, Arbitrary File upload, etc.
These security flaws DO NOT require authentication. Other
files may be vulnerable.
III. ANALYSIS
TZ> 16.04.2009 - IBM answers
TZ> [..] "We are not an open source company, so the internal workings of
TZ> our proprietary software is not something we publicly disclose.
TZ> We do not provide our products for free to all of the independent
TZ> testers that might be interested in our product lines--the number
TZ> of requests simply would not be scalable or manageable if
TZ> we did"
TZ> 17.04.2009 - As I have no way to reproduce and IBM gives no details
http://localhost/tornado/searcher.exe?v=root&p=<script>alert(/xss/)</script>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
... *faint*
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
# 2008/5/24 - chrO.ot group #
http://localhost/post3/Book.asp?review=<script>alert(/xss/)</script>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
# 2008/5/24 - chrO.ot group #
</form>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
###############################
<!DOCTYPE NETSCAPE-Bookmark-file-1>
<!-- This is an automatically generated file.
It will be read and overwritten.
DO NOT EDIT! -->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<TITLE>Bookmarks</TITLE>
<H1>Men Marcadores</H1>
<DL><p>
<DT><A HREF="http://www.mozilla.org" ADD_DATE="1282083605"
then enjoy it ..
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
# 2008/5/24 - chrO.ot group #
5) cover it with smiley face stickers
You get the idea. This is non issue.
*** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. ***
</form>
______
[NOTE]
!! This is just for educational purposes, DO NOT use for illegal. !!
> password, you can always reset it via AD or resetting the SAM.
>
>
>
*** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. ***
The FTP proxy used in Apple's Airport Express, Airport Extreme, Time Capsule and possibly elsewhere doesn't check the client provided address and port given by the FTP PORT command against the IP address of the connecting client, or against the use of privileged ports. (The FTP PORT command is used by a FTP client to tell an FTP server which address and data port to initiate the data connection on.) The FTP proxy is used to provide assistance to clients operating in NAT environments served by the Apple products. FTP servers running behind a NAT with this assistance can have addresses in the command channel rewritten for them so that external clients can reach them when operating in passive mode. The ALG operates as a proxy server, assuming responsibility for connections to the FTP server, and must therefore also handle and modify rewriting of the PORT command. It looks like it might be ftp-proxy from PF.
The effect of this problem is to allow anybody with access to the FTP port forwarded on the exterior side of an Apple Airport product that offers NAT to internal clients, which for a publicly-accessible FTP server is the big bad world, to induce an FTP server operating behind a NAT to send data to arbitrary addresses and ports. This is true even if the FTP server is configured to operate more securely, since it sees connections from the NAT's exterior interface, not the connecting client. This is useful for bouncing anonymous port scans off the victim NAT, or if data is available or can be written to and then read from the FTP server, potentially for anonymous attacks, spam, news floods, and other such badness. Any trust relationship and/or security implied or assumed by a NAT is also gone, since the PORT command can also specify private addresses, inside the NAT, for victimisation. Best of all, the gateway itself makes no log entry concerning FTP connections that have been run through the proxy.
Workarounds: do not use FTP; do not trigger the use of the ALG (FTP proxy) by explicitly using ports other than 21 on the inbound port mapping. If you can't do those things, you can avoid the worst effects of this attack by disabling FTP uploads that can later be downloaded by anonymous users.
Apple likes to keep secrets for the protection of its customers. Since the reasonable release of this advisory removes that protection, confidential information vouchsafed to me can be safely disclosed with no ill effects. Apple has a fix, and according to its last seemingly automatic template message, they are still testing it and do not know precisely when it will be released. This is confidential information. DO NOT DISCLOSE!
Advisory history:
I think that you don't understand the idea behind the checkNUM (is not a checkSUM ;) in the eyeOS ajax calls.
the checknum, is a number to protect eyeOS againt automatic requests, for example, if I'm using my eyeOS, my session is alive, and I enter another website, with iframes or something similar, for make a get to my eyeOS to delete a file, a file will be deleted, and this isn't good :)
the checknum DO NOT protect against yourself, the owner of a session, can know the checknum assigned to each app (each app have a different checknum)
Please, before send FALSE reports, you have to understand what you are auditing, thanks.
16.04.2009 - IBM answers
[..] "We are not an open source company, so the internal workings of
our proprietary software is not something we publicly disclose.
We do not provide our products for free to all of the independent
testers that might be interested in our product lines--the number
of requests simply would not be scalable or manageable if
we did"
17.04.2009 - As I have no way to reproduce and IBM gives no details
function __destruct()
{
if($this->configFileUpdated === true
&& $this->doWriteFileWhenUpdated === true)
{
$configFile = "; <?php exit; ?> DO NOT REMOVE THIS LINE\n";
$configFile .= "; file automatically generated or modified by "
"Piwik; you can manually override the default "
"values in global.ini.php by redefining them "
"in this file.\n";
Due to the purpose of these products, it has been observed that systems will
check for updates unattended and thus could be compromised without any
intervention needed on the client side. Systems often check for these updates
on reboot (autorun) and on configurable periodic basis. Note that updates DO
NOT need to be installed to provoke this issue. This flaw takes effect when
the system is evaluating if updates are relevant.
It has also been observed that the recent versions of the InstallShield will
contact the server, download and execute this "Rule information" even if you
have disabled all automatic updates for your installed products. Presumably
|
