Next Page >>
Web Application
Severity : High
Local/Remote : Remote
[Vulnerability Details]
Modsecurity is an Open source Web Application firewall which runs as an Apache
module. It has a comprehensive set of rules called 'ModSecurity Core
Rules' for common web application
attacks like SQL Injection, Cross-Site Scripting etc.
It is possible to bypass the ModSecurity Core Rules due to the
Trustwave's SpiderLabs Security Advisory TWSL2011-006:
IBM Web Application Firewall Bypass
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
Published: 2011-06-21
Version: 1.0
Vendor: IBM
Product: IBM Web Application Firewall
____________________________________________________________________________
Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.
____________________________________________________________________________
An advisory by EnableSecurity.
Trustwave published a joint advisory named TWSL2009-001
ID: ES-20090500
Introduction
Internet security threats are migrating from pure network-level attacks
to web server and web application attacks. The web application itself
has become the new security perimeter, and is wide open to the new
generation of attacks. That's the reason why is very important for IT
security staff to have cutting- edge knowledge of web application
security vulnerability testing techniques and tools.
CSS10-01: Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability
April 5, 2010
BACKGROUND
==========
The Imperva SecureSphere Web Application Firewall protects web
applications and sensitive data against sophisticated attacks and
brute force attacks, stops online identity theft, and prevents data
leaks from applications. The Imperva SecureSphere Database Firewall
monitors and proactively protects databases from internal abuse,
Security Advisory
---------------------------------------
Vulnerable Software: phion airlock Web Application Firewall
Vulnerable Version: 4.1-10.41
Homepage: http://www.phion.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote Denial of Service via Management
Interface (unauthenticated) and Command Execution
7. *Technical Description / Proof of Concept Code*
Cross-Site Scripting (commonly referred to as XSS) bugs arise from a web
application's improper encoding or filtering of input obtained from
untrusted sources. These bugs allow an attacker to inject malicious tags
and/or script code that is later executed in the context of a web
browser when the user accesses the vulnerable web site. The injected
code then takes advantage of the trust relationship between the web
browser and the vulnerable web application. Attacks that exploit XSS
Security Advisory
---------------------------------------
Vulnerable Software: radware AppWall Web Application Firewall
Vulnerable Version: Gateway Version 4.6.0.2 / AppWall Version
1.0.2.6
Homepage: http://www.radware.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Source code disclosure on management interface
Security Advisory
---------------------------------------
Vulnerable Software: Artofdefence Hyperguard Web Application Firewall
Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to
3.0.3-11636; prior to 2.5.5-11635 (Apache Plug-in)
Homepage: http://www.artofdefence.com/
Found by: Michael Kirchner, Wolfgang Neudorfer,
Lukas Nothdurfter (Team h4ck!nb3rg)
Impact: Remote Denial of Service
provide patches for the current vulnerable versions with the 2.7.3
ftf4 release before August, but this release was not confirmed yet
(see the timeline for more details). In the meantime, users can
mitigate these flaws by applying these countermeasures:
1. For [CVE-2010-1929 | 40480], establish a Web Application
Firewall rule for limiting the length of the parameters
'EnteredClassID' and 'NewClassName' in POST requests to the URI
'/nps/servlet/webacc/'.
2. For [CVE-2010-1930 | 40485], establish a Web Application
Firewall rule for limiting the length of the parameter 'Tree' in POST
of PoC code, discussion of fixes, etc.
___________________________________________________________________________
Overview:
Hash tables are a commonly used data structure in most programming
languages. Web application servers or platforms commonly parse
attacker-controlled POST form data into hash tables automatically, so
that they can be accessed by application developers.
If the language does not provide a randomized hash function or the
application server does not recognize attacks using multi-collisions, an
CORE GRASP for PHP is a web-application protection software aimed at
detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is
being released as open source under the Apache 2.0 license and can be
obtained from http://gasp.coresecurity.com/.
The present implementation protects PHP 5.2.3 against SQL-injection
attacks for the MySQL engine, it can be installed with almost the same
effort as the PHP engine, both in Unix and Windows systems, and
protection is immediate with any PHP web application running in the
Moderator note: this copy of the post has a corrected URL.
CORE GRASP for PHP is a web-application protection software aimed at
detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is
being released as open source under the Apache 2.0 license and can be
obtained from http://grasp.coresecurity.com/.
The present implementation protects PHP 5.2.3 against SQL-injection
attacks for the MySQL engine, it can be installed with almost the same
renders the XSS protection for the time parameter ineffective. An
attacker can therefore perform an XSS attack using the time attribute.
Mitigation:
6.0.x users should do one of the following:
- remove the examples web application
- apply this patch http://svn.apache.org/viewvc?rev=750924&view=rev
- upgrade to 6.0.19 when released
5.5.x users should do one of the following:
- remove the examples web application
- apply this patch http://svn.apache.org/viewvc?rev=750928&view=rev
> Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
> Advisory Reference : NS-11-004
>
> Description
> ------------------
> Redmine is a flexible project management web application written using
> Ruby on Rails framework.
>
> Details
> -------------------
> Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1.
Product description:
Netbiter® webSCADA (WS100/WS200) is one of polular products in industrial automation, allowing to organize remote access to field devices based on MODBUS TCP through Ethernet, GSM, GPRS channels. The Netbiter is equipped with both Ethernet and a built-in GSM/GPRS modem for communication to remote equipment. This means that it can both communicate over an Ethernet LAN and wireless using the built-in modem. In addition it also supports an external GPS receiver to keep track of its geographical position. Netbiter solution had embedded WEB-server and HMI, which provides management functions by operations on detection of alarms and emergencies with the subsequent notification by SMS, E-mail, SNMP protocol.
URL: Intellicom Innovation AB (http://www.intellicom.se)
Vulnerability description:
1. Local File Disclosure (WASC Web Application Threat Classification):
/cgi-bin/read.cgi?page=../../../../../../../../../../../etc/passwd%00
2. Users information disclosure:
/cgi-bin/read.cgi?file=/home/config/users.cfg
management, security management, service desk, asset management, and
process management solutions to organizations. The company's software is
used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: The
Landesk web application does not sufficiently verify if a well-formed
request was provided by the user who submitted the request. Using this
information an external remote attacker can run arbitrary code using the
'gsbadmin' user (that is the user running the web-server).
In order to be able to successfully make the attack, the administrator
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# Web Application: FAR - PHP Project version:1.0
# Vendor's Address :www.far-php.ro
################################################################
################################################################
Block your calendar on 6th September 2007 to join us on the event. Registrations for the event are FREE !!
Interested in Speaking / Sharing your thoughts??
The topic of the event will be on "Privacy in the 21st Century", so all talks should be related to it (we should be addressing the Web Application side of Privacy (for example what happens to Privacy with SQL Injection, XSS and issues like pdp's Snoop)
Send a mail to dharmeshmm at mastek dot com to confirm your presentation for the event.
Interested in Sponsoring??
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
The 'locale' parameter used in web page help/topics/iastop_cs/iastop_cs_farm_page.html (part of Oracle Help component) is vulnerable to cross-site scripting attacks. User supplied input to this parameter is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
=========================================================
1. OVERVIEW
The Help Content web application of Eclipse IDE was vulnerable to
Cross Site Scripting (XSS) Vulnerability.
2. PRODUCT DESCRIPTION
> # \___ >__| \___ >\/\_/ #
> # est.2007 \/ \/ forum.darkc0de.com #
>
> ################################################################
>
> # Web Application: FAR - PHP Project version:1.0
> # Vendor's Address :www.far-php.ro
> ################################################################
>
>
> ################################################################
Type of vulnerability: Cross-Site Scripting (XSS) - Reflected
Exploit Vectors: Local and Remote
Vulnerability Description: The Web application management interface of Server Monitor contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks. Arbitrary client side code such as JavaScript can be included into certain parameters throughout the Web application. The following parameters and Web pages have been tested and verified; however, it is likely more views and parameters within the application are vulnerable:
event-history.asp (siteid, type) parameter
admin-history.asp (siteid, type) parameters
dashboard-view.asp (siteid, id) parameters
device-events.asp (siteid, dn) parameters
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-004
Description
------------------
Redmine is a flexible project management web application written using
Ruby on Rails framework.
Details
-------------------
Redmine is affected by a XSS vulnerability in versions from 1.0.1 to 1.1.1.
First let me start by saying im not writing to flame anyone (or whatever you kids say these days). I know its can be a daunting to release a paper to the security community because if any of its incorrect you're gonna hear about it.
However releasing a paper and claiming it to be a new class (or sub-class) of vulnerability, well im sorry, its like wearing Gold football boots, you better get it right after a statement like that.
If this paper was titled "Bypassing Broken Input Validation Filters" then there would be no problems. However none of what exists in this document is new, in fact most of it is in the Web Application Hackers Handbook or in much older papers. Constructing attackers of all kinds to bypass black list filters is a common duty of the web application tester, also take a look at all of the recent SQL injection worms.
The main thing wrong here is claiming it to be something new, or even claiming it to be a "sub-class", it not!
Its several methods for encoding sql queries or tricking multi layered input validation/sanitisation routines, none of which are new, all of which are implemented by every pen/app tester i have ever worked with.
Details are presented at http://www.informit.com/
<http://www.informit.com/articles/article.aspx?p=1016102>
In summary, the AXIS 207W is vulnerable to numerous attacks. Some of
these are related to wireless protocol vulnerabilities, but the majority
are exploitable via the web application interface included with the
camera. The most significant issue is that a CSRF attack against a user
logged in as an administrator can lead to root access of the Linux based
operating system on the camera. As a result, the camera can be turned
into an internal resource for any malicous hacker, through which custom
scripts can be launched. This can include port scans, banner grabbing,
1. Impact on Business
=====================
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application
Servers, taking complete control of the SAP system.
With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.
- - Risk Level: High
* Advances in attacking interpreted languages - Justin Ferguson, IOActive
* One Token to Rule Them All: Post-Exploitation Fun in Windows Environments
- Luke Jennings, MWR InfoSecurity
* Building the bridge between the Web Application and the OS: GUI access
through SQL Injection - Alberto Revelli, Portcullis
* Satellite Systems - Adam Laurie, RFIDIOt.org
* Browser Exploits - Attacks and Defense - Saumil Shah, Net Square
Andre Gironda - A little TLC for your SDL
Bruno G Oliveira - Knowing and Enjoying the Cold Boot Attack
Chema Alonso & Jose Parada - RFD (Remote File Downloading) using Blind Techniques
Chris Gates - New School Information Gathering
Christian Heinrich - Google Denied
David Byrne - Advanced Techniques in Automated Web Application Testing
Dennis Brown - Anatomy of the Asprox/Danmec Botnet
Joshua Brashars - Owning telephone entry systems (aka why you shouldn't sleep so well)
Sergey Bratus, Cory Cornelius, Daniel Peebles, & Axel Hansen - Active Fingerprinting of 802.11 APs
Strom Carlson - Why your mother will never care about Linux (a rant)
Stephan Chenette - Ultimate Script Deobfuscation: Browser Hooking versus simulation
--------------------------- beenudel1986@gmail.com -------------------------
Web Application : phpechocms v 2.0 rc3
Flaw : RFI
Severity : High
path : http://site.com/kernel/smarty/Smarty.class.php
Next Page>>
|
