New User, Welcome!     Login

number 7

Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability

> During the handling of an encoded authentication request, the process
> copies the user-supplied login information into a fixed length stack
> buffer

This one seems exactly the same vulnerability I disclosed in February
2008 and for which I wrote also a testing attack (number 7) in my
doubletakedown proof-of-concept:

  http://aluigi.org/adv/doubletakedown-adv.txt

Anyway it's an old version of Double-Take so should be not considered,

Re: ZDI-08-034: HP StorageWorks Storage Mirroring Authentication Processing Stack Overflow Vulnerability

> During the handling of an encoded authentication request, the process
> copies the user-supplied login information into a fixed length stack
> buffer

This one seems exactly the same vulnerability I disclosed in February
2008 and for which I wrote also a testing attack (number 7) in my
doubletakedown proof-of-concept:

  http://aluigi.org/adv/doubletakedown-adv.txt

Anyway it's an old version of Double-Take so should be not considered,

THOTCON 0x2 - Call For Papers is Open -> 10.01.10

There will be ten (10) 45 minute talks selected.

Topics we are interested in: retro computing, forensics, robotics,
physical security, 0days, application hacking, wireless, malware
development/research, hackerspaces, The Muppets, Penguins, zombies,
attack detection, the number 7, online game hacking, consumer device
hacking, beer, and bananas [foster].

*** SPEAKER PERKS **********************
Speakers will be given free admission to the conference as well as one
(1) free attendee badge (to bring a guest). In addition, speakers who

THOTCON 0x1 - Call For Papers is Open -> October 1, 2009

working on).

Topics we are interested in: retro computing, forensics, robotics, 
physical security, 0-days, application hacking, wireless, malware 
development/research, hacker spaces, The Muppets, zombies, attack 
detection, the number 7, online game hacking, consumer device hacking, 
beer, hacking Olympic bids [using Oprahsploit], and bananas [foster].

*** SPEAKER PERKS **********************
Speakers will be given free admission to the conference as well as one 
(1) free attendee badge (to bring a guest). In addition, speakers who

WoltLab Burning Board 3.0.3 PL1 SQL-Injection Vulnerability

...AND IF(ORD(SUBSTR(password,1,1))>55,BENCHMARK(3000000,MD5(23)),1))

1,1 is the position in the crypted password. 55 is the char in the 
ascii-table. 

In this example we ask for number 7 in the hash, position 1. If the page load 
fast, you find a true char. If not, ask other chars ;-).If you enter a char 
that is higher then the true's, the page load fast to, so start from 48 first 
and go higher.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!