top 10
The Joomla! Component com_bc does not properly escape parameters:-
ctask, bcItemid, lang, nlang , rid, rsid, sec_code, template, and
usergid.
This leads to Cross Site Scripting vulnerability. For more information
about this kind of vulnerability, see OWASP Top 10 - A2, WASC-8 and
CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting').
4. VERSIONS AFFECTED
3. VULNERABILITY DESCRIPTION
The BlastChat's chat client Component does not properly escape
"Itemid" parameter, which leads to Cross Site Scripting vulnerability.
For more information about this kind of vulnerability, see OWASP Top
10 - A2, WASC-8 and CWE-79: Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting').
4. VERSIONS AFFECTED
Introduction:
=============
Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video downloads website, in 10 seconds
you will be able to install opial on your webserver. Opial is perfect for small website to business network website.With opial
you can show top 10 albums, top 10 artist, featured songs, new 10 searches, new 10 songs sent , genres with covers, add
multiple songs, report dead audio links, update advertisements from admin panel, search by artist/album/song, edit
email template from admin panel, list artist/albums by alphabets.
(Copy of the Vendor Homepage: http://www.opial.com )
3. VULNERABILITY DESCRIPTION
Some URLs in Joomla! do not properly escape encoded user inputs that
lead to cross site scripting vulnerability.
For more information about this kind of vulnerability, see OWASP Top
10 - A2, WASC-8 and
CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting').
4. VERSIONS AFFECTED
The OWASP Academy-Portal is proud to announce the first free online
OWASP TOP 10 security lab based on Hacking-Lab.com!
Hacking-Lab is supporting the OWASP mission and made their online
training environment available for OWASP on free-to-use basis! The
Hacking-Lab is not just a common "hackme" environment. The solutions of
the labs are evaluated by OWASP teachers. It's not enough just to hack,
explain what and how you have it done to score the max points!
The OWASP Academy-Portal will make use of this services to validate the
3. VULNERABILITY DESCRIPTION
Some URLs in phpMyAdmin do not properly escape user inputs that lead
to cross site scripting vulnerability.
For more information about this kind of vulnerability, see OWASP Top
10 - A2, WASC-8 and
CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting').
4. VERSIONS AFFECTED
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.0]_cross_site_scripting(XSS)
Former Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.5.20]_cross_site_scripting(XSS)
XSS FAQ: http://www.cgisecurity.com/xss-faq.html
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html
#yehg [2011-03-14]
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.3]_cross_site_scripting(XSS)
Vendor Advisory URL:
http://developer.joomla.org/security/news/352-20110604-xss-vulnerability.html
XSS FAQ: http://www.cgisecurity.com/xss-faq.html
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html
#yehg [2011-06-28]
Vendor Advisory URL:
http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.0]_sql_injection
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-89: http://cwe.mitre.org/data/definitions/89.html
#yehg [2011-03-14]
sensitive data, and comply with security requirements such as PCI.
VUPEN WASS is based on a proprietary technology developed by VUPEN security
experts, and combines black-box (smart and automated) and grey-box
(signature-based) scanning to accurately identify web vulnerabilities such
as those in the OWASP Top 10 including SQL injection and cross-site
scripting,
but also real-world vulnerabilities such as shell command injection and
file inclusion.
Read More: http://www.vupen.com/english/wass/
Top 1 million unique passwords from my 1 billion training set cracks
37149 in the test set (3.7%). The corresponding uniform keyspace size
estimate is 27 million.
Top 10 million unique passwords cracks 145179 (14.5%). The keyspace
size estimate is 69 million.
Top 100 million unique passwords cracks 262693 (26.3%). The keyspace
size estimate is 381 million.
sensitive data, and comply with security requirements such as PCI.
VUPEN WASS is based on a proprietary technology developed by VUPEN security
experts, and combines black-box (smart and automated) and grey-box
(signature-based) scanning to accurately identify web vulnerabilities such
as those in the OWASP Top 10 including SQL injection and cross-site
scripting,
but also real-world vulnerabilities such as shell command injection and
file inclusion.
Read More: http://www.vupen.com/english/wass/
Vendor Announcement: http://xoops.org/modules/news/article.php?storyid=5851
What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html
#yehg [2011-03-18]
sensitive data, and comply with security requirements such as PCI.
VUPEN WASS is based on a proprietary technology developed by VUPEN security
experts, and combines black-box (smart and automated) and grey-box
(signature-based) scanning to accurately identify web vulnerabilities such
as those in the OWASP Top 10 including SQL injection and cross-site
scripting,
but also real-world vulnerabilities such as shell command injection and
file inclusion.
Read More: http://www.vupen.com/english/wass/
flexible, and provides you with a system for managing web content that
is ideal for project groups, communities, web sites, extranets and
intranets.
Plone is designed with security in mind by addressing the 10 most common
security vulnerabilities in web applications (OWASP Top 10).
Summary of issues identified:
- - CSRF (Cross-site Request Forgeries)
- - Credentials (username and password) stored in cookies
sensitive data, and comply with security requirements such as PCI.
VUPEN WASS is based on a proprietary technology developed by VUPEN security
experts, and combines black-box (smart and automated) and grey-box
(signature-based) scanning to accurately identify web vulnerabilities such
as those in the OWASP Top 10 including SQL injection and cross-site
scripting,
but also real-world vulnerabilities such as shell command injection and
file inclusion.
Read More: http://www.vupen.com/english/wass/
Hi
Recently with an outcome of Owasp RC1 top 10 exploited vulnerability
list , redirection issues have already
made a mark in that. Even the WASC has included the URL abusing as one
of the stringent attacks.
Well to be ethical in this regard these are not the recent attacks but
are persisting from long time. The only
difference is the exploitation ratio has increased from bottom to top.
10. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[cubecart_3.0.20_3.0.x]_open_url_redirection
CubeCart Home Page: http://cubecart.com/
OWASP Top 10 2010 - A 10:
http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
SANS Top 25: http://cwe.mitre.org/top25/#CWE-601
CWE-601: http://cwe.mitre.org/data/definitions/601.html
#yehg [2012-02-10]
http://yehg.net/lab/pr0js/advisories/%5Bfastpath-webchat%5D_multiple_cross_site_scripting
What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html
#yehg [2012-04-15]
> <mailto:0kn0ck@secniche.org>> wrote:
>
>
> Hi
>
> Recently with an outcome of Owasp RC1 top 10 exploited vulnerability
> list , redirection issues have already
> made a mark in that. Even the WASC has included the URL abusing as one
> of the stringent attacks.
> Well to be ethical in this regard these are not the recent attacks but
> are persisting from long time. The only
file transfer
at over 20,000 sites around the world.
Financial networks use SecureTransport to move billions of dollars
in financial
transactions daily, and 8 of the top 10 U.S. banks use it to serve
tens of thousands
of corporate customers. Healthcare providers, payers, producers and
clearing houses
are linked through SecureTransport, which provides a single,
integrated secure file
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting
Joomla! 1.0.x End of Life -
http://community.joomla.org/blogs/community/509-an-old-friend-comes-of-age.html
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html
#yehg [2011-01-06]
10. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[plesk_7.0-8.2]_open_url_redirection
Parallels Plesk Home Page: http://www.parallels.com/products/plesk
OWASP Top 10 2010 - A 10:
http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
SANS Top 25 - Rank 23: http://cwe.mitre.org/top25/#CWE-601
CWE-601: http://cwe.mitre.org/data/definitions/601.html
#yehg [2011-03-25]
- Next Generation Reverse Shell
- Build Your Own Password Cracker with a Disassembler and VM Magic
- Decompilers and Beyond
- Cracking into Embedded Devices and Beyond!
- Client-side Security
- Top 10 Web 2.0 Attacks
===
On a related note, the registration for HITBSecConf2009 - Dubai (20th -
23rd April) is now open!
10. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[cubecart_3.0.20_3.0.x]_open_url_redirection
CubeCart Home Page: http://cubecart.com/
OWASP Top 10 2010 - A 10:
http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
SANS Top 25: http://cwe.mitre.org/top25/#CWE-601
CWE-601: http://cwe.mitre.org/data/definitions/601.html
|
