Leaderboard

Pentru prietenii nemancati de pe RST, am facut o jucarie: KFC Free Coupons Generator . Puteti genera cate coduri de 20% reducere doriti. Pofta buna!

A German Security researcher has demonstrated a critical vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz discovered Remote code execution flaw "due to a type-cast issue in combination with complex curly syntax", that allows an attacker to execute arbitrary code on the eBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo() PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog, he noticed a legitimate URL on eBay: https://sea.ebay.com/search/?q=david&catidd=1 ..and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${[COLOR="#FF0000"]phpinfo()[/COLOR]}}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array values ? According to me, it is possible only if the 'search' page is receiving "q" parameter value using some LOOP function like "foreach()". Most probably code at the server end should be something like: foreach($_GET['q'] as $data) { If $data is successfully able to bypass some input filter functions { eval("execute thing here with $data"); } } David has already reported the flaw responsibly to the Ebay Security Team and they have patched it early this week.

A simple e-mail delivered the virus allowing Chinese hackers to access computers during the international summit, says security firm FireEye. Hackers in China took aim at five European ministries in the lead-up to the G20 summit in September, according to a new report. Research by security firm FireEye reveals that Chinese hackers sent e-mails to staff of the foreign ministries with files laced with malware, reported Reuters on Tuesday. When recipients opened those files, malicious code was loaded on to their computers, according to the report. The hackers where then able to move across affected machines and perform recon before the international summit, said FireEye. Just before the two-day G20 summit kicked off in St. Petersburg, Russia, the hackers moved to another server, said FireEye. The security firm lost track of the hackers when they moved servers, but it believes the move allowed the hackers to steal data as the summit was being held, according to the report. FireEye declined to specify the nations of officials who were hacked, but said they were all members of the European Union, reported Reuters. While FireEye said it was confident the hackers where from China, it did not find evidence that linked the hackers to the Chinese government, according to the report. Not surprisingly, the Chinese government has distanced itself from any claim that it might have hacked foreign governments for data. Reports have swirled for years that hackers are thriving in China. In many cases, those groups that have allegedly hacked into sensitive networks appear to have no tie to the Chinese government. Whether that's actually true, however, is unknown. One other interesting note from the Reuters report: FireEye detected no attempts by the hackers to target Americas, deciding instead to attack Europeans. sursa: http://news.cnet.com/8301-1009_3-57615090-83/chinese-hackers-targeted-european-diplomats-at-g20/

AOL recently announced that it would discontinue Winamp on December 20, 2013, but it turns out that the media player could get a chance to live on. In a pretty unexpected twist of the story, Microsoft is reportedly interested in acquiring AOL’s media player and the Shoutcast service, even though no confirmation from Redmond has until now been released. TechCrunch is reporting via unnamed sources that Microsoft and AOL are already talking of a potential deal that could be announced by December 20, the date when Winamp is set to go dark. While it’s hard to tell what Microsoft would actually do with Winamp, this could really be the only way to see the media player living on beyond the AOL era, as millions of users across the world are still running it on either Windows or Android right now. We’ve asked for a confirmation from Microsoft on this, so we’re going to update the article when and if we get an answer. The same source is adding that AOL is gearing up to announce the retirement of the Shoutcast media streaming service next week, so a potential Microsoft deal could include not only Winamp, but also the adjacent products. Of course, it’s hard to imagine that Microsoft would actually do something really good with Winamp, especially because the company already invests a fortune to make Xbox Music successful. Xbox Music is already available on several platforms, including Windows 8.1, Windows RT 8.1, Windows Phone, iOS, and Xbox, while Winamp is only offered to Windows and Android users. At the same time, Microsoft already has some bad memories with music services, as the company developed and then killed Zune in an unfortunate story that’s probably still causing nightmares to Steve Ballmer. On the other hand, seeing Winamp survive would indeed be great news for users across the world, as the media player is reportedly being used by millions of consumers on desktop computers. sursa: Softpedia News