boogy

http://s8.postimage.org/9p2b4ws6b/Capture_1.png PM send.

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web framework. New releases of Ruby on Rails – 3.2.10, 3.1.9 and 3.0.18 – are now available. It is recommended that all users update immediately. For users unable to update, there are patches available for supported versions 3.2 and 3.1 and older versions 3.0 and 2.3. The problem, according to the advisory, is that, because of the way dynamic finders in ActiveRecord extract options from method parameters, a method parameter can be used as a scope and by carefully manipulating that scope, users can inject arbitrary SQL. Dynamic finders use the method name to determine what field to search, so calls such as: Post.find_by_id(params[:id]) would be vulnerable to an attack. The original problem was disclosed on the Phenoelit blog in late December where the author applied the technique to extract user credentials from a Ruby on Rails system, circumventing the authlogic authentication framework. Soursa SQL injection vulnerability hits all Ruby on Rails versions - The H Security: News and Features

Facebook has fixed a security vulnerability that could be exploited by an attacker to record video from a victim's webcam and then post it to their timeline without requesting their permission. The social network operator doesn't seem to have been in any great hurry – security researchers Aditya Gupta and Subho Halder say that they informed the company of the problem four months ago. The two are, however, happy with the outcome, as the reward paid out by Facebook for reporting the vulnerability proved to be significantly more than expected. The researchers discovered that the video upload feature, which is implemented in Flash, was not properly protected against cross-site request forgery (CSRF) attacks. They developed a demo web page containing an embedded Flash applet – visiting the page displayed the video uploader, but, when clicked on, the uploader recorded a video with the visitor's webcam and posted it to their Facebook timeline without requesting their permission. The only requirement was that the user had to be logged into their Facebook account at the time. The demo video shows the researchers actively clicking on the record button, but the attack could be extended to use clickjacking to get the user to start recording without their knowledge. As the two researchers report in an interview with Softpedia, Facebook initially maintained that the vulnerability was not particularly serious. It was only once the researchers posted a proof of concept video demonstrating exploitation of the vulnerability that the social network reassessed its position and reclassified the vulnerability as critical. Just after Christmas, Gupta and Halder received the welcome news that they were to receive a $2,500 reward (in the form of credit on a White Hat debit card) as part of Facebook's bug bounty programme. The two researchers were surprised at the response, as generous as it was belated, "We were expecting a bounty of $500, because that is the usual amount Facebook pays to security researchers, unless it is a serious issue." Soursa: Facebook vulnerability allowed silent webcam recording - The H Security: News and Features

Microsoft and Adobe have advised users that they will be releasing critical updates next Tuesday, but both patch day releases will miss fixing recently discovered critical holes. Microsoft's advance notification says the company will be releasing seven updates, for two critical and five important flaws. A patch for the critical vulnerability in Internet Explorer 6, 7 and 8, which is only currently addressed with a "FixIt" tool, is not among them. Adobe has announced that it will be releasing patches for Adobe Reader and Acrobat. It has also advised ColdFusion 10 and 9 users that it is aware of "security issues" with the web software which are being exploited in the wild, but is still evaluating the reports and has yet to issue any schedule for a fix. Of the Microsoft vulnerabilities, one of the critical flaws affects all users of Windows XP, Vista, 7, 8, and Windows RT and also affects Microsoft Office 2003 and 2007, Microsoft Expression Web, Microsoft SharePoint 2007 and Groover Server 2007. The other critical flaw only affects Windows 7, Server 2008 R2 and Server Core installations of 2008 R2. Both critical flaws allow remote code execution without user intervention. Another three flaws are rated as important and allow for elevation of privilege on Windows, Windows Server and .NET Framework. A further flaw, also rated as important, allows for security features to be bypassed on Windows Vista and later, while a final important vulnerability allows for denial of service on all versions of Windows except RT and Server Core 2008. Adobe's notification classifies its flaws as critical. There are priority 1 bugs in Adobe Reader and Acrobat 9.5.2 and earlier on Windows being patched next week; priority 1 means that the company is aware of exploits for the vulnerabilities in use in the wild and that it will be recommending updating as soon as possible. Adobe Reader and Acrobat 9.x on other platforms and X and XI on all platforms have been given a priority 2 rating, meaning that the company doesn't know of any exploits for the flaws, but advises that the patches should be applied within a month. Soursa Microsoft and Adobe to patch critical holes next Tuesday - The H Security: News and Features

Level 1 completed. ... in progress ...

Pai nu are ce cauta pe forum asa ceva.

Ai citit regulamentul inainte de a cere ceva ?

Super linkul.Merci mult

) Challenge CLOSED.

OK. Nici o problema. De acea am pus in post linkul autorului. Ceva usor pentru incepatori ca mine

Un mic challenge sa nu va plictisiti PS: autor: firestorm Target: Link Metoda : UNION BASED Cerinta :-extrageti userul,versiunea si afisati nickul vostru - postati imaginea si imi dati pm cu sintaxa [union based] Solvers: 1. Sweby 2. Praetorian 3. crossbower Challenge CLOSED. To easy.

Rely nice

Bine ai venit pe RST.

Stai linistit ca nici nu sunt in Romania . Dar pot sa intreb de ce ?

Are cineva o ideie de proiet ?

Ce anume este gratis din linkul acesta ? Pentru que tot ce am vazut este o prezentare a sitului. Sau nu prea am fost atent.

Frumoasa introducere. Bine ai venit pe RST.

Treuie gasita o solutie de finantare fara a cupara vip si alte avantage.

@inteleptul: Da intradevar. Dar parerea mea este ca trebuie sa meriti un vip nu sa-l cumperi.

La multi ani 2013!! Si bine ai venit.

Cu intarziere

Imagine mai jos Am trimis deja PM

De 3 ani fara windows.