Home » 2010 » January » 29
// Rising0day.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "windows.h"
enum { SystemModuleInformation = 11 };
typedef struct {
   ULONG   Unknown1;
   ULONG   Unknown2;
   PVOID   Base;
   ULONG   Size;
   ULONG   Flags;
   USHORT  Index;
   USHORT  NameLength;
   USHORT  LoadCount;
   USHORT  PathLength;
   CHAR    ImageName[256];
} SYSTEM_MODULE_INFORMATION_
ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY;
typedef struct {
   ULONG   Count;
   SYSTEM_MODULE_INFORMATION_ENTRY Module[1];
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
HANDLE g_RsGdiHandle = 0 ;
void __stdcall WriteKVM(PVOID Address , ULONG Value)
{
... Read more »
Views: 6123 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

PR09-15: XSS injection vulnerability within HP System Management
Homepage (Insight Manager)

Vulnerability found: 11th October 2009

Severity: Medium

Description:

A XSS vulnerability has been found within HP System Management; Arising
from insufficient input filtering.
By using a specially-crafted link, and tricking the victim into clicking
on it, an attacker can perform malicious attacks such as the following:

- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website

- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser

- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the victim's web browser in
order to compromise the victim's workstation

... Read more »
Views: 5836 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

ShareTronix - HTML Injection Vulnerability





Version Affected: 1.0.4 (newest)



Info:

Sharetronix Opensource is a multimedia microblogging platform.

It helps people in a community, company, or group to exchange short messages over the Web.



Credits: MaXe from InterN0T (patched the vulnerability) & Reelix (found the vulnerability)



External Links:

http://sharetronix.com/opensource/





-:: The Advisory ::-

The header.php file for showing a single microblog entry does not sanitize the page_title correct.



page_title is set by the user when posting an entry to the microblog platform.



Files:

sharetronix/system/templates/
header.php

00013: <title>page_title ?></title>
... Read more »
Views: 5861 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in 3D Cloud
(mod_3dcloud) plugin for Joomla. Which I found and disclosed at 22.01.2010.

It is similar to XSS vulnerability in JVClouds3D for Joomla
(http://websecurity.com.ua/3839/). About millions of flash files
tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article
XSS vulnerabilities in 34 millions flash files
(http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00035.html).

XSS:

http://site/modules/mod_3dcloud/tagcloud.swf?mode= ... Read more »
Views: 6151 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

Are you sure you're connecting to the correct machine? To prove it,
sudo/su/login-as-root locally (if you can) confirm the hostname, then
touch a file in the /root directory called "this_is_the_CentOS_VPS.0"

Next, when you login "as root over SSH", run ls -ltr and look for that
file - if you don't see it, then maybe you are into the wrong machine :)

eg:
$ssh root@109.107.120.17
password:
[login banner and motd stuff here]
#hostname
centos-VPS     <---presumably, if not, read on below*****
# touch this_is_the_CentOS_VPS.0
this produces the foillowing file
#ls -ltr

-rw-r--r--   1 root root    0 2010-01-18 20:04 this_is_the_centos-vps.0

this file proves what machine you are actually SSH-ed into.


If not, read on:

***** A common SSH gotcha occurs when the machine you are trying to
login to (the CentOS VPS one) is actu ... Read more »
Views: 5735 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

Hi all;

It has been brought to our attention that a number of security
vulnerabilities have been noted in SQL-Ledger.  Several of these
affect earlier versions of LedgerSMB, and three hotfixes have been
released for problems that continue to affect the LedgerSMB codebase.

As always, we highly recommend testing all hotfixes before applying
them to a production environment.

The CVE's mentioned here are the ones attached to SQL-Ledger.  Subtle
differences as to how these affect LedgerSMB are noted below.

These vulnerabilities include:
* No Cross-Site-Request-Forgery (XSRF) protection (CVE-2009-3580)
* SQL Injection (similar to CVE-2009-3582)
* Local File Include (CVE-2009-3583)
* Default Administrator Password Weakness (CVE-2009-4402)
* No secure flag on cookie when (CVE-2009-3584)

All five of have been patched, either in stable versions or in
hotfixes.  Please read below for more informa ... Read more »
Views: 783 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (1)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Silverstripe CMS, <http://silverstripe.org/>, version 2.3.4 and lower
(and its unreleased 2.4 branch), is vulnerable to two Cross Site
Scripting issues.

1. The comment posting mechanism of Silverstripe ('PostCommentForm')
fails to properly sanitize the 'CommenterURL' parameter. This allows for
persistent injection of HTML or javascript code within existing HTML tags.

2. The forum module is vulnerable to a reflective XSS issue caused by
the search script failing to properly sanitize input to the 'Search'
parameter. When invoking this URL:
SILVERSTRIPESITE/forums/
search/?Search=%22%20onmouseover=%22javascript:alert%280%29;%22
trying to reorder the search results will trigger execution of the
injected javascript code.


According to its quickly responding develo ... Read more »
Views: 788 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (0)

=====[ Tempest Security Intelligence - Advisory #01 / 2010 ]=============



       SQL injection vulnerability in Publique! Framework
       ------------------------------
--------------------

  Authors:
Christophe de la Fuente <christophe *SPAM* tempest.com.br>
           Gustavo Pimentel Bittencourt <gustavo.pimentel *SPAM* tempest.com.br>


=====[ Table of Contents ]=================================

 1. Overview
 2. Detailed description
 3. Additional context & Solutions
 4. References
 5. Thanks


=====[ Overview ]======================================


 * System affected: Publiqu ... Read more »
Views: 5209 | Added by: b1zz4rd | Date: 2010-01-29 | Comments (1)