ColdFusion directory traversal FAQ (CVE-2010-2861)

A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

more | comments | comments rss | posted by

Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX.

These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 4)

This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3).

There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 3)

This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2).

Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 2)

This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1).

Privilege escalation via arbitrary file retrieval

The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]

more | comments | comments rss | posted by

Hacking Linksys IP Cameras (pt 1)

During the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the attention this beauty deserves until now! :)

The model in particular is the WVC54GCA, which I would say is one of the most affordable Wi-Fi IP cameras out there (about GBP 80 in the UK), making it a great toy to tinker with. [...]

more | comments | comments rss | posted by

Messing with Web Filtering Gateways

Most of us are familiar with several techniques that allow us to bypass web filtering gateways like CS MIMESweeper.

The following are some of them:

access the desired site via IP address rather than domain name
access cached content rather than live data. i.e.: using Google’s cache: command
using proxies. i.e.: anonymouse, Google translator, etc
using alternative connections. [...]

more | comments | comments rss | posted by

Gmail Security Flaw

I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do. [...]

more | comments | comments rss | posted by

Back from the cons!

It’s been a crazy month, so much going on! I had the pleasure of presenting my updated Cracking into embedded devices presentation at Hack.lu (Luxembourg) and Hack in the Box (Malaysia). I also had to give a talk on PCI DSS in London, which was a challenge as PCI DSS is not the most fun topic for me, trust me!

The best thing about assisting these kind of events is the technical discussions and exchange of ideas with not just other presenters but also attendees. [...]

more | comments | comments rss | posted by

New technique to perform universal website hijacking

I’m really excited that HITBSecConf2008 Malaysia is coming up soon: end of October to be precise. I highly recommend our readers to attend such event, as it’s organized by one of the finest security event crews I have ever dealt with. There are tons of talks I want to attend, which I will cover in another post. [...]

more | comments | comments rss | posted by