This post is gonna be a quick one, since it’s nothing more than the result of me tiding up my pendrive files.
Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. [...]
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3).
There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2).
Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]
This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1).
Privilege escalation via arbitrary file retrieval
The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]
During the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the attention this beauty deserves until now! :)
The model in particular is the WVC54GCA, which I would say is one of the most affordable Wi-Fi IP cameras out there (about GBP 80 in the UK), making it a great toy to tinker with. [...]
Most of us are familiar with several techniques that allow us to bypass web filtering gateways like CS MIMESweeper.
The following are some of them:
access the desired site via IP address rather than domain name
access cached content rather than live data. i.e.: using Google’s cache: command
using proxies. i.e.: anonymouse, Google translator, etc
using alternative connections. [...]
I woke up today to realize that GNUCITIZEN’s web server is bombarded with requests. Good that we are running from a scalable infrastructure. The reason for the storm was a recent disclosure of apparently new Gmail bug similar to the one which I partially and than fully disclosed here, of course after working with the vendor to resolve the problem, which is always the right thing to do.
ReadWriteWeb has a time line on the history of this attack here. Very nice summary I must say. [...]
It’s been a crazy month, so much going on! I had the pleasure of presenting my updated “Cracking into embedded devices” presentation at Hack.lu (Luxembourg) and Hack in the Box (Malaysia). I also had to give a talk on PCI DSS in London, which was a challenge as PCI DSS is not the most fun topic for me, trust me!
The best thing about assisting these kind of events is the technical discussions and exchange of ideas with not just other presenters but also attendees. [...]
I’m really excited that HITBSecConf2008 Malaysia is coming up soon: end of October to be precise. I highly recommend our readers to attend such event, as it’s organized by one of the finest security event crews I have ever dealt with. There are tons of talks I want to attend, which I will cover in another post. [...]
The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the impact.
Obviously, the vulnerability is very simple. Simple yet effective. However, this is not the type of vulnerability someone can exploit on a massive scale. Here is why.
Attack Vectors
The key element of the attack vector presented in my previous post is the attackers’ ability to point the victim to a file hosted on a NETBIOS share. [...]
test your web apps with websecurify application security testing runtime