A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. Download , Windows Installer
ref. parosproxy
Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks.
When exploited by an authenticated user, the identified vulnerability can lead to
Denial of Service, Database Information Disclosure, etc.
CVE Number: CVE-2008-1094
Vulnerability: SQL Injection
Risk: Medium
Attack vector: From Remote
Vulnerability Discovered: 16th June 2008
Vendor Notified: 16th June 2008
Advisory Released: 15th December 2008
Description
The index.cgi resource was identified as being susceptible to SQL Injection attacks.
When filtering user accounts in Users->Account View section, the pattern_x parameter
(where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set
to search_count_equals‘ value.
/cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0)
An attacker can exploit this vulnerability by injecting arbitrary SQL code to be
executed as part of the SQL query.
Original Advisory:
http://dcsl.ul.ie/advisories/02.htm
Barracuda Networks Technical Alert
http://www.barracudanetworks.com/ns/support/tech_alert.php
Affected Versions
Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600)
Other products/versions might be affected.
Mitigation
Vendor recommends to the following firmware version
Barracuda Spam Firewall (Firmware v3.5.12.001)
Alternatively, please contact Barracuda Networks for technical support.
Credits
Dr. Marian Ventuneac, marian.ventuneac@ul.ie
Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick
Disclaimer
Data Communication Security Laboratory releases this information with the vendor acceptance.
DCSL is not responsible for any malicious application of the information presented in this advisory.
ref. milw0rm.com
Following PCMAV or Software Anti nation child masterpiece virus
( Magazine PC Media) edition December 2008 or PCMAV version of 1.9.
Virus-Virus which is on edition before all still,
hopefully dgn this new edition can be dissipated. "
there is no antivirus other capable to overcome with complete of
computer virus, foreign and local good, which disseminating many in Indonesia as good as
ref and download
SecurityReason.com PHP 5.2.6 (error_log) safe_mode bypass
Author: Maksymilian Arciemowicz (cXIb8O3)
securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 20.11.2008
SecurityReason Research
SecurityAlert Id: 57
CWE: CWE-264
SecurityRisk: Medium
Affected Software: PHP 5.2.6
Advisory URL: http://securityreason.com/achievement_securityalert/57
Vendor: http://www.php.net
- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl
with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web
developers to write dynamically generated pages quickly.
error_log
They allow you to define your own error handling rules, as well as modify the way the errors can
be logged. This allows you to change and enhance error reporting to suit your needs.
- --- 0. error_log const. bypassed by php_admin_flag ---
The main problem is between using safe_mode in global mode
php.ini:
safe_mode = On
and declaring via php_admin_flag
...
php_admin_flag safe_mode On
When we create some php script in /www/ and try call to:
ini_set("error_log", "/hack/");
or in /www/.htaccess
php_value error_log "/hack/bleh.php"
Result:
Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in Unknown on line 0
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4
It was for safe_mode declared in php.ini. But if we use
php_admin_flag safe_mode On
in httpd.conf, we will get only
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4
syntax in .htaccess
php_value error_log "/hack/blehx.php"
is allowed and bypass safe_mode.
example exploit:
error_log("", 0);
- --- 2. How to fix ---
Fixed in CVS
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup
Note:
Do not use safe_mode as a main safety.
--- 3. Greets ---
sp3x Infospec schain p_e_a pi3
- --- 4. Contact ---
Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]
Email: cxib [at] securityreason [dot] com
GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl
# milw0rm.com [2008-11-20]
Posts
All Comments
