[Full-disclosure] [DoS] - Real-debrid.fr Torrent2ddl
Real-debrid's a popular french website offering a debrid service for a lot of online hosting services, almost one hundred... It also proposes another service https://real-debrid.fr/torrents allowing you to upload torrent contents to a ddl hosting service (like Uptobox, Mega, ...), only available for customers who paid. Problem is that If you add a torrent (file or magnet) with an adequate size of torrent contents (1,7TB is doing at least the trick), you're able to handle a Denial of Service on the whole torrent2ddl service and crash all the torrents processed at the time for all the customers. The vulnerability is due to a very poor design of the service where the whole size of the torrent contents isn't even checked at all by the script(s) processing them, maybe also here by the lack of using an extensible cloud service instead of normal servers. The vendor was contacted, I don't know exactly if the vulnerability was fixed since he banned manually the account used to discover it and he didn't want to unban it since, not even answering anymore on the fake support or the forum. By the way, I guess that other similar services could have also the same kind of vulnerabilities. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
On Thu, Jun 20, 2013 at 03:57:20PM -0700, Kurt Buff wrote: On Thu, Jun 20, 2013 at 3:41 PM, valdis.kletni...@vt.edu wrote: On Thu, 20 Jun 2013 06:56:16 -0500, Mark Felder said: But does your exploit compile with clang? I'm gonna have to call Poe's Law on this one. I can't tell if you're trolling or merely confused. :) My guess is he's troll-baiting. Incorporation of clang in FreeBSD as the default compiler (vs. gnucc) has been a matter of some heat+light in the FreeBSD community. Kurt i won moderate amount of beer from bets on when will freebsd ditch gcc from base?. fanatics took the bait and get mad at the observation freebsd wouldn't exist in its current form without gcc. since at least recently clang can't compile some stuff g++ can (almost sure gnu extensions). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
On Fri, Jun 21, 2013 at 7:48 AM, Georgi Guninski gunin...@guninski.com wrote: On Thu, Jun 20, 2013 at 03:57:20PM -0700, Kurt Buff wrote: ... i won moderate amount of beer from bets on when will freebsd ditch gcc from base?. fanatics took the bait and get mad at the observation freebsd wouldn't exist in its current form without gcc. since at least recently clang can't compile some stuff g++ can (almost sure gnu extensions). Clang has caused a lot of pain and misery because it claims to be GCC, but it can't digest programs with GCC extensions. https://www.google.com/#q=clang+__GNUC__+bug Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DC4420 - London DEFCON - June meet - Lightning Talks!!! - Tuesday 25th June 2013
If you have prepared a Lightning Talk already, thanks we are looking forward to seeing you! Otherwise, you've got one last weekend ahead of you to dig out that project you *know* you've been dying to talk about but haven't quite got the rough edges off... This month we're doing our annual lightning talk session, and we welcome any and all 15 minute submissions. (Can be shorter if you prefer.) In fact, don't bother submitting them, just come along and give us what you've got! There will be prizes! Probably hacking related, who knows? And some stickers, obviously. And maybe a hard-to-get t-shirt or two... If you want to display slides from your MacBook or Netbook please note that the projector only has a VGA connection. *** Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 25th June, 2013 Time: 17:30 till kicking out - talk starts at 19:30 Entry is free, see you there! http://dc4420.org I trust you all to bring a variety of talks! Cheers, Tony ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] How to lock up a VirtualBox host machine with a guest using tracepath over virtio-net network interface
Hi, I have discovered a problem with the VirtualBox virtio-net network driver that leads to a lockup of the host machine's kernel and the need for a hard reset to make it working again. The bug had been reported to the VirtualBox bug tracker 8 days ago (https://www.virtualbox.org/ticket/11863), with the usual reaction from Oracle support (i.e. none). The bug can be reproduced easily as follows: - The host system is a 64-bit Linux (tested with Ubuntu 12.04 LTS and Kubuntu 13.04). Did not try 32 bit. - VirtualBox is the latest version 4.2.12 (using Oracle's Ubuntu repository). - Create a new VM, use e.g. Kubuntu live CD image (32 or 64 bit, makes no difference). No disk needed. - Network adapter is: Bridged, Adapter Type: virtio-net. Boot the system, ensure that network is working. - tracepath 8.8.8.8 Now, the virtual machine locks up and the host machine's kernel seems to have at least one core blocked. The host machine's console output is BUG: soft lockup - CPU #2 stuck for 22s Also, the network on the host machine does not work any more. For example, ifconfig just hangs. - To recover the host machine, it needs a hard reset. sudo reboot, etc. will not work, since the kernel seems to hang. This bug is critical, since it makes the host machine's network unusable (particularly, if the host system is at a remote location), and it is very easy to trigger with just a simple, standard tracepath call inside a virtual machine. It is therefore trivial for a normal user in such a machine to trigger a denial of service. I did no further investigation of the problem yet, but if it is related to the path MTU discovery by tracepath, it might be possible to trigger it by a lot of other software as well. Best regards, Thomas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :)
:)) and with pcc too :) On Thu, Jun 20, 2013 at 1:56 PM, Mark Felder f...@feld.me wrote: On Wed, 19 Jun 2013 16:32:59 -0500, Hunger hun...@hunger.hu wrote: $ uname -a FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 $ id uid=1001(hunger) gid=1002(hunger) groups=1002(hunger) $ gcc fbsd9lul.c -o fbsd9lul $ ./fbsd9lul FreeBSD 9.{0,1} mmap/ptrace exploit by Hunger fbsd9...@hunger.hu # id uid=0(root) gid=0(wheel) egid=1002(hunger) groups=1002(hunger) # But does your exploit compile with clang? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Newbie] How to search in all full-disclosure@lists.grok.org.uk
Hi, Is there a way to make full search by keyword in all full-disclosure@lists.grok.org.uk archive of messages? Best Regards, Yap ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Exploit: McAfee ePolicy 0wner (ePowner) – Preview
Exploit demonstration against McAfee ePolicy Orchestrator version 4.6.5 and earlier using : - CVE-2013-0140 – Pre-authenticated SQL injection - CVE-2013-0141 – Pre-authenticated directory path traversal Main Features: - Remote command execution on the ePo server - Remote command execution on the Managed stations - File upload on the ePo server - Active Directory credentials stealing http://funoverip.net/2013/06/mcafee-epolicy-0wner-preview/ Enjoy! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [WEB SECURITY] DDoS attacks via other sites execution tool
This project has been temporarily blocked for exceeding its bandwidth threshold On Thu, Jun 20, 2013 at 8:25 AM, psy r...@lordepsylon.net wrote: Video example: http://ufonet.sourceforge.net/ufonet/UFONet-v0.1b.ogv Curiously, I posted a tool written in python the same day. It is called: UFONet http://ufonet.sf.net ___ The Web Security Mailing List WebSecurity RSS Feed http://www.webappsec.org/rss/websecurity.rss Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA WASC on Twitter http://twitter.com/wascupdates websecur...@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Newbie] How to search in all full-disclosure@lists.grok.org.uk
Maybe with Google: site:seclists.org inurl:fulldisclosure wordpress On Fri, Jun 21, 2013 at 4:38 PM, JOSE DAMICO jd.comm...@gmail.com wrote: Hi, Is there a way to make full search by keyword in all full-disclosure@lists.grok.org.uk archive of messages? Best Regards, Yap ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Newbie] How to search in all full-disclosure@lists.grok.org.uk
José: Is there a way to make full search by keyword in all full-disclosure@lists.grok.org.uk archive of messages? site:http://lists.grok.org.uk full-disclosure KEYWORD Carlos Pantelides @dev4sechttp://seguridad-agile.blogspot.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DDoS attacks via other sites execution tool
So you made a perl script to make GET requests on a list of URLs? Brilliant. 2013/6/18 MustLive mustl...@websecurity.com.ua Hello participants of Mailing List. If you haven't read my article (written in 2010 and last week I wrote about it to WASC list) Advantages of attacks on sites with using other sites (http://lists.webappsec.org/**pipermail/websecurity_lists.** webappsec.org/2013-June/**008846.htmlhttp://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html ), feel free to do it. In this article I reminded you about using of the sites for attacks on other sites (http://lists.grok.org.uk/**pipermail/full-disclosure/** 2010-June/075384.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html ), DDoS attacks via other sites execution tool (DAVOSET) (http://lists.webappsec.org/**pipermail/websecurity_lists.** webappsec.org/2010-July/**006832.htmlhttp://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html ), sending spam via sites and creating spam-botnets (http://lists.webappsec.org/**pipermail/websecurity_lists.** webappsec.org/2010-July/**006863.htmlhttp://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html ) and wrote about advantages of attacks on sites with using other sites. Last week I've published online my DDoS attacks via other sites execution tool (http://websecurity.com.ua/**davoset/http://websecurity.com.ua/davoset/). It's tool for conducting of DDoS attacks via Abuse of Functionality vulnerabilities on the sites, which I've made in 2010. Description and changelog on English are presented at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010). This is the last version of my DAVOSET. After that I've stopped its development. But now I am planning to continue development of the software and to release new versions (I'll release v.1.0.6 today). For three years I was holding this tool privately, but now released it for free access. So everyone can test Abuse of Functionality vulnerabilities at multiple web sites - like Google's sites, W3C and many others, which were informed by me many times during many years (I was informing admins of web sites about such vulnerabilities since 2007), but ignored and don't want to fix these holes for a long time, and for example Google continued to create new services with Abuse of Functionality and Insufficient Anti-automation vulnerabilities, which can be used for such DoS and DDoS attacks. It must bring attention to the danger of these vulnerabilities (which I was trying to do in my articles in 2010). Because in most cases owners of web sites and web developers ignore and don't fix them. Which can be used for DoS attacks as on other sites, as on the sites with Abuse of Functionality vulnerabilities themselves, about which I wrote in my article Using of the sites for attacks on other sites. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua __**_ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-**disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to lock up a VirtualBox host machine with a guest using tracepath over virtio-net network interface
On Fri, 21 Jun 2013 16:33:35 +0200, Thomas Dreibholz said: - The host system is a 64-bit Linux (tested with Ubuntu 12.04 LTS and Kubuntu What does 'uname -r' on the host return? This is almost certainly a bug in either the host network stack or the VirtualBox modules (probably one of the vboxnet ones). Also, if you can manage to capture the output of 'sysrq-T' or 'echo t /proc/sysrq-trigger' (unfortunately, netconsole will probably *not* be an option here), so we can see where teh various kernel threads are locked up. Do you have the stack traceback that should have come out with the BUG message? pgpRrw2nMPMia.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Newbie] How to search in all full-disclosure@lists.grok.org.uk
On Fri, Jun 21, 2013 at 10:38 AM, JOSE DAMICO jd.comm...@gmail.com wrote: Hi, Is there a way to make full search by keyword in all full-disclosure@lists.grok.org.uk archive of messages? In Google: search terms site:seclists.org/fulldisclosure Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DAVOSET v.1.0.6
Hello participants of Mailing List. After releasing previous version of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html), I've released DAVOSET v.1.0.6 - DDoS attacks via other sites execution tool (http://websecurity.com.ua/davoset/), on Tuesday, 18.06.2013. Download DAVOSET v.1.0.6: http://websecurity.com.ua/uploads/2013/DAVOSET_v.1.0.6.rar Use, don't abuse. Important change in version 1.0.6, that I put updated version of list_full.txt into the bundle. Already in 2010, specially for conducting my research described in the article about DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html), I've made two lists of zombie servers. Basic list (list.txt) with 20 services and extended list (list_full.txt), with all services found by me, which can be used as zombie-servers with DAVOSET. For last three years I was updating extended list with new services (admins of these services were informed by me, but they ignored to fix the vulnerabilities). I haven't released this list in version 1.0.5, but added it to the bundle of version 1.0.6. And today I'm planning to release new version of the tool with additional improvements. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit: McAfee ePolicy 0wner (ePowner) – Preview
Better remove McAfee http://www.youtube.com/watch?v=bKgf5PaBzyg have a nice weekend! Coman the Bavarian Von: Jérôme Nokin jerome.no...@gmail.com An: full-disclosure@lists.grok.org.uk Gesendet: 8:55 Freitag, 21.Juni 2013 Betreff: [Full-disclosure] Exploit: McAfee ePolicy 0wner (ePowner) – Preview Exploit demonstration against McAfee ePolicy Orchestrator version 4.6.5 and earlier using : - CVE-2013-0140 – Pre-authenticated SQL injection - CVE-2013-0141 – Pre-authenticated directory path traversal Main Features: - Remote command execution on the ePo server - Remote command execution on the Managed stations - File upload on the ePo server - Active Directory credentials stealing http://funoverip.net/2013/06/mcafee-epolicy-0wner-preview/ Enjoy! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/