[Full-disclosure] McAfee Email Gateway multiple vulns
McAfee Email Gateway 7.6 multiple vulnerabilities http http://www.mcafee.com/us/products/email-gateway.aspx://http://www.mcafee.com/us/products/email-gateway.aspx www http://www.mcafee.com/us/products/email-gateway.aspx.http://www.mcafee.com/us/products/email-gateway.aspx mcafee http://www.mcafee.com/us/products/email-gateway.aspx.http://www.mcafee.com/us/products/email-gateway.aspx com http://www.mcafee.com/us/products/email-gateway.aspx/http://www.mcafee.com/us/products/email-gateway.aspx us http://www.mcafee.com/us/products/email-gateway.aspx/http://www.mcafee.com/us/products/email-gateway.aspx products http://www.mcafee.com/us/products/email-gateway.aspx/http://www.mcafee.com/us/products/email-gateway.aspx email http://www.mcafee.com/us/products/email-gateway.aspx-http://www.mcafee.com/us/products/email-gateway.aspx gateway http://www.mcafee.com/us/products/email-gateway.aspx.http://www.mcafee.com/us/products/email-gateway.aspx aspx http://www.mcafee.com/us/products/email-gateway.aspx -- Has free trial Many instances of SQL injection were found as an unprivileged read-only authenticated user that allow the user to completely take over the accounts of other users by using a stacked injection technique to run UPDATE statements. Other techniques available are error-based, time-based, and boolean-based injections. Several remote command execution vulnerabilities were found as an administrator which are run as the local root user. By utilising the SQL injections as an unprivileged user, a user can escalate privileges by updating the password hash of an admin, and ultimately run commands on the server as root. However, no data seems to be able to be exfiltrated via the command injections. You may receive a connect back, but no commands can be run over the connect-back. My solution to this was to pipe the results of commands into a file in /tmp, then use the SQL injections to read the file from the FS and return the results. --- As a read-only user with reporting capabilities, many SQL injection vectors exist when creating new reports based on filters. You can get to this part of the web app by clicking the Reports menu item at the top-center. The following request contains four exploitable SQL injections each exploitable via a few different techniques: POST /admin/cgi-bin/rpc/doReport/18 HTTP/1.1 Host: 172.31.16.87:10443 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: text/plain; charset=UTF-8 Referer: https://172.31.16.87:10443/admin/969bf547d36f6c7e4302952cf72a5ce3/en_US/html/index.html Content-Length: 626 Cookie: SCMUserSettings=lastUser%3Dusername%26popcheck%3D1%26lang%3Den_US%26last_page_id%3Ddashboard; SHOW_BANNER_NOTICE=BannerShown%3D1; ws_session=SID%3D616BF3CC-DA8B-401D-9220-ACED9A0FCD86 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache {id:loadreport,locale:en_US,commands:[{name:getDDSData,args:{what:[events],filters:{filter_period:week,start_date:Now,event_type:ui_events,event_id:all,reason:all},date_range:week,events_col:edate,events_order:DESC,events_offset:0,events_nitems:50,tz:480,start_date:1385491876.405,is_mail:false,itemized_nitems:10,itemized_offset:0,emailstatus_nitems:50,emailstatus_offset:0,emailstatus_col:edate,emailstatus_order:DESC,dig_filters:[],dig_category:,dig_summarize:true,init:true,type:ui_events}}],filterType:system,autoconv:1} Within the above request, the events_col, event_id, reason, events_order, emailstatus_order, and emailstatus_col JSON keys are vulnerable to SQL injection. You can capture the request with burpsuite and alter each value by adding an apostrophe to view the SQL error in the response. You can also use SQLmap to try various techniques for exploitability. -- Many remote command execution vulnerabilities exist for administrator users. Every vector I found was being run as the root user and they all exists within a single request. As an administrator, go to the System tab in the top menu. You will be presented with general server settings. Remove the last letter of the hostname, and replace it back. You will now have a green checkmark in the top right of the web application. Click this, then click OK on the dialog that pops up in the web app. The next captured request will be the request susceptible to command execution. It is a very large request with XML contained in JSON. Because this makes sense. Within this XML, you may search for any XML element whose “name” attribute contains TestFile. Any of these elements are susceptible to command injection within the “value” attribute. These filenames seems to be passed to a utility like ‘test’ to ensure whether or not it exists. By using shell metacharacters,
[Full-disclosure] Any not annoying help welcome
Making a turn here, let's see what turns out! I know that using Wireshark we can capture traffic in/out of the routers interfaces.I don't want to dig up the routers concept because face it i already know how it works and so do you. I have only a few questions to ask. 1) The traffic on any device is monitored, correct? So, android devices too.2) I have monitor an apk aplication and saved the packets with a succefull login and an unsuccefull login.3) I know what the magic number to look for but, i'm unable to go further decoding the authentification method. Can anyone give me a hand here or should i go elsewere? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Any not annoying help welcome
Hi, thanks for replying back... The APK Android app is MEO GO! from PT Comunicações. I always have bad luck trying to crack there apps. Back to the subject, It's an on-demand app to watch tv, rent movies and tv shows but there is a feature there that i really want to add to my hacking kit. When i try to login, in the app there's a feature called MEO GO! Mobile which only requires user to enter there mobile number. It connects via 3G or Wifi and it's able to determine if the number you enter matches the simcard mobile number. I WANT THAT QUERY FEATURE 1) If the number is incorrect, it says The number you entered doesn't match your simcard number. Please try again (in portuguese) 2) If the number is correct, it loads up the service. In the attachment i include the Wireshark packets for anyone. If it's breakable then you should be able to find my number there. I will go test the code and wait for any reply. If no response i will walk away because sometimes things are impossible until certain point... From: iaretheb...@gmail.com Date: Wed, 4 Dec 2013 04:16:56 -0600 Subject: Re: [Full-disclosure] Any not annoying help welcome To: ctrlaltdel...@outlook.pt CC: full-disclosure@lists.grok.org.uk If you want anyone to help you with your specific problem, then you need to provide specifics to your problem. Can you post some (or all) of what you're trying to decode? If not, can you provide more information on what you're seeing? What character set? What length? Is any of it human-readable? On Tue, Dec 3, 2013 at 3:06 PM, ICSS Security ctrlaltdel...@outlook.pt wrote: Making a turn here, let's see what turns out! I know that using Wireshark we can capture traffic in/out of the routers interfaces.I don't want to dig up the routers concept because face it i already know how it works and so do you. I have only a few questions to ask. 1) The traffic on any device is monitored, correct? So, android devices too.2) I have monitor an apk aplication and saved the packets with a succefull login and an unsuccefull login. 3) I know what the magic number to look for but, i'm unable to go further decoding the authentification method. Can anyone give me a hand here or should i go elsewere? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ login sucefully (membership).pcapng Description: Binary data logoff (solicit) login errously (membership).pcapng Description: Binary data ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Any not annoying help welcome
Hey there It is a bit difficult to understand what exactly you want to do. But I guess you want to capture some Android traffic via your router. Regarding your questions: 1) If you did setup a mirroring/monitoring port on your router you'll be able to capture all the traffic on the router. The problem here is that you will of course not be able to see encrypted traffic. 2.) If you want to monitor an apk there is an easier way to do this, assuming the apk is generating http/https traffic. Go ahead and download ZAP (Zed Attack Proxy) from OWASP. Then define ZAP as web proxy on the android device and import the SSL-Certificate generated by ZAP on the Android device. This way you'll not only be able to decrypt all the https traffice but also to modify/resend it. (There are some problems when it comes to defining proxys on Android devices. I tested the above method successfully on iOS devices.) I hope this helps Cheers, Mike Am 03.12.2013 22:06, schrieb ICSS Security: Making a turn here, let's see what turns out! I know that using Wireshark we can capture traffic in/out of the routers interfaces.I don't want to dig up the routers concept because face it i already know how it works and so do you. I have only a few questions to ask. 1) The traffic on any device is monitored, correct? So, android devices too.2) I have monitor an apk aplication and saved the packets with a succefull login and an unsuccefull login.3) I know what the magic number to look for but, i'm unable to go further decoding the authentification method. Can anyone give me a hand here or should i go elsewere? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities
Document Title: === Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1160 Release Date: = 2013-12-03 Vulnerability Laboratory ID (VL-ID): 1160 Common Vulnerability Scoring System: 8.9 Product Service Introduction: === iFiles is the most intuitive file manager for iOS with features like connectivity to many file cloud services, transferring files between computer or cloud services, ability to view many file formats (PDF viewer now supports annotations, search and more), voice recorder, web downloader, text file editor and more. Supported Online Cloud Services and Protocols: Dropbox, Google Drive, iCloud, Box.net, SkyDrive, SugarSync, AFP (Mac Shares), FTP/FTPS, SFTP, Flickr, Picasa, Facebook, Rackspace CloudFiles, CloudApp, PogoPlug, WebDav, Amazon S3, Ubuntu One Files, ownCloud, 4Shared, also using Amazon S3: DreamObjects and UltiCloud. ( Copy of the Homepage: https://itunes.apple.com/de/app/ifiles/id336683524 http://imagam.com ) Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the official Imagam iFiles v1.16.0 mobile application for apple iOS. Vulnerability Disclosure Timeline: == 2013-12-03:Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Imagam Product: iFiles - Mobile Application iOS 1.16.0 Exploitation Technique: === Remote Severity Level: === Critical Technical Details Description: 1.1 A file include- arbitrary file upload web vulnerability has been discovered in the official Imagam iFiles v1.16.0 mobile application for apple iOS. An arbitrary file upload issue allows a remote attacker to upload files with multiple extensions to bypass the validation for unauthorized access. A file include web vulnerability allows a remote attacker to unauthorized include local web-server file requests or external file requests. The vulnerability is located in the vulnerable file- and folder-name value. Remote attackers can include local file requests combined with script code to successful exploit the issue. To include to the vulnerable foldername value it is required to manipulate the `create folder` (add) input (POST Method). The secound possibility to inject is the vulnerable filename value of the misconfigured (POST Method) upload module. After the include the remote attacker can access the included file by requesting the regular index or sub category folder (web interface) site. The arbitrary file upload vulnerability is located in the vulnerable filename value of the upload module. Attackers are also able to upload a php or js web-shells by renaming the file with multiple extensions. The attacker uploads for example a web-shell with the following name and extension test.jpg.html.js.php.gif.jpg . After the upload the attacker opens the file in the web application to delete the .gif.jpg file extension to access the resource with elevated execution access rights. Exploitation of the file include arbitrary file upload web vulnerability requires no user interaction or privilege application user account with password. Successful exploitation of the vulnerability results in unauthorized file access because of a compromise after the upload of web-shells. Request Method(s): [+] [POST] Vulnerable Module(s): [+] File Upload Vulnerable Parameter(s): [+] filename (value) - (multiple extensions) [+] foldername Affected Module(s): [+] File Folder Dir Listing (http://localhost:8080) 1.2 2 local command/path injection web vulnerabilities has been discovered in the official Imagam iFiles v1.16.0 mobile application for apple iOS. The remote web vulnerability allows to inject local commands via vulnerable system values to compromise the apple mobile iOS application. The vulnerability is located in the in the device name value of the file dir und sub category listing module. Local attackers are able to inject own malicious system specific commands or path values requests as the iOS device name. The execute of the injected script code occurs in two different section with persistent attack vector. The first section is the wifi app web-interface index file/folder dir listing. The secound execute occurs in the file/folder sub category listing. The security risk of the local command/path inject vulnerability is estimated as high(-) with a cvss (common vulnerability scoring system) count of
Re: [Full-disclosure] Any not annoying help welcome
If you want anyone to help you with your specific problem, then you need to provide specifics to your problem. Can you post some (or all) of what you're trying to decode? If not, can you provide more information on what you're seeing? What character set? What length? Is any of it human-readable? On Tue, Dec 3, 2013 at 3:06 PM, ICSS Security ctrlaltdel...@outlook.ptwrote: Making a turn here, let's see what turns out! I know that using Wireshark we can capture traffic in/out of the routers interfaces. I don't want to dig up the routers concept because face it i already know how it works and so do you. I have only a few questions to ask. 1) The traffic on any device is monitored, correct? So, android devices too. 2) I have monitor an apk aplication and saved the packets with a succefull login and an unsuccefull login. 3) I know what the magic number to look for but, i'm unable to go further decoding the authentification method. Can anyone give me a hand here or should i go elsewere? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Any not annoying help welcome
Hey I don't know what exactly you mirrored but I can say there is none application specific traffic inside your pcap dumps. A good way to start is to have a look at Mallory (https://intrepidusgroup.com/insight/mallory/) if you don't know what communication protocol the app makes use of. Best regards cd Von: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk] Im Auftrag von ICSS Security Gesendet: Mittwoch, 4. Dezember 2013 13:22 An: adam; full-disclosure@lists.grok.org.uk Betreff: Re: [Full-disclosure] Any not annoying help welcome Hi, thanks for replying back... The APK Android app is MEO GO! from PT Comunicações. I always have bad luck trying to crack there apps. Back to the subject, It's an on-demand app to watch tv, rent movies and tv shows but there is a feature there that i really want to add to my hacking kit. When i try to login, in the app there's a feature called MEO GO! Mobile which only requires user to enter there mobile number. It connects via 3G or Wifi and it's able to determine if the number you enter matches the simcard mobile number. I WANT THAT QUERY FEATURE 1) If the number is incorrect, it says The number you entered doesn't match your simcard number. Please try again (in portuguese) 2) If the number is correct, it loads up the service. In the attachment i include the Wireshark packets for anyone. If it's breakable then you should be able to find my number there. I will go test the code and wait for any reply. If no response i will walk away because sometimes things are impossible until certain point... From: iaretheb...@gmail.commailto:iaretheb...@gmail.com Date: Wed, 4 Dec 2013 04:16:56 -0600 Subject: Re: [Full-disclosure] Any not annoying help welcome To: ctrlaltdel...@outlook.ptmailto:ctrlaltdel...@outlook.pt CC: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk If you want anyone to help you with your specific problem, then you need to provide specifics to your problem. Can you post some (or all) of what you're trying to decode? If not, can you provide more information on what you're seeing? What character set? What length? Is any of it human-readable? On Tue, Dec 3, 2013 at 3:06 PM, ICSS Security ctrlaltdel...@outlook.ptmailto:ctrlaltdel...@outlook.pt wrote: Making a turn here, let's see what turns out! I know that using Wireshark we can capture traffic in/out of the routers interfaces. I don't want to dig up the routers concept because face it i already know how it works and so do you. I have only a few questions to ask. 1) The traffic on any device is monitored, correct? So, android devices too. 2) I have monitor an apk aplication and saved the packets with a succefull login and an unsuccefull login. 3) I know what the magic number to look for but, i'm unable to go further decoding the authentification method. Can anyone give me a hand here or should i go elsewere? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2809-1] ruby1.8 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2809-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq - - Package: ruby1.8 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1821 CVE-2013-4073 CVE-2013-4164 Debian Bug : 702526 714541 730189 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all host memory. CVE-2013-4073 William (B.J.) Snow Orvis discovered a vulnerability in the hostname checking in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate issued by a trusted certification authority. CVE-2013-4164 Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. For the oldstable distribution (squeeze), these problems have been fixed in version 1.8.7.302-2squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 1.8.7.358-7.1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 1.8.7.358-9. We recommend that you upgrade your ruby1.8 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSn55AAAoJEAVMuPMTQ89EKpcP/ROwTK5keLHdzpwMu5DXCanq vkOWJ3ccPC+Dn5Iz8Fe1i6TtB+XxeF5ZLtmJ6WzANKTuEbteJOXyYBpYwxn0KVp2 dONlNbpfcb0MjyVb+mSCiBzT/VAx3WyODqWNCz5H/yChp5OtOIFqOcRJd8THjqIR uzzqpu0nvD2h8kR/jKD696liO8izHDfJOYbhpAHXqyUpCqA5kxtlHZFO3nVDPr4y e3qVNQ15rCJ77NcUocaLffDAgbcTUeMcQLmYg1EHjX767wqpzMCeZEwsf4jK4iAc J+pmQSpc3dokq8OCRUtgteSbkHkvxR9MkjoSP87R4/SuywoYkDbcUfQSQ8Hav73J T/l/MXU25fpcChopxfET52ZBT/Qt5K1i74EyXAl6B3sX1LhpzPqbpvFEr8rQhcU3 flEhgCaPc10q2v7pg8UvttVGkmJ8nwNxnbjmTnzbZAY1RqhcUK9qo/xG1T/EJopj 1WIDgOdg88v+YkRrdOOZwRkzOiZLS2wbltgEs6tecMyxP79+zzsoxs1uzKQz4I+H Y+ie9PS2xp8zf1x6VXlMoZRXWhdiY1rm7t3QXJNuQBCvDAPxEUwJEf6FK7d9QzY5 VkLtng309vQiZ2CUwADOglBpMyaSVPMs/GlPoUVd75mb0N5SNJksmLxAOKhs1WRc n2j7oQpxX5W0l0N7WV7q =VeHD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2810-1] ruby1.9.1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2810-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq - - Package: ruby1.9.1 Vulnerability : heap overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-4164 Debian Bug : 730178 Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. For the oldstable distribution (squeeze), this problem has been fixed in version 1.9.2.0-2+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 1.9.3.194-8.1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.9.3.484-1. We recommend that you upgrade your ruby1.9.1 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSn6paAAoJEAVMuPMTQ89EppAP/3gJqyFH2O8X54DRK9kWPegb Y02HT+HhDvCIxTRsMZFndelL2Q5ATvajMfygBxIGhp/Um72uoS6SvSX1qsB2KM+o wWG2L/NeuV9x2QlJIoMpAC1BFSMHSUz+s1/DypkaoXyM0NaczLHxqOBHTc8OcGM5 8o+TfalFNBvwiJB9JpSqODMZqRVJwLISHtm8d5PTIqwJ+s4NRq9q+URZzWLArSmI bne2ZX/I7ZJF5bljMfS2DybSZiGd0EOY7j1Wh9FMQOBFWcaGC7LtAKL/GixHs6aq 2ac0sWFd0osQdMlmQ4raTkeP9wqmxxA6r8t1IGvBQskn0wpwP49PA3ZbsWWW7M3F qwnIuRen+Qqpr5K0rcmB4NUmTSbC9CRYeRVlgulJHOQk3H+RDOCMtyr61Pb4yA0+ U9Cb6iytERXqz6gXve4CNX8HgojTj8UF+RwELmh6c8oOp4bawvW/43iZDjkyyPyL EE7rXAraEaHGa94kkfPO0ijLQB9jcPJOECatNtj62FYEgmAIDxBNnEfWxGgXFC1p jxvUmLbliVMQ7RnWDkrtthnm/7zS9iHZ9/JAhVbKwITxlCvZGjG84Iaofb5UW+wR nZw5lL6YydwrXPJoj0ZpWrPobMSZ/aATp0kiS5IJdLTwyZqoapVRXCZHhOmbyeh4 J2FfysOY3Wmx7cLiM6Bb =5fWg -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DAVOSET v.1.1.4
Hello psy! I suggest you to watch my videos from Euromaydan in Kyiv (http://www.youtube.com/user/MustLiveUA/videos). If you look at three videos from 01.12.2013, which I recorded at Independence Square (two blocks from President's administration, where there were events showed on that video at rutube), you will see different picture. All protests were and are going peacefully. You can see it on all my videos. While during two ours I was at center of the city and recorded those three videos and didn't see any fightings or assaults, and I haven't heard about such actions from more then half million people - everything was calm - at the same time there was assault of President's administration (showed on that video). I saw similar videos from news already when came home. It's just one such episode, there are much more episodes with police brutality. And I and other Ukrainian hackers are protesting in online exactly against police cruelty on duty for authoritarian regime, and against it all people are protesting in offline. At 24.11 and some other days, there were cases where police kicked some people (including opposition deputies), but without large confrontation. All changed at morning of Saturday (http://24tv.ua/home/showSingleNews.do?krivava_subota_30_listopada_u_faktah_foto_videoobjectId=388037). Those events near President's administration at 01.12 are made by provokers - to force president to initiate the state of emergency. But it haven't helped and he didn't initiate it. So always watch different videos to better understand the situation. If you find some Yes, I agree with you. There are such people. I hope there will be no such hackers in Ukraine. Now is a time to stand against regime together. And I hope that my tool DAVOSET will help people all around the world, especially for protests. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua - Original Message - From: psy r...@lordepsylon.net To: MustLive mustl...@websecurity.com.ua Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 04, 2013 3:15 AM Subject: Re: [Full-disclosure] DAVOSET v.1.1.4 On 03/12/13 22:57, MustLive wrote: Hello participants of Mailing List. At 01.12.2013, when I started DDoSing web site of Ministry of Internal Affairs of Ukraine with my tool DAVOSET (during protest against cruel police actions on Saturday in Kyiv against people at Euromaydan) Wow!. Amazing what's going on in Kiev: http://rutube.ru/video/5c49a9649614e053aee854767b1a0795/ And also, arround the world... But, there is something more amazing that is watch how some supposedly 'ethical/white-hat/famous' hackers are taking money on big companies co-defending corrupt goverments, every day. They have the opportunity to leak important information that feed police-states of terror, but they prefer to be silent like bitches. If you find some, please, give to them a message: The hottest places in hell are reserved for those who in times of moral crisis maintain their neutrality. Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I Big Work mr. MustLive. Can be nice if you show results on server side. Kisses! psy Download DAVOSET v.1.1.4: http://websecurity.com.ua/uploads/2013/DAVOSET_v.1.1.4.rar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2013-097 - OG Features - Access bypass
View online: https://drupal.org/node/2149791 * Advisory ID: DRUPAL-SA-CONTRIB-2013-097 * Project: OG Features [1] (third-party module) * Version: 6.x * Date: 2013-December-04 * Security risk: Not Critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This module enables you to enable and disable bundles of functionality for individual Organic groups [3]. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually in, and the settings of the features for that group. The module doesn't sufficiently override pages that have an access callback explicitly set to FALSE, which indicates that no user (even admins) are able to access the page. Since this module does not handle that condition correctly, users will have access to those pages. This vulnerability is mitigated by the fact that it's extremely rare that a page in Drupal has it's access callback explicitly set to FALSE because that would mean that no single user, including admins, would be able to access the page. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [4] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * OG Features 6.x-1.x versions prior to 6.x-1.3. Drupal core is not affected. If you do not use the contributed OG Features [5] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the OG Features module for Drupal 6.x, upgrade to OG Features 6.x-1.4 [6] Also see the OG Features [7] project page. REPORTED BY - * Andrey Tretyakov [8] FIXED BY * Mike Stefanello [9] the module maintainer * Jess Straatmann [10] COORDINATED BY -- * Greg Knaddison [11] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. [1] http://drupal.org/project/og_features [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/og [4] http://cve.mitre.org/ [5] http://drupal.org/project/og_features [6] https://drupal.org/node/2149743 [7] http://drupal.org/project/og_features [8] https://drupal.org/user/169459 [9] https://drupal.org/user/107190 [10] https://drupal.org/user/105111 [11] https://drupal.org/user/36762 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/