I have decided to switch from simplephpblog to blogger. The blog will continue to be focused on Security, Perl, Open Source tools and a combination of all of the above. I will include information about presentations and papers, I'm working on. I hope you find it useful!
Josh Wright updated coWPAtty to version 4.5. This version includes some awesome new improvements:
* Fewer restrictions on collecting the data needed to mount an attack. The default behavior requires all 4 frames of the 4-way handshake to mount an attack. If you specify "-2" on the command-line, coWPAtty will only require frames 1 and 2 of the 4-way handshake to mount an attack.
* Validate that the needed information is present to mount an attack, without launching the attack (the "-c" option). This was requested by Pure Hate for an awesome project he gave me a preview on. I'm hoping details of this project will be public soon." ( More details can be found at http://www.willhackforsushi.com/?p=284http://www.willhackforsushi.com/?p=284 )
The more interesting of these improvements, is removing the requirement for 4 frames. This means that you can crack the passphrases more easily, because you only need 2 frames to do it. coWPAtty FTW!
Josh, keep up the good work.
coWPAtty 4.5 has been added to BackTrack 4. Enjoy!
BASE - 3 More Persistent Cross-Site Scripting Vulnerabilities
Saturday, May 30, 2009, 09:20 PM
Recently, the BASE team released version 1.4.3 nicknamed "gabi". During a long night working on Backtrack 4, I started playing around with BASE 1.4.3. Within minutes I found 3 Persistent Cross-Site Scripting(XSS) vulnerabilities. For those who don't know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in BASE, this allows an attacker to drop alerts(all of them or specific alerts), modify user information including passwords, modify the configuration of BASE and many other tasks. The only limitation is the attacker's creativity.
The vulnerabilities exist in pages that use information from 3 different components of BASE including: alert groups, roles and user information.
For creating a user, the name field was found to be vulnerable. For the name field, I just injected Javascript and it was rendered!
For creating an alert group, we just need to include a closure for the html by using "> and add our Javascript afterwards. This causes the page that loads the name, to close the html and execute our Javascript! This is due to html encoding being used on the page.
For creating a role, both the name and the description field were vulnerable. The name field was limited to a specific number of characters. To verify I just injected XSS and verified it rendered properly. The description field was just straight Javascript.
As always here are the screenshots, since people like pretty pictures!!!
To all the BASE developers, I must say: "MOVE ZIG!!"
Basic Analysis and Security Engine (BASE) is a well known PHP frontend to the Snort Intrusion Detection System. The latest version is 1.4.2. This version contains both Persistent and Reflective Cross-Site Scripting.
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
Most Recent Entries
