lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Nov  2 09:10:14 2005
From: h4xorcrew at gmail.com (tHe cReW)
Subject: H4CREW-000002 Sambars 6.3 BETA 2 Proxy.asp XSS

h4xorCrew Advirosy 2: Sambar Servers 6.3 BETA 2 proxy config XSS
=====================================================

H-4 in da house. we sent this to security focus but they way too slow
so we send to our reports here from now on. thanks for list [Full
Disclosure] who dont think they ownz all the informations on the
internets.

Software: Sambar Servers  6.3 BETA 2 an maby before

Discovered by: ripped from weblog on the internet site then use p4r0s.

severety: depends

investigations by the H4-Crew who put the lid off this so its no more zero day.

Impacts.

[1]cookie theif
[2] hijacking XSS proxy (xssproxy.sourceforge.net)


Discussion
=========

Sambars's server is multifaceted server with many threads. Versiosn of
Sambar Server 6.3 BETA 2 is vulenrable to the cross-site scriptings in
proxy configuration in admin console. Authentications are required to
get at the vulnerability, but once so, inject script breaks off in the
big structure of proxy.asp in many fields because of no delicate input
sifting.

SAMBARS/sysadmin/servers/proxy.asp

place in the big field of  Remote Proxy Server or Proxy Filter IPs and send.

"><script>alert("PWND")</script>

becous proxy config remembers settings it will be stored perisentce
vector XSS for getting at you later.

Workaround: use strong passwords for admin and don't let lo priv
users configure proxy config.

Inmportant geetz:
-------------------------
shoutz to alyandon <-- ur so lljk, thorian, H4ckm4sta 10BaseT,
b3nderB, shane,st3v3, my h0mies in SeGmEnTuM SoLaR, lux, inspecta-DEC,
protocolZ, l0cUt0s, s3ssM4ngler, and da rest of the cr3w (you knowit)
Other suxkur cr3ws
btr step off we're d0ing th3 hax. 7h4nkz ph0r 411 teh 5w33 1dustree
webin4rz th47 74ugh7 uz m4d 5ki11z.w00t sh0utz 0ut to 4ll the
m0d3r4t0rZ @ SF thE sp1ce mUsT fl0w
=-=-=-=-=-=-=-= We are the Hax -=-=--=-=-=-=-=-=-


BEGIN LEET HASH --
ZGlzIGluZHVzdHJ5IGlzIHdhayBldmVyeWJvZHkgdHJ5aW5nIHRvIG1ha2UgYSBidWNrLiB3ZSB0aGUgcGFyYW1ldGVyIG5pbmphcy4gYWxsIHlvdSBwb3NhcyBrbm93IHdoNHQgd2Ugc2F5aW5nLCB3aXQgeW91ciBzaWxseSBhZHZpcm9zaWVzIGhpdHRpbiBjaGVhcCBvbiBmb3J1bSBzb2Z0d2FyZSBhbmQgZXZlcnkgcC1pLWUtYy1lIG9mIGZyZWUgZG93bmxvYWR6IHUgY2FuIHB1dCBhIHN0cmluZyBpbi4gbGF1Z2guIHdlIGFyZSB0aGUgaGF4LCBrZWVwIGl0IHJlYWwu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ