lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 7 Jun 2011 11:24:56 +0100
From: Benji <me@...ji.com>
To: Marshall Whittaker <marshallwhittaker@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New attack vector for sale, firewall bypass

Would you then describe this as more of a way to exploit an already known
attack vector, rather than a new attack vector?

On Tue, Jun 7, 2011 at 11:19 AM, Marshall Whittaker <
marshallwhittaker@...il.com> wrote:

> Hello,
> I am willing to sell a new attack vector I have devised.  The proof of
> concept code you will receive has the ability to arbitrarily upload files to
> a webserver (tested on Apache), running linux with the well known perl read
> pipe vulnerability in many web CGI applications.  This issue can also be
> leveraged through PHP LFI and RFI attacks, and through almost any other
> remote command execution vulnerability.  The code has been tested on BSD,
> and does not seem to work stand alone, but BSD may be vulnerable as well, I
> just don't have a box to test it properly on.  The code can upload an ASCII
> or binary file to the webserver, even if the firewall rules prohibit
> downloading.  For example, if you have a linux webserver running apache and
> a vulnerable perl script, this proof of concept can upload a local root
> exploit that cannot be downloaded with the remote command execution as a
> local user (usually one of apache's users) due to iptables or another
> firewall that blocks outbound connections to other
> webservers/ftp/whathaveyou servers for download with
> wget/curl/lwp-download/ftp and other local downloading utilities, or if
> these utilities have been removed.  Once a (modified) local root exploit has
> been uploaded, it can modify the iptables as the root user, then bind a
> shell, or spawn a reverse shell, or drop another payload as root.  Please
> contact me if you are interested in getting the PoC code, and bid a price.
>  Please be reasonable.  When you contact me, payment details can be
> arranged.  PoC code is written in perl, and is heavily commented.
>
> oxagast
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ