lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <df4671b50803102003u57f7415ax20ab5a81dbe87f0b@mail.gmail.com>
Date: Tue, 11 Mar 2008 14:03:56 +1100
From: patrick@...hack.com
To: bugtraq@...urityfocus.com
Subject: Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer

Re:

http://www.securityfocus.com/bid/28175

Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer Denial Of Service
Vulnerability

I just thought I'd add (while you're at it) that there are a few other bugs.

1) There is a service 'RAMaint' (a watchdog task). It runs as LocalSystem
(doesn't everything?!) and uses an unsafe (unquoted - c:\program.exe) path
in versions earlier than v8. v8 and onwards uses an absolute path.

2) There is an XSS in the RemotelyAnywhere HTTP service, which you can use
to steal cookies. Of course, you need to entice your target to visit the
address and send the cookie somewhere.

/img/<script>alert(document.cookie);</script>.html

The error is interpreted by the browser as text/html.

-Patrick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ