Message-ID: <51CF4C25.6050602@chronicle.su>
Date: Sat, 29 Jun 2013 16:05:41 -0500
From: macfags@...onicle.su
To: full-disclosure@...ts.grok.org.uk
Subject: Multiple vulnerabilities found in NSA website

RUSTLE LEAGUE WHITE HAT SECURITY RESEARCH TEAM REVEALS HOLE IN NSA WEBSITE;
CONTACTS VENDOR, HOLE PATCHED.

RUSTLE RESEARCH ETHICAL R&D WHITEHAT RED TEAM
VULNERABILITY ALERT AND ASSESSMENT
RED TEAM ALERT LEVEL AT MAGENTA

ETHICAL DISCLOSURE NOTICE: Press release withheld until holes were patched.

Breaking: NSA Website Vulnerable To Attack via Third Party Software,
Illustrate Dangers of Security Outsourcing
Ethical Hackers Exploit XSS Vulnerabilities in NSA Software Made by 
third party.

Field researchers curiously perusing nsa.gov stumbled upon XSS 
vulnerabilities on the main NSA forward facing webserver. Both 
vulnerabilities were found in shoddily outsourced third party software 
written in Coldfusion--which we all know is the worlds greatest mark-up 
language.

"Anyone with an internet connection can use the XSS vulnerability to 
impersonate NSA personnel and web traffic," says Horace Grant, a 
researcher with Rustle Research. "Why are unreliable third parties 
creating the software that guards our national secrets?"

These exploits are ironic given the multiple, recently revealed NSA 
security faux pas. The obvious Booz Allen Hamilton/NSA partnership 
allowed CIA operative and possible Communist spy, Edward Snowden, to 
infiltrate the NSA and leak the PRISM slides. Hilarious outsourcing of 
basic webapps to ma'n'pa crapshoot ColdFusion developers have now given 
an even graver look at the egregious outsourcing of even the most minute 
government projects.

Why the focus on ColdFusion? The Adobe product is made by a company well 
known for holding a monopoly on online media. A simple google query, 
such as "michael hastings adobe" yields many results, all requiring 
Adobe products to view. Recently deceased, journalist Michael Hastings 
was researching government secrets. Many say he was investigating not 
only the NSA, but Wikileaks FBI informant Sigurdur Thordarson, who has 
close ties with the Democratic People's Republic of Korea. Rumors say 
Hastings' car was hacked by a 0day ColdFusion exploit, sending him to 
his fiery grave. Anyone in the know realizes that Siggi was the one who 
sent FBI assassins after Hastings, who was also researching Adrian Lamo 
and th3j35t3r.

One of the NSA vulnerabilities exploited by ethical white hat hackers 
this week exists in the "Careers" section of the nsa.gov website. 
Internet users who enter data into the "Feedback" fields now are treated 
to a jovial visual representation of their data pooped back at them, in 
such elegant fashion as: http://i.imgur.com/1cyISex.png

The other, more insidious, yet still trivial bug in nsa.gov, is an XSS 
attack that allows URL redirection. When the "Mail to a Friend" notice 
is queried, and nsa.gov is appended at the end of the address. It is 
then exempted and allowed to redirect to the provided address. For 
example: 
http://www.nsa.gov/applications/links/notices.cfm?address=http://wikipaste.eu/nsa.gov

Other possible uses of these exploits include dropping a malicious 
website into the url by using simple disguising methods, redirect, and 
executing arbitrary code. An attacker could also pretend to be an NSA 
employee and send a malicious payload via email to real NSA employees, 
unbeknownst to them -- or simply trick more people into seeing goatse 
because that shit's funny as fuck.

The holes have since been patched.

http://rustleleague.com/advisory.html

greetz: adobe, YAN, jimjones, chippy, zeekilled

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists