Full Disclosure mailing list archives
RE: Web application Security Scanner (Cosmin Stejerean)
From: "Stejerean, Cosmin" <cstejere () cti depaul edu>
Date: Tue, 14 Jun 2005 13:22:32 -0500
SQL-Injection detection, Buffer Overflow detection, Format string detection, File-Retrieval detection, Cross site scripting detection. and more... http://wpoison.sourceforge.net/ Regards, Cosmin Stejerean -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of full-disclosure-request () lists grok org uk Sent: Tuesday, June 14, 2005 6:00 AM To: full-disclosure () lists grok org uk Subject: Full-disclosure Digest, Vol 4, Issue 17 Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure-request () lists grok org uk You can reach the person managing the list at full-disclosure-owner () lists grok org uk When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. Web application Security Scanner (tgoogle) 2. RE: Web application Security Scanner (alex) 3. Re: Web application Security Scanner (tgoogle) 4. Re: Web application Security Scanner (Valdis.Kletnieks () vt edu) 5. RE: Web application Security Scanner (tgoogle) 6. RE: Web application Security Scanner (Todd Towles) 7. Re: Web application Security Scanner (deepquest) 8. RE: Web application Security Scanner (alex) 9. alya.cgi (Nobody Special) 10. Re: Web application Security Scanner (Valdis.Kletnieks () vt edu) 11. RE: alya.cgi (Todd Towles) 12. UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability (Thierry Carrez) 13. [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability (Sune Kloppenborg Jeppesen) 14. NDSS '06 -- Call for Papers (Karen Seo) 15. Re: RE: End users as security devices (Ron DuFresne) 16. Re: RE: End users as security devices (Valdis.Kletnieks () vt edu) 17. Re: Web application Security Scanner (Frederic Charpentier) ---------------------------------------------------------------------- Message: 1 Date: Mon, 13 Jun 2005 19:47:01 +0400 (MSD) From: "tgoogle" <tgoogle () yandex ru> Subject: [Full-disclosure] Web application Security Scanner To: full-disclosure () lists grok org uk Message-ID: <42ADAA75.000006.20707 () tide yandex ru> Content-Type: text/plain; charset="US-ASCII" Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks ------------------------------ Message: 2 Date: Mon, 13 Jun 2005 19:54:33 +0400 From: "alex" <pigrelax () yandex ru> Subject: RE: [Full-disclosure] Web application Security Scanner To: <full-disclosure () lists grok org uk> Message-ID: <S3375614AbVFMPya/20050613155441Z+741 () mail yandex ru> Content-Type: text/plain; charset="us-ascii" Maxpatol - www.maxpatrol.com "Maxpatrol inspects all scripts installed on server for vulnerabilities allowing unauthorized file access, data access or manipulation or possible termination of service using intelligent algorithms." -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of tgoogle Sent: Monday, June 13, 2005 7:47 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] Web application Security Scanner Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------ Message: 3 Date: Mon, 13 Jun 2005 21:10:19 +0400 (MSD) From: "tgoogle" <tgoogle () yandex ru> Subject: Re: [Full-disclosure] Web application Security Scanner To: full-disclosure () lists grok org uk Cc: deepquest () mac com Message-ID: <42ADBDFB.000006.05325 () camay yandex ru> Content-Type: text/plain; charset="KOI8-R" Thanks, I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). You really consider that all these programs are capable found vulnerability in UNKNOWN scripts? I need BEST program, which can found Maximum bugs in any custom Web application.
http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if you looking for opensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- ñÎÄÅËÓ.ðÏÞÔÁ: ÏÂßÅÍ ÐÏÞÔÏ×ÏÇÏ ÑÝÉËÁ ÎÅ ÏÇÒÁÎÉÞÅÎ! http://mail.yandex.ru/monitoring/ ------------------------------ Message: 4 Date: Mon, 13 Jun 2005 13:26:14 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [Full-disclosure] Web application Security Scanner To: tgoogle () yandex ru Cc: full-disclosure () lists grok org uk, deepquest () mac com Message-ID: <200506131726.j5DHQEMq011629 () turing-police cc vt edu> Content-Type: text/plain; charset="iso-8859-1" On Mon, 13 Jun 2005 21:10:19 +0400, tgoogle said:
I need BEST program, which can found Maximum bugs in any custom Web application.
I doubt you'll fine one "best" program, as there's too much diversity. There's probably someplace running CGI written in COBOL. And somebody probably has a scanner for COBOL CGIs. But you'll never find that scanner in one of the "big name" packages, because trying to scan for *everything* is just too difficult - it's a lot easier to create a package that does one class of things well (find 90% of injections, 80% of buffer overflows, etc). If you're lucky, you'll find a set of 3 or 4 tools, which when used together, will do 95% of the heavy lifting for you. And remember that although programmatic scanners may be able to do a reasonable job against certain classes of well-understood bugs (integer overflow, buffer overflow, SQL injection, etc), they can't find errors caused by a programmer being creatively stupid (as opposed to just not thinking). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/79c0566f/attachment-0001.bin ------------------------------ Message: 5 Date: Mon, 13 Jun 2005 21:45:27 +0400 (MSD) From: "tgoogle" <tgoogle () yandex ru> Subject: RE: [Full-disclosure] Web application Security Scanner To: full-disclosure () lists grok org uk Cc: deepquest () mac com Message-ID: <42ADC637.000008.22764 () pantene yandex ru> Content-Type: text/plain; charset="KOI8-R" Ok I define concretely my task. I wish to find quickly potential holes (XSS, SQL injection and e.t.c.) in the any Web sites, for example www.yandex.ru. I do not know, what OS or database using on server. Many program can find only known CGI bugs or need some interactive with database or environment.
I do not actually think that any of the tools listed below are what you are looking for. * Nikto is a web vulnerability scanner that can identify KNOWN vulnerabilities, as well as some variations on them. It is unable to understand application logic or identify any custom security vulnerabilities. * Nessus is much like Nikto - only it's not limited to web. * Absinthe is the only tool that can help with custom application vulnerabilities, but it's not really an automated scanner such as the one you are looking, but rather an assisting the exploitation of SQL Injection. It still requires a certain level of expertese to succesfully operate. I think what you are looking at is rather one of the commercial tools, such as SPI Dynamics WebInspect, Watchfire's AppScan or KaVaDo's ScanDo. Ofer Maor CTO Hacktics (http://www.hacktics.com/) -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of tgoogle Sent: Monday, June 13, 2005 19:10 To: full-disclosure () lists grok org uk Cc: deepquest () mac com Subject: Re: [Full-disclosure] Web application Security Scanner Thanks, I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). You really consider that all these programs are capable found vulnerability in UNKNOWN scripts? I need BEST program, which can found Maximum bugs in any custom Web application.http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if you looking for opensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- ñÎÄÅËÓ.ðÏÞÔÁ: ÏÂßÅÍ ÐÏÞÔÏ×ÏÇÏ ÑÝÉËÁ ÎÅ ÏÇÒÁÎÉÞÅÎ! http://mail.yandex.ru/monitoring/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- "óÐÁÍÏÏÂÏÒÏÎÁ" - ÐÏÞÔÁ ÂÅÚ ÓÐÁÍÁ × ×ÁÛÅÍ ÏÆÉÓÅ! http://so.yandex.ru/ ------------------------------ Message: 6 Date: Mon, 13 Jun 2005 13:21:42 -0500 From: "Todd Towles" <toddtowles () brookshires com> Subject: RE: [Full-disclosure] Web application Security Scanner To: <tgoogle () yandex ru>, <full-disclosure () lists grok org uk> Cc: deepquest () mac com Message-ID: <9E97F0997FB84D42B221B9FB203EFA27F941C1 () dc1ms2 msad brookshires net> Content-Type: text/plain; charset="KOI8-R" The list is right, pen-testing isn't as easy as running one tool. If there was a "best" tool that found everything, then why would people use any other tool? Going to attack Russian Google, well glad you said it on here...that will make it hard for them to trace you down..lol
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of tgoogle Sent: Monday, June 13, 2005 12:10 PM To: full-disclosure () lists grok org uk Cc: deepquest () mac com Subject: Re: [Full-disclosure] Web application Security Scanner Thanks, I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). You really consider that all these programs are capable found vulnerability in UNKNOWN scripts? I need BEST program, which can found Maximum bugs in any custom Web application.http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if youlooking foropensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison ofStockholm Syndromeand cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, phpinclude andother bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- ñÎÄÅËÓ.ðÏÞÔÁ: ÏÂßÅÍ ÐÏÞÔÏ×ÏÇÏ ÑÝÉËÁ ÎÅ ÏÇÒÁÎÉÞÅÎ! http://mail.yandex.ru/monitoring/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
------------------------------ Message: 7 Date: Mon, 13 Jun 2005 18:22:26 +0200 From: deepquest <deepquest () mac com> Subject: Re: [Full-disclosure] Web application Security Scanner To: tgoogle () yandex ru Cc: full-disclosure () lists grok org uk Message-ID: <F225B0C6-F360-408F-BD35-3704F95CFCFC () mac com> Content-Type: text/plain; charset="us-ascii" http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if you looking for opensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------
Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/c76552a5/attachment-0001.html ------------------------------ Message: 8 Date: Mon, 13 Jun 2005 22:49:28 +0400 From: "alex" <pigrelax () yandex ru> Subject: RE: [Full-disclosure] Web application Security Scanner To: <full-disclosure () lists grok org uk> Cc: deepquest () mac com Message-ID: <S3375708AbVFMStY/20050613184935Z+1379 () mail yandex ru> Content-Type: text/plain; charset="koi8-r" Try to use freeware service (owned by Cisco System and Positive technologies) - www.freescan.ru. This service can help found many unknown bug in custom Web application. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Todd Towles Sent: Monday, June 13, 2005 10:22 PM To: tgoogle () yandex ru; full-disclosure () lists grok org uk Cc: deepquest () mac com Subject: RE: [Full-disclosure] Web application Security Scanner The list is right, pen-testing isn't as easy as running one tool. If there was a "best" tool that found everything, then why would people use any other tool? Going to attack Russian Google, well glad you said it on here...that will make it hard for them to trace you down..lol
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of tgoogle Sent: Monday, June 13, 2005 12:10 PM To: full-disclosure () lists grok org uk Cc: deepquest () mac com Subject: Re: [Full-disclosure] Web application Security Scanner Thanks, I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). You really consider that all these programs are capable found vulnerability in UNKNOWN scripts? I need BEST program, which can found Maximum bugs in any custom Web application.http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if youlooking foropensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison ofStockholm Syndromeand cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, phpinclude andother bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- ñÎÄÅËÓ.ðÏÞÔÁ: ÏÂßÅÍ ÐÏÞÔÏ×ÏÇÏ ÑÝÉËÁ ÎÅ ÏÇÒÁÎÉÞÅÎ! http://mail.yandex.ru/monitoring/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------ Message: 9 Date: Mon, 13 Jun 2005 12:17:17 -0700 (PDT) From: Nobody Special <ktjan () yahoo com> Subject: [Full-disclosure] alya.cgi To: full-disclosure () lists grok org uk Message-ID: <20050613191717.67017.qmail () web40507 mail yahoo com> Content-Type: text/plain; charset=iso-8859-1 I ran a nessus scan on my neighbor's Soniwall firewall appliance's ip address and found out there is an alya.cgi file, which is ranked as HIGH risk. However, no one knows what it does beside that "alya.cgi is a cgi backdoor distributed with multiple rootkits." Does anyone on list know what this cgi can do? cokster __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail ------------------------------ Message: 10 Date: Mon, 13 Jun 2005 15:26:03 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [Full-disclosure] Web application Security Scanner To: alex <pigrelax () yandex ru> Cc: full-disclosure () lists grok org uk, deepquest () mac com Message-ID: <200506131926.j5DJQ3WU018561 () turing-police cc vt edu> Content-Type: text/plain; charset="iso-8859-1" On Mon, 13 Jun 2005 22:49:28 +0400, alex said:
Try to use freeware service (owned by Cisco System and Positive technologies) - www.freescan.ru. This service can help found many unknown bug in custom Web application.
I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru
Somehow, I get the feeling that when alex recommended freescan, he already knew *exactly* what the results of scanning yandex.ru would be - and how helpful it would be to the original poster. ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/09e4a6c1/attachment-0001.bin ------------------------------ Message: 11 Date: Mon, 13 Jun 2005 14:34:36 -0500 From: "Todd Towles" <toddtowles () brookshires com> Subject: RE: [Full-disclosure] alya.cgi To: "Nobody Special" <ktjan () yahoo com>, <full-disclosure () lists grok org uk> Message-ID: <9E97F0997FB84D42B221B9FB203EFA27F94249 () dc1ms2 msad brookshires net> Content-Type: text/plain; charset="us-ascii" It appears to be a CGI dropped by a hacker tool. It may execute shell commands from several different directories. Doesn't anyone use Google anymore.... Just because Nessus says alya.cgi could be a backdoor doesn't mean it is..Nessus is a very good VA scanning but it does produce a fair amount of false positives.
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Nobody Special Sent: Monday, June 13, 2005 2:17 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] alya.cgi I ran a nessus scan on my neighbor's Soniwall firewall appliance's ip address and found out there is an alya.cgi file, which is ranked as HIGH risk. However, no one knows what it does beside that "alya.cgi is a cgi backdoor distributed with multiple rootkits." Does anyone on list know what this cgi can do? cokster __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
------------------------------ Message: 12 Date: Mon, 13 Jun 2005 22:49:58 +0200 From: Thierry Carrez <koon () gentoo org> Subject: [Full-disclosure] UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability To: gentoo-announce () lists gentoo org Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com, security-alerts () linuxsecurity com Message-ID: <42ADF176.3030507 () gentoo org> Content-Type: text/plain; charset="iso-8859-1" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [UPDATE] GLSA 200505-06:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TCPDump: Decoding routines Denial of Service vulnerability Date: May 09, 2005 Updated: June 12, 2005 Bugs: #90541, #95349 ID: 200505-06:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Update ====== While working on the tcpdump issues solved in the original version of this GLSA, Simon L. Nielsen from FreeBSD Security Team discovered a similar infinite loop DoS vulnerability in the BGP handling code (CAN-2005-1267). New packages have been released to address this new issue. The updated sections appear below. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/tcpdump < 3.8.3-r3 >= 3.8.3-r3 Description =========== TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving malformed packets. Resolution ========== All TCPDump users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r3" References ========== [ 1 ] CAN-2005-1267 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1267 [ 2 ] CAN-2005-1278 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1278 [ 3 ] CAN-2005-1279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279 [ 4 ] CAN-2005-1280 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200505-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/7de07a90/signature-0001.bin ------------------------------ Message: 13 Date: Mon, 13 Jun 2005 22:57:15 +0200 From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org> Subject: [Full-disclosure] [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability To: gentoo-announce () gentoo org Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com, security-alerts () linuxsecurity com Message-ID: <200506132257.20275.jaervosz () gentoo org> Content-Type: text/plain; charset="us-ascii" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200506-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: MediaWiki: Cross-site scripting vulnerability Date: June 13, 2005 Bugs: #95255 ID: 200506-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution. Background ========== MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mediawiki < 1.4.5 >= 1.4.5 *>= 1.3.13 Description =========== MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact ====== A remote attacker could exploit this vulnerability to inject malicious script code that will be executed in a user's browser session in the context of the vulnerable site. Workaround ========== There is no known workaround at this time. Resolution ========== All MediaWiki users should upgrade to the latest available versions: # emerge --sync # emerge --ask --oneshot --verbose www-apps/mediawiki References ========== [ 1 ] MediaWiki 1.4.5 Release Notes http://sourceforge.net/project/shownotes.php?release_id=332231 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200506-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050613/4c007c0b/attachment-0001.bin ------------------------------ Message: 14 Date: Mon, 13 Jun 2005 16:17:19 -0400 From: Karen Seo <kseo () bbn com> Subject: [Full-disclosure] NDSS '06 -- Call for Papers To: full-disclosure () lists grok org uk Cc: kseo () bbn com Message-ID: <p06210202bed3907db2ca@[128.89.89.67]> Content-Type: text/plain; charset="us-ascii" ; format="flowed" ** My apologies if you receive multiple copies of this message. ** CALL FOR PAPERS for the 13TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'06) February 1st, 2006 - Pre-Conference Workshop February 2-3, 2006 - Symposium Catamaran Resort Hotel, San Diego, California IMPORTANT DATES * Paper and panel submissions due: 11:59pm PDT, Monday, August 22, 2005. (This deadline is firm--no extensions will be granted except in the most extreme circumstances.) * Author notification: Friday, October 7th, 2005. * Final version of papers and panels due: Sunday, November 6, 2005. GOAL: The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. The proceedings are published by the Internet Society. HOW TO SUBMIT: Submission instructions will be available at http://www.cs.umd.edu/NDSS-06 . SUBMISSIONS: Both technical papers and panel proposals are solicited. Technical papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All papers from authors perpetrating such "double submissions" will be immediately rejected from the conference. The Program Committee reserves the right to share information with other conference chairs and journal editors so as to detect such cases. Technical papers should be at most 12 pages excluding the bibliography and well-marked appendices (using 11-point font, single column format, and reasonable margins on 8.5"x11" or A4 paper), and at most 20 pages total. Committee members are not required to read the appendices, so the paper should be intelligible without them. Technical papers will appear in the proceedings. Panel proposals should be one page and must describe the topic, identify the panel chair, explain the panel format, and list three to four potential panelists. A description of each panel will appear in the proceedings, and may, at the discretion of the panel chair, include written position statements from the panelists. Submissions are solicited in, but not limited to, the following areas: * Integrating security in Internet protocols: routing, naming, TCP/IP, multicast, network management, and the Web. * Intrusion prevention, detection, and response: systems, experiences and architectures. * Privacy and anonymity technologies. * Network perimeter controls: firewalls, packet filters, application gateways. * Virtual private networks. * Security for emerging technologies: sensor networks, specialized testbeds, wireless/mobile (and ad hoc) networks, personal communication systems, RFID systems, peer-to-peer and overlay network systems. * Secure electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing. * Supporting security mechanisms and APIs; audit trails; accountability. * Implementation, deployment and management of network security policies. * Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management. * Fundamental services on network and distributed systems: authentication, data integrity, confidentiality, authorization, non-repudiation, and availability. * Integrating security services with system and application security facilities and protocols: e.g., message handling, file transport/access, directories, time synchronization, data base management, boot services, mobile computing. * Public key infrastructure, key management, certification, and revocation. * Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost. * Security for collaborative applications: teleconferencing and video-conferencing, electronic voting, groupwork, etc. * Software hardening: e.g., detecting and defending against software bugs (overflows, etc.) * Security for large-scale systems and critical infrastructures. Each submission must be accompanied by a separate, electronically submitted Submission Overview specifying the submission type (paper or panel), the title or topic, author names with organizational affiliations, and must specify a contact author along with corresponding phone number, FAX number, postal address and email address. Submissions must be received by 11:59pm PDT, August 22rd, 2005, and must be made electronically in PDF format (for example, by using pdflatex). Each submission will be acknowledged by e-mail; if acknowledgment is not received within seven days, contact a program co-chair (see below). Authors and panelists will be notified of acceptance by October 7th, 2005, and given instructions for preparing the camera-ready copy. The camera-ready copy must be received by November 5th, 2005. PROGRAM COMMITTEE * William Arbaugh, University of Maryland (Program co-chair) * Hao Chen, University of California, Davis * Crispin Cowan, Novell * Glenn Durfee, Palo Alto Research Center * Kevin Fu, University of Massachussetts, Amherst * Steve Gribble, University of Washington * Yih-Chun Hu, University of Illinois, Urbana-Champaign * Steve Kent, BBN * Angelos D. Keromytis, Columbia University * Tadayoshi Kohno, University of California, San Diego * Wenke Lee, Georgia Institute of Technology * Fabian Monrose, Johns Hopkins University * Niels Provos, Google * Michael Roe, Microsoft Research, Cambridge * Dan Simon, Microsoft Research (Program co-chair) * Sean Smith, Dartmouth College * Dawn Song, CMU * Adam Stubblefield, Independent Security Evaluators * Jonathan Trostle, ASK Consulting & Research, Inc. * Dan S. Wallach, Rice University * Nicholas Weaver, International Computer Science Institute * Dongyan Xu, Purdue University ------------------------------ Message: 15 Date: Mon, 13 Jun 2005 21:42:09 -0500 (CDT) From: Ron DuFresne <dufresne () winternet com> Subject: Re: [Full-disclosure] RE: End users as security devices To: Daniel Sichel <daniels () Ponderosatel com> Cc: full-disclosure () lists grok org uk Message-ID: <Pine.GSO.4.43.0506132140450.25620-100000 () tundra winternet com> Content-Type: TEXT/PLAIN; charset=US-ASCII
Don't lose faith, don't give up, keep explaining, and training. You CAN make end users proactive participants in enterprise security. Just remember, there will always be a few intellectually challenged folks who need a bit of extra mentoring. Try to be patient, and NO, you can't put handicap placards on computers used by those with IQs below 90, sorry.
if this was true, then educating would not be a full time thing making some companies tons of cash as they come into an org and do it over and over and over.... Thanks, Ron DuFresne <still believes in larts> -- "Sometimes you get the blues because your baby leaves you. Sometimes you get'em 'cause she comes back." --B.B. King ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. ------------------------------ Message: 16 Date: Tue, 14 Jun 2005 00:15:03 -0400 From: Valdis.Kletnieks () vt edu Subject: Re: [Full-disclosure] RE: End users as security devices To: Ron DuFresne <dufresne () winternet com> Cc: full-disclosure () lists grok org uk, Daniel Sichel <daniels () Ponderosatel com> Message-ID: <200506140415.j5E4F4TT016077 () turing-police cc vt edu> Content-Type: text/plain; charset="us-ascii" On Mon, 13 Jun 2005 21:42:09 CDT, Ron DuFresne said:
Ron DuFresne <still believes in larts>
http://ars.userfriendly.org/cartoons/?id=20030210&mode=classic Unfortunately, there's one at every site: http://ars.userfriendly.org/cartoons/?id=20030211&mode=classic -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050614/980bbcfd/attachment-0001.bin ------------------------------ Message: 17 Date: Tue, 14 Jun 2005 11:08:31 +0200 From: Frederic Charpentier <fcharpen () xmcopartners com> Subject: Re: [Full-disclosure] Web application Security Scanner To: full-disclosure () lists grok org uk Message-ID: <42AE9E8F.8010406 () xmcopartners com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi. An efficient program, capable of finding unknown vulnerabilities in web application, does not exist. Nikto, Ns-stealth are usefull, but they will never do a proper audit. Paros, Sleuth and Spike are really usefull to find unknown vulnerabilites, but they are not automatic. Someone needs to be in front of the screen to interpret the behaviour of the application. Fred tgoogle wrote:
Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ End of Full-Disclosure Digest, Vol 4, Issue 17 ********************************************** -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 6/8/2005 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Web application Security Scanner (Cosmin Stejerean) Stejerean, Cosmin (Jun 14)