Re: Vulnerabilities in *McAfee.com

[YGN Ethical Hacker Group <lists () yehg net>]

Thanks for all your inputs and discussions.

We believe keeping these information as secret is unethical and irresponsible.

----------------------------------------------------------------------------

For those who think/criticize we're unethical /illegal,

there is so-called "Passive Scanning" technique in security testing.

Passive scanning (a.k.a Passive Reconnaissance) is basically examining
web site work flows and its involved source codes for identifying
vulnerabilities without ever attacking the target itself.

Contrary to what most of people think, passive scanning allows
everyone to audit any web sites without breaking the laws and without
alarming firewalls in-front.

Basically it starts as:

1. Do Google Hacking and look for potential information leakage. (Most
of the tools allow you to add your own GH Dorks).

2. Browse the target web site with a scanner that has passive
vulnerability scanning capability -  ratproxy, zaproxy, webscarab,
fiddler+watcher,/ burp-pro or you name it
    Also use meta data extraction tools. And look for potential
information leakage & others

3. Examine all contents of JavaScript & decompiled Flash/Silverlight/Java Applet

4. Look for common vulnerable points and mis-uses
    e.g., for JS files, examine calls like document.URLUnencoded,
document.referer, document.location, window.location,
location.href,document.URL ...etc


Passive scan is just a small subset of assessment realm. Findings are
very limited.

Our recent disclosure of Plesk open redirect flaw was a result from
purely passive scan on a static HTML web site -
http://yehg.net/lab/pr0js/advisories/%5Bplesk_7.0-8.2%5D_open_url_redirection

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/