Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

New VMware open-source tools make Docker safe for the enterprise

April 20, 2015, 1:22 pm
Search

More on TeslaCrypt: Videogame Safety 101

April 20, 2015, 1:35 pm

Sptoolkit (Simple Phishing Toolkit Project) Rebirth

April 20, 2015, 1:40 pm
$
0
0
sptoolkit hasn't been actively developed for two years. As it stands, it's a brilliant piece of software, and the original developers are pretty damn awesome for creating it. But we'd like to go further, and bring sptoolkit up to date. We've tried contacting the developers, but to no avail. We're taking matters into our own hands now. Want to help.
More here......https://github.com/simplephishingtoolkit/sptoolkit-rebirth

PwC: The Sofacy plot thickens

April 20, 2015, 1:42 pm

Hacker Demonstrates iOS 8.4 Jailbreak

April 20, 2015, 1:48 pm
$
0
0
Quite surprising but the just released Apple’s iOS 8.4 beta has been jailbroken by a well-known hacker.
Yes, the first beta of iOS 8.4 released by Apple to the developers last week has been jailbroken by Stefan Esser, commonly known as "i0n1c" in the jailbreak community.

more here.......http://thehackernews.com/2015/04/iOS-8.4-jailbreak-tool.html

INVEIGH

April 20, 2015, 4:03 pm

Update on the Beebone Botnet Takedown

April 20, 2015, 4:05 pm
$
0
0
On April 8, the takedown operation for the polymorphic botnet known as Beebone successfully concluded. This action redirected traffic from infected hosts to a sinkhole operated by the Shadowserver Foundation. In addition to halting additional infections and the continued morphing of the W32/Worm-AAEH worm, the sinkhole allows McAfee Labs and other partners in the takedown to better understand the scope and complexity of the Beebone operation. We now have a more accurate count of infected hosts, we have identified additional indicators of compromise, and we have greater visibility into the botnet’s geographic reach.

more here.........https://blogs.mcafee.com/mcafee-labs/beebone-update

Without a Trace: Fileless Malware Spotted in the Wild

April 20, 2015, 4:09 pm
$
0
0
Improvements in security file scanners are causing malware authors to deviate from the traditional malware installation routine. It’s no longer enough for malware to rely on dropping copies of themselves to a location specified in the malware code and using persistence tactics like setting up an autostart feature to ensure that they continue to run. Security file scanners can easily block and detect these threats.

A tactic we have spotted would be using fileless malware. Unlike most malware, fileless malware hides itself in locations that are difficult to scan or detect. Fileless malware exists only in memory and is written directly to RAM of being installed in target computer’s hard drive. POWELIKS is an example of fileless malware that is able to hide its malicious code in the Windows Registry. These use a conventional malware file to add the entries with its malicious code in the registry.

more here......http://blog.trendmicro.com/trendlabs-security-intelligence/without-a-trace-fileless-malware-spotted-in-the-wild/
Search

Bypassing Packet Filters with IP Fragmentation Overlapping

April 20, 2015, 4:14 pm
$
0
0
The process of IP fragmentation occurs when the data of the network layer is too large to be transmitted over the data link layer in one piece. Then the data of the network layer is split into several pieces (fragments), and this process is called IP fragmentation. The intention of this article is to present how IP fragmentation could be used by the attacker to bypass packet filters (IP fragmentation overlapping attack). Finally, it is shown how this attack can be prevented by stateful inspection.

more here........http://resources.infosecinstitute.com/bypassing-packet-filters-with-ip-fragmentation-overlapping/

Denial-of-service Attack – DoS using hping3 with spoofed IP in Kali Linux

April 20, 2015, 4:15 pm
$
0
0
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. In this article I will show how to carry out a Denial-of-service Attack or DoS using hping3 with spoofed IP in Kali Linux.

more here.......http://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-in-kali-linux/

Speaking of Government Backdoors

April 20, 2015, 4:17 pm
$
0
0
After Alex Stamos’ stand off with Admiral Mike Rogers, I got to thinking about what the Admiral must be saying when he insisted that government “front doors” were technically possible to create in a way that didn’t give them ultimate access. Then a story came out about a split-key approach that is being studied. Let me explain to you why that is a bad idea and propose a technically less dangerous one.

more here........https://blog.whitehatsec.com/speaking-of-government-backdoors/

Windows Event Log message strings support

April 20, 2015, 4:22 pm
$
0
0
For those of you following log2timeline-dev@ you might already know that the development version of plaso now has support to output Windows Event Log message strings. So now instead of having to rely on other tools or manually looking up every event identifier on eventid.net you can enjoy having full Windows Event log message strings in your timeline.

How to use here.....http://blog.kiddaland.net/2015/04/windows-event-log-message-strings.html

ViDi Visual Disassembler 0.2 Release

April 20, 2015, 4:29 pm

Heap visualization tool release

April 20, 2015, 4:37 pm

Paper: The Spy in the Sandbox -- Practical Cache Attacks in Javascript

April 20, 2015, 4:41 pm
$
0
0
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today's web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.

more here,,,,,,,http://arxiv.org/pdf/1502.07373v2.pdf
Search

Finding Every Vulnerable App in the App Store

April 20, 2015, 4:48 pm
$
0
0
You know there's a security flaw hidden in over 100,000 iOS apps out of the 1.4 million total, but which ones are actually vulnerable? How would you find out?

SourceDNA is constantly scanning apps from the app stores, analyzing and indexing their binary code. This lets us search for apps by their behavior and the tools & libraries they were built with.

AFNetworking recently had a major security flaw. Due to lack of SSL cert validation, the proverbial coffee shop attacker could easily bypass SSL and see all your app's user credentials and banking data. We decided to track down apps that were still using the vulnerable version of AFNetworking and notify their developers so they could patch the flaw.

more here.....http://sourcedna.com/blog/20150420/afnetworking-vulnerability.html

Null Pointer Dereferencing Causes Undefined Behavior

April 20, 2015, 6:20 pm
$
0
0
I have unintentionally raised a large debate recently concerning the question if it is legal in C/C++ to use the &P->m_foo expression with P being a null pointer. The programmers' community divided into two camps. The first claimed with confidence that it wasn't legal while the others were as sure saying that it was. Both parties gave various arguments and links, and it occurred to me at some point that I had to make things clear. For that purpose, I contacted Microsoft MVP experts and Visual C++ Microsoft development team communicating through a closed mailing list. They helped me to prepare this article and now everyone interested is welcome to read it.

more here.......https://software.intel.com/en-us/blogs/2015/04/20/null-pointer-dereferencing-causes-undefined-behavior

Table Top Exercises (TTX)

April 21, 2015, 12:47 am
$
0
0
“Table Top Exercises” (TTX) has become part of my almost daily vocabulary given how hot the demand for them has become. From the companies and individuals I spoke with, there were a variety of reasons they were looking for a TTX, but it ultimately boiled down to the following three buckets:

1. The Information Security organization had no Incident Response (IR) capability at all and wanted to demonstrate to leadership the perils of what would happen.

2. The CISO wanted to ensure their Incident Response Team (IRT) had all their bases covered during an incident.

3. A savvy and mature IRT wanted to include outside organizations such as Legal, Human Resources, Public Relations, Office of the CIO, Office of the CEO, etc… so that everyone had gone through a drill at least once.

more here.......http://seanmason.com/2015/04/20/table-top-exercises-ttx/

PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability

April 21, 2015, 3:13 am
$
0
0
Document Title:
===============
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability


References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1453

Video: http://www.vulnerability-lab.com/get_content.php?id=1454

View: https://www.youtube.com/watch?v=v5egy9V_Bs0


Release Date:
=============
2015-04-18


Vulnerability Laboratory ID (VL-ID):
====================================
1453


Common Vulnerability Scoring System:
====================================
3.4


Product & Service Introduction:
===============================
PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money
transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally,
a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some
time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined
spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified
funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy
(for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your
PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a
PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary
funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards.
The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request
a transfer to their bank account.

PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it
charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency
used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account
type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies.

On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United
States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale,
Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across
Europe, PayPal also operates as a Luxembourg-based bank.

On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers
to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010.

(Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal]


Abstract Advisory Information:
==============================
An independent Vulnerability Laboratory researcher discovered a client-side cross site scripting web vulnerability in the official PayPal Inc online service web-application.


Vulnerability Disclosure Timeline:
==================================
2014-12-30: Researcher Notification & Coordination (Milan A Solanki)
2014-12-31: Vendor Notification (PayPal Inc - Bug Bounty Team)
2015-01-08: Vendor Response/Feedback (PayPal Inc - Bug Bounty Team)
2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team)
2015-04-18: Public Disclosure (Vulnerability Laboratory)


Discovery Status:
=================
Published


Affected Product(s):
====================
PayPal Inc
Product: PayPal - Online Service Web Application 2015 Q2


Exploitation Technique:
=======================
Remote


Severity Level:
===============
Medium


Technical Details & Description:
================================
A non persistent cross site scripting web vulnerability has been discovered in the official PayPal Inc online service web-application.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions data by client-side manipulated cross site requests.

The vulnerability is located in the `q` values of the merchant search module. Remote attackers are able to inject own script codes to the vulnerable GET method
request of the merchant search module.  The attack vector of the vulnerability is located on the client-side of the paypal online service web-application.
The request method to inject the script code on client-side is `GET`. The injection point of the issue is the vulnerable `q` value in the search engine and
the script code execution point is located in the results output context page.

The security risk of the non-persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.4.
Exploitation of the client-side cross site scripting web vulnerability requires low user interaction (click) and no privileged application user account.
Successful exploitation results in client-side account theft by hijacking, client-side phishing, client-side external redirects and non-persistent manipulation
of affected or connected service modules.

Request Method(s):
                                [+] GET

Vulnerable Service(s):
                                [+] PayPal Inc (paypal.com)

Vulnerable Module(s):
                                [+] Merchant Search

Vulnerable Parameter(s):
                                [+] q

Affected Section(s):
                                [+] Merchant Search Results


Proof of Concept (PoC):
=======================
The client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click).
For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue.

PoC: Example
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=[CROSS SITE SCRIPTING VULNERABILITY!]

PoC: Payload(s)
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Ciframe%20src=x%20onerror=prompt%28document.cookie%29%3E


Reference(s):
https://www.paypal.com/directory/merchants?q=directory/merchants?q=
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=


Solution - Fix & Patch:
=======================
2015-01-15: Vendor Fix/Patch (PayPal Inc - Developer Team)


Security Risk:
==============
The security risk of the client-side cross site scripting web vulnerability in the `q` merchant search value is estimated as medium. (CVSS 3.4)


Credits & Authors:
==================
Milan A Solanki - (milans812@gmail.com) [www.safehacking4mas.blogspot.in]


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed
or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable
in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab
or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses,
policies, deface websites, hack into databases or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com           - www.vuln-lab.com                                      - www.evolution-sec.com
Contact:    admin@vulnerability-lab.com         - research@vulnerability-lab.com                        - admin@evolution-sec.com
Section:    magazine.vulnerability-db.com       - vulnerability-lab.com/contact.php                     - evolution-sec.com/contact
Social:     twitter.com/#!/vuln_lab             - facebook.com/VulnerabilityLab                         - youtube.com/user/vulnerability0lab
Feeds:      vulnerability-lab.com/rss/rss.php   - vulnerability-lab.com/rss/rss_upcoming.php            - vulnerability-lab.com/rss/rss_news.php
Programs:   vulnerability-lab.com/submit.php    - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to
electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website
is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact
(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.

                                Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™

SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities

April 21, 2015, 3:14 am
$
0
0
Document Title:
===============
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities


References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1314


Release Date:
=============
2015-03-23


Vulnerability Laboratory ID (VL-ID):
====================================
1314


Common Vulnerability Scoring System:
====================================
5.9


Product & Service Introduction:
===============================
The integrated customer management, digital customer file is the central record for a single customer. invoices, facilities and operations
to a customer are stored centrally automated in one place. So the customer file is always up to date. For faster retrieval or reporting
contacts can be tagged. In addition, with powerful. Search options you have as the entire customer base better than ever in view.

Daily backup
256bit SSL encryption
TÜV certified datacenter

Free version
No hidden costs
No minimum contract term

iPhone App
Runs in any browser
No installation required on the PC

Easy to use
Reduced to the essentials
Automated, where it is only Possible

(Copy of the Vendor Homepage: https://sevdesk.de/)


Abstract Advisory Information:
==============================
The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the official SEVENIT GmbH SevDesk v3.10 web-application & cloud online-service.


Vulnerability Disclosure Timeline:
==================================
2014-09-01:     Researcher Notification & Coordination (Benjamin Kunz Mejri)
2014-09-02:     Vendor Notification (SevDesk Developer Team)
2014-09-07:     Vendor Response/Feedback (SevDesk Developer Team)
2015-02-01:     Vendor Fix/Patch Notification (SevDesk Developer Team)
2015-03-23:     Public Disclosure (Vulnerability Laboratory)


Discovery Status:
=================
Published


Affected Product(s):
====================
SevenIT
Product: SevDesk - Web Application 3.1.0


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Technical Details & Description:
================================
Multiple persistent input validation web vulnerabilities are detected in the official SEVENIT Software GmbH - sevDesk v3.10 web-application.
The vulnerability allows remote attackers or low privileged user account to inject own malicious script codes to the application-side of the
vulnerable web-application module or service.

The security vulnerability is located in the `firstname`, `surname` & `family` name values of the main sevDesk `Dasboard` application module.
Remote attackers are able to inject own codes to the main dashboard service by manipulation of the registration username. The execution of
the injected script code occurs on the application-side in the main dasboard module through the rightHead and feedcontent class. The attack
vector is persistent and the request method to inject the code is POST. The victim user can also change the name by usage of the application
which does not require an admins interaction on successful exploitation.

The security risk of the persistent script code inject web vulnerabilities is estimated as medium with a cvss (common vulnerability scoring system)
count of 5.9. Exploitation of the persistent vulnerability requires a low privileged sevdesk user account with restricted access and no direct
user interaction. Successful exploitation of the vulnerability results in session hijacking, persistent phishing, persistent external redirects
to malicious source and persistent manipulation of affected or connected application modules.


Request Method(s):
                                [+] POST

Vulnerable Module(s):
                                [+] Registration to SevDesk


Vulnerable Parameter(s):
                                [+] surname
                                [+] firstname
                                [+] family name

Affected Module(s):
                                [+] Dasboard Index - rightHead & feedcontent


Proof of Concept (PoC):
=======================
The persistent input validation web vulnerability can be exploited by low privileged application user accounts with low user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Manual steps to reproduce the vulnerability

1. Register an account by usage of the following webpage https://my.sevdesk.de/register/
2. Include to the surname, family name and firstname your own script code as payload
3. Save the registration form and go to the website https://my.sevdesk.de/
4. Login with the user account data
5. The execution of the injected script code occurs after the registration POST method request and next to the redirect in the main dasboard index (rightHead < name > feedcontent)
6. Successful reproduce of the application-side security vulnerability!


PoC: rightHead > Displayname (First- & Lastname)

<div id="middleHead">
<input id="suche" type="text" onfocus="this.value = ''" value="Gehe zu Kontakt, Projekt, Dokument..." />
</div>
<div id="rightHead">
<div style="float:right;margin-top:5px;text-align: right;padding-right:5px;">
<div style="color:#fff;padding:3px;margin-bottom:2px;">
<span style="color:#f5d385;font-weight:bold;">a>"<[PERSISTENT INJECTED SCRIPT CODE VIA NAME VALUE!]> b>"</span></div>
<a href="/admin/company">Einstellungen</a> |
<a href="http://portal.sevdesk.de/" target="_blank">Hilfe</a> | <a href="./auth/logout/">Logout</a>
                    </div>
                </div>
            </div>
        </div>
        <div id="headNav" style="top:80px;">
            <div class="headwrapper">
                <ul id="mainNavigation">


PoC: Verlauf > feedcontent

<div>
<div class="feed" id_feed="393424"><div class="imgpos"><img src="/img/icons/24x24/offer.png"></div><div class="feedbody">
<div class="headline">Samstag, 30. August 2014 - 02:14</div><div class="feedcontent">
a>"<[PERSISTENT INJECTED SCRIPT CODE VIA NAME VALUE!]> b>"<[PERSISTENT INJECTED SCRIPT CODE VIA NAME VALUE!]> hat den Status des
<img src="/img/icons/16x16/offer.png"> <a href="/om/detail/index/id/60547">Angebots - 1007</a> auf
"archiviert" geändert
</div></div><div class="clearfix"></div></div>
<div class="feed" id_feed="393423"><div class="imgpos"><img src="/img/icons/24x24/offer.png"/></div><div class="feedbody">
<div class="headline">Samstag, 30. August 2014 - 02:14



--- PoC Session Logs [POST] (Registration sevDesk) ---
Status: 200[OK]
 POST https://my.sevdesk.de/register/save Load Flags[LOAD_BYPASS_CACHE  LOAD_BACKGROUND  ] Größe des Inhalts[94] Mime Type[text/html]
   Request Header:
      Host[my.sevdesk.de]
      User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0]
      Accept[application/json, text/javascript, */*; q=0.01]
      Accept-Language[de,en-US;q=0.7,en;q=0.3]
      Accept-Encoding[gzip, deflate]
      Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
      X-Requested-With[XMLHttpRequest]
      Referer[https://my.sevdesk.de/register]
      Content-Length[119]
      Cookie[PHPSESSID=63m788aic41f173a01akttgp24; optimizelySegments=%7B%7D; optimizelyEndUserId=oeu1409658038644r0.9444753343384411;
optimizelyBuckets=%7B%7D; __utma=47898149.1078820709.1409658041.1409658041.1409658041.1; __utmb=47898149.3.10.1409658041; __utmc=47898149;
__utmz=47898149.1409658041.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); kvcd=1409658049586;
km_ai=5La%2FUBeVvA7zRXwSTd4gSRBJccE%3D; km_uq=; km_vs=1; km_lv=1409658050; _ga=GA1.2.1078820709.1409658041]
      Connection[keep-alive]
      Pragma[no-cache]
      Cache-Control[no-cache]
   POST-Daten:
      name[[PERSISTENT INJECTED SCRIPT CODE VIA NAME VALUE!]]
      surename[[PERSISTENT INJECTED SCRIPT CODE VIA SURNAME VALUE!]]
      familyname[[PERSISTENT INJECTED SCRIPT CODE VIA FAMILY NAME VALUE!]]
      username[support%40vulnerability-lab.com]
      password[chaos666]
   Response Header:
      Date[Tue, 02 Sep 2014 11:44:30 GMT]
      Server[Apache/2.2.22 (Debian)]
      X-Powered-By[PHP/5.4.4-14+deb7u7]
      Expires[Thu, 19 Nov 1981 08:52:00 GMT]
      Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0]
      Pragma[no-cache]
      Vary[Accept-Encoding]
      Content-Encoding[gzip]
      Content-Length[94]
      Keep-Alive[timeout=5, max=99]
      Connection[Keep-Alive]
      Content-Type[text/html; charset=utf-8]


Reference(s):
https://my.sevdesk.de/register/save


Solution - Fix & Patch:
=======================
The vulnerbility can be patched by a secure parse and encode of the affected rightHead & feedcontent values in the dashboard application index.
Filter and restrict the user registration input form with a secure mask or exception-handling to prevent persistent code injections in the important name values.

Note: The issue has been patched by the manufacturer since 2015-02-01


Security Risk:
==============
The security risk of the persistent input validation web vulnerabilities in the main dasboard application is estimated as medium. (CVSS 5.9)


Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]


Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed
or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable
in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab
or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses,
policies, deface websites, hack into databases or trade with fraud/stolen material.

Domains:    www.vulnerability-lab.com           - www.vuln-lab.com                                      - www.evolution-sec.com
Contact:    admin@vulnerability-lab.com         - research@vulnerability-lab.com                        - admin@evolution-sec.com
Section:    magazine.vulnerability-db.com       - vulnerability-lab.com/contact.php                     - evolution-sec.com/contact
Social:     twitter.com/#!/vuln_lab             - facebook.com/VulnerabilityLab                         - youtube.com/user/vulnerability0lab
Feeds:      vulnerability-lab.com/rss/rss.php   - vulnerability-lab.com/rss/rss_upcoming.php            - vulnerability-lab.com/rss/rss_news.php
Programs:   vulnerability-lab.com/submit.php    - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/

Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to
electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by
Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website
is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact
(admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.

                                Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™
Viewing all 8064 articles
Browse latest View live
Search