SecuriTeam Secure Disclosure – Page 7 – Computer Security Articles

Credit to Author: SSD / Noam Rathaus| Date: Mon, 08 Jan 2018 06:15:57 +0000

In our post found here: https://blogs.securiteam.com/index.php/archives/3616, we hid a challenge. The challenge was split into two parts: 1. Finding it 2. Solving it Finding it wasn’t very hard, the challenge was hidden inside the image, it wasn’t anything fancy, just inside the image you had a zip file appended to the end of the file: … Continue reading Happy New Year 2018 – Challenge Solution

Independent Securiteam

SSD Advisory–D-Link DSL-6850U多个漏洞

January 7, 2018 admin Chinese Translation, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 07 Jan 2018 06:28:24 +0000

漏洞概要以下安全公告描述了在D-Link DSL-6850U BZ_1.00.01 – BZ_1.00.09中的发现的两个漏洞。 D-Link DSL-6850U是一款“以色列Bezeq制造的路由器”，在这款路由器中发现的漏洞是：默认凭证远程命令执行漏洞提交者一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞厂商响应 Bezeq在6月9日被告知了这个漏洞，并且发布了补丁来解决这些漏洞。漏洞详细信息该设备定制的固件存在以下问题：默认启用远程Web管理不能禁用默认帐户默认凭证默认帐户用户名是：support 密码是：support 远程命令执行 shell界面只允许执行一组内置命令，但是你可以通过’＆’ ‘||’ 插入命令到shell： [crayon-5a529cda84c8f912287642/] 上述命令执行后返回一个BusyBox shell

Independent Securiteam

Know your community – Sergi Alvarez AKA Pancake

January 4, 2018 admin SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Thu, 04 Jan 2018 11:13:19 +0000

The creator of Radare2, vulnerability researcher, chef and a family man – meet Sergi Alvarez also known as Pancake! Questions Q: How many years have you been working in the security field? A: I started programming BASIC in Spectrum and PC/M. Then I switched to MSDOS and assembly (TASM) as a main language. From there … Continue reading Know your community – Sergi Alvarez AKA Pancake

Independent Securiteam

Happy New Year – 2018

January 4, 2018 admin Know your community, SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Tue, 02 Jan 2018 14:35:57 +0000

Happy new year everyone! Hope you had the chance to celebrate and think about all the good things that happened to you in 2017. We have a nice surprise for you – this link is worth 1,000$ USD !* *You don’t need to hack the website, the money is out there in the link* We … Continue reading Happy New Year – 2018

Independent Securiteam

SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

January 3, 2018 admin buff, Hard-Coded Password, Information Disclosure, Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 03 Jan 2018 06:33:51 +0000

Vulnerabilities Summary The following advisory describes four (4) vulnerabilities found in Livebox Fibra router version AR_LBFIBRA_sp-00.03.04.112S. It is possible to chain the vulnerabilities into remote code execution. The “Livebox Fibra” router is “manufactured by Arcadyan for Orange and Jazztel in Spain” The vulnerabilities found in Arcadyan routers are: Unauthenticated configuration information leak Hard-coded credentials Memory … Continue reading SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

Independent Securiteam

Protected: Happy New Year – 2018

January 2, 2018 admin Know your community, SecuriTeam Secure Disclosure

Credit to Author: SSD / Noam Rathaus| Date: Tue, 02 Jan 2018 14:35:57 +0000

There is no excerpt because this is a protected post.

Independent Securiteam

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

January 1, 2018 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthorized Access

Credit to Author: SSD / Maor Schwartz| Date: Mon, 01 Jan 2018 10:41:38 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: Default Credentials Remote Command Execution Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor … Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Independent Securiteam

SSD安全公告-vBulletin routestring未经验证的远程代码执行

December 31, 2017 admin Chinese Translation, Remote Code Execution, Remote File Inclusion, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 31 Dec 2017 06:31:17 +0000

漏洞概要以下安全公告描述了在vBulletin5中发现的一个未经身份验证的文件包含漏洞，成功利用该漏洞可造成远程代码执行。 vBulletin也称为vB，由vBulletin Solutions公司基于PHP和MySQL开发，广泛用于搭建网络论坛。 vBulletin为许多网络大型的社交网站提供技术支持，数量超过10万，其中包括财富500强和Alexa Top 1M公司的网站和论坛。根据最新的W3Techs1统计，vBulletin 4拥有超过55％的vBulletin市场份额，而vBulletin 3和vBulletin 5则占剩下的45％。漏洞提交者一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞厂商响应自2017年11月21日起，我们多次尝试联系vBulletin，但是暂时没有得到回复。目前，漏洞暂时还没有解决方案。漏洞详细信息 vBulletin存在一个漏洞，导致远程攻击者可以从vBulletin服务器中包含任意文件并执行PHP代码。未经身份验证的用户可以向/index.php发送GET请求，然后使用参数routestring =触发文件包含漏洞。该请求允许攻击者向安装在Windows操作系统上的Vbulletin服务器创建精心制作的请求，并在Web服务器上包含任意文件。 /index.php 部分代码： [crayon-5a496258a4faa266544584/] 让我们仔细看看vB5_Frontend_Application :: init — /includes/vb5/frontend/application.php部分代码： [crayon-5a496258a4fb1671370675/] 我们可以看到setRoutes()被调用 /includes/vb5/frontend/routing.php部分代码： [crayon-5a496258a4fb4744772041/] 因此，如果我们的字符串不以’.gif，‘.png’，’.jpg’，’.css’或者‘.js’结尾并且不包含’/’字符，vBulletin会从vB5_Frontend_Controller_Relay中调用legacy() /includes/vb5/frontend/controller/relay.php部分代码： [crayon-5a496258a4fbd144806678/] 如果我们从Api_Interface_Collapsed类中检查relay() /include/api/interface/collapsed.php部分代码： [crayon-5a496258a4fbf779937258/] 正如我们所看到的，攻击者无法在$文件中使用“/”，所以不能在Linux上更改当前目录。但是对于Windows而言，可以使用’’作为路径分隔符，通过PHP包含任意所需的文件（也可以使用’ .. ’技巧）。如果我们想包含扩展名为’.gif’，’.png’，’.jpg’，’.css’或’.js’这样的文件，需要绕过setRoutes（）方法里面的过滤，绕过很容易，可以通过添加点（’.’）或空格（’%20’）到文件名来绕过。完整的漏洞证明我们可以通过发送下面的GET请求来检查服务器是否有漏洞： /index.php?routestring=.\ 如果回显是：那么服务器存在漏洞如果我们想要在服务器上的任何文件中注入一个php代码，我们可以使用access.log例如： /?LogINJ_START=< ?php phpinfo();?>LogINJ_END … Continue reading SSD安全公告-vBulletin routestring未经验证的远程代码执行