Tags

Repeating requests on-the-fly with Burp

Gepost door admin op februari 14, 2015 (02aa214 14PM3, 14aaSat, 14 Feb 2015 15:07:00 +0000)

When testing a web application’s behavior it often makes sense to re-submit web requests within a different context (using a different session ID or adding a cookie flag or parameter). The idea is to explore the website whilst logged in as a privileged user in one session and creating a site map of all available application functions and re-crawl in another session, as an unprivileged or unauthenticated user. This strategy will quickly reveal problems where restricted functions inadvertently are exposed to unauthorized users. Another example is to test for hidden parameters that enable 'debug' mode which allows for bypassing authorization schemes.


Sitecom Proof of Concept Reverse Shell Exploit

Gepost door admin op september 11, 2012 (09aa911 11PM11, 11aaTue, 11 Sep 2012 23:16:00 +0000)

We have received some feedback on the slew of vulnerabilities we disclosed in Sitecom and Conceptronic consumer NAS devices. More than once we heard the comment: "Show me a shell or it didn't happen". It seems that vulnerability outlets like Secunia, OSVDB et al. share a similar view resulting in a severity rating of "less critical".

While we think the details that we disclosed in our advisories are more than disturbing, we thought we'd take it one step further and give you what you have asked for.

 

 

 


Sitecom NAS MD-253 and MD-254 Risk Mitigation

Gepost door admin op augustus 27, 2012 (08aa827 27AM8, 27aaMon, 27 Aug 2012 08:00:00 +0000)

So far we have published two security advisories for vulnerabilities we have discovered in NAS products manufactured by Mapower, including the popular Sitecom MD-253 and MD-254 models. The flaws we have discovered can be exploited through the web management UI and do not require a logged in session.

In our crusade to convince Sitecom and Mapower to completely overhaul their insecure web management component we plan to disclose a new vulnerability every week, starting the first Monday of September. We expect a long series of upcoming advisories as long as they do not fix the root problem and remain irresponsive.

Of course the last thing we want is you to become the victim of our pending disclosures (which may or may not be patched by your vendor at the time of disclosure). This is why we started to develop our own solution in order to protect you from ALL future related security flaws in the web management UI of the known vulnerable Mapower NAS products.


Blame it on the temps...

Gepost door admin op december 19, 2011 (12aa1219 19AM10, 19aaMon, 19 Dec 2011 10:00:00 +0000)

Klik hier voor de Nederlandse versie

We have only recently recovered from the 'Diginotargate' shock, yet on Dec 8th and in the days following, Webwereld published a series of articles that once more cause commotion and raise discussion about the trustworthiness of the Dutch national Public Key Infrastructure, PKIOverheid - and the PKI trust model in general.  The first article mentions the hack of a company called Gemnet, which sells Getronics digital certificates to government agencies.


Geef de inhuur maar de schuld...

Gepost door admin op december 13, 2011 (12aa1213 13AM9, 13aaTue, 13 Dec 2011 09:00:00 +0000)

Go to the English version

We zijn nog maar amper bekomen van de schrik van ‘Diginotargate’ of Webwereld publiceert op 8 december j.l. en de dagen erna een reeks artikelen die de discussie over de betrouwbaarheid van onze nationale certificateninfrastructuur (PKIOverheid) en het wereldwijde SSL-vertrouwensmodel wederom doet oplaaien. In de eerste publicatie wordt vermeld dat Gemnet naast het verbinden van de Nederlandse Gemeenten, zich onder andere bezig houdt met het wederverkopen van certificaten aan overheden.