July 19, 2007
Ubuntu Security Notice USN-485-1 July 17, 2007
php5 vulnerabilities
CVE-2007-1864, CVE-2007-2728
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.9
php5-xmlrpc 5.1.2-1ubuntu3.9
Ubuntu 6.10:
libapache2-mod-php5 5.1.6-1ubuntu2.6
php5-xmlrpc 5.1.6-1ubuntu2.6
Ubuntu 7.04:
libapache2-mod-php5 5.2.1-0ubuntu1.4
php5-xmlrpc 5.2.1-0ubuntu1.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Read the rest of this entry »
Posted in Exploits and Bugs 
No Comments »
July 19, 2007
Ubuntu Security Notice USN-487-1 July 17, 2007
dovecot vulnerability
CVE-2007-2231
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
Read the rest of this entry »
Posted in Exploits and Bugs No Comments »
July 19, 2007
Say I want to add a few packages or updates to the latest Backtrack
LiveCD, such as Wireshark or Firefox 2, what is the best way to
accomplish that?
Is there a way to slipstream additional files onto the LiveCD, or can
I save changes onto a USB drive or something like that?
Any help would be greatly appreciated!
Best regards,
John
BackTrack is a distribution that was actually built to be modular (i.e. Add
custom packages)
Read the rest of this entry »
Posted in Q & A No Comments »
July 19, 2007
After a long time we are back with a new design. Just want to let you know the readers that comments just insulting that the bug or exploit is not working have been ignored. This is a discussion I would like you to see the date of the posting and don’t insult.
Exploitx have been changed the design of the site and sorry for those comments that have been deleted or not answered but exploitx is back. Even without updates exploitx have received 4000 unique visitors per day. If you want to buy this site please check the following site: Exploitx for sale
Posted in General No Comments »
December 4, 2005
A customer asked that we check out his intranet site, which was used by the company’s employees and customers. This was part of a larger security review, and though we’d not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.
“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.
We’ll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different — and better — approaches. But the fact that we were successful does suggest that we were not entirely misguided.
There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.
Full Article
Posted in WhitePapers No Comments »
December 4, 2005
Dear List,
I would like to know if there is any tutorial which describes sql injection in context of My Sql. I feel that the errors returned by mysql when performing a sql injection are less revealing then that returned by other DBs.
Thanks
404
- While it’s not DB specific, the paper “SQL Injection Attacks by Example”
by Steve Friedl is a great introduction to this topic.
http://www.unixwiz.net/techtips/sql-injection.html
Regards,
Jim Halfpenny
Posted in Q & A No Comments »
Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers,