ush.it - a beautiful place

Toc toc, ADSL?

November 28, 2005 at 2:25 pm - Filed under aa, bb - 629 words, reading time ~2 minutes - Permalink - Comments

Pubblichiamo i risultati di una piccola ricerca che a suo tempo abbiamo condotto per verificare se fosse possibile sapere se un determinato numero di telefonia fissa avesse o meno associata una linea adsl e quali dati sarebbero saltati fuori (operatore, tipologia di contratto).

WebCalendar Multiple Vulnerabilities

November 28, 2005 at 2:05 pm - Filed under aa, bb - 1131 words, reading time ~3 minutes - Permalink - Comments

WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php, edit_template.php and export_handler.php) and one local file overwrite (export_handler.php), input validation will fix.

Free Web Stat Multiple XSS Vulnerabilities

November 25, 2005 at 2:15 am - Filed under aa, bb - 1095 words, reading time ~3 minutes - Permalink - Comments

FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable to multiple XSS. The impact is a little bigger since datas will be stored in a flat file and the result of a single query will persist for some time on the backend. A well-timed loop of requests will assure the XSS to be permanent.

Gmail cracked

November 20, 2005 at 1:52 am - Filed under aa, bb - 144 words, reading time ~0 minutes - Permalink - Comments

Gmail e' vulnerabile ad un session traversal bug che permette di impersonificarsi come altri utenti ed accedere alla loro interfaccia web.

Php Web Statistik Multiple Vulnerabilities

November 19, 2005 at 5:19 pm - Filed under aa, bb - 596 words, reading time ~1 minutes - Permalink - Comments

Php Web Statistik is vulnerable to javascript and html injection using the unchecked lastnumber variable, proper input validation will fix. Just place an intval() at the right row. Other vulnerabilities has been discovered later.

Password discovery su 30gigs.com

November 16, 2005 at 2:40 pm - Filed under aa, bb - 246 words, reading time ~0 minutes - Permalink - Comments

E' stata trovata da cumhur onat una sql injection che permette di trovare la password di un utente arbitrario tramite la pagina di login del servizio mail 30gigs.com.

Reed's Alert! Got something burning? Tell USH team.
THP USH (HTTPS) Wisec DigitalBullets TheHackersPlace network