ush.it - a beautiful place

WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities

April 11, 2008 at 4:27 pm - Filed under Hacks, Language EN - 782 words, reading time ~2 minutes - Permalink - Comments

We found multiple XSS issues in the sample code of the PHP Network client for WiKID, a Strong Authentication System. In detail identified reflected XSS were on the "login" page forms. Pretty standard issue from a technical standpoint: $PHP_SELF was not properly escaped and sanitized before being echoed back to the client, definitely a known scenario that still affect many different software.

Cacti 0.8.7a Multiple Vulnerabilities

April 4, 2008 at 12:33 am - Filed under Hacks, Language EN - 1934 words, reading time ~6 minutes - Permalink - Comments

Together with my friend Antonio "s4tan" Parata we released this advisory affecting Cacti 0.8.7a. Found issues include XSS, SQL Injection, Path Disclosure and HTTP Response Splitting. Some bugs are logical flaws related to the use of $_REQUEST, in detail filters were applied to $_GET or $_POST but later $_REQUEST was used. Since $_REQUEST is build in an order defined in php.ini (normally GPC) it was possible to bypass the check and inject the malicious payload in POST or COOKIE for GET and COOKIE for POST.

Team/site updates for 2008

April 4, 2008 at 12:32 am - Filed under Team, Language EN - 535 words, reading time ~1 minutes - Permalink - Comments

As you probably noticed ush.it was pretty quiet in the last 5/6 months, this happened because there were cyclic dependencies in my todo list. Well now the situation is unblocked again and you can, perhaps, expect new posts! Just to reply to the "no more updates/why don't you post more/etc" sentences category i would remind that here we publish our research and naive contents and most likely we are not going to comment/bounce/mirror everything happening in this amazing world. A direct consequence is that ush.it will never have daily, regular or forced updates.

THP USH Wisec DigitalBullets