tag:blogger.com,1999:blog-8989080150485379912024-03-13T13:26:59.292-07:00Bugs, exploits, videos, news, ebooksSangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-898908015048537991.post-24827495309451553772012-06-19T11:40:00.002-07:002012-06-19T11:42:11.355-07:00vBulletin 4.2.0 XSS Vulnerability$------------------------------------------------------------------------------------------------------------<br />
$ vBulletin 4.2.0 XSS Vulnerability<br />
$ Author : sangteamtham<br />
$ Home : Hcegroup.vn<br />
$ Download: http://members.vbulletin.com/<br />
$ Date :06/13/2012<br />
$ Google Dork: "Powered by vBulletin® Version 4.2.0"<br />
$ Twitter: http://twitter.com/Sangte_amtham<br />
$*************************************************************************************************************<br />
1.vBulletin Description:<br />
<br />
Content publishing, search, security, and more— vBulletin has it all.<br />
Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money.<br />
Learn more about what makes vBulletin the choice for people who are serious about creating<br />
thriving online communities.<br />
<br />
2. Vulnerability Description:<br />
<br />
To steal cookie from administrator or any member in a forum or drive them to malicious sites, attacker will firstly create an account, then come to<br />
calendar section, and create an event for himself.<br />
<br />
In title, he will inject XSS code there.<br />
<br />
In content section, he will write everything he likes. Now, he will send his profile to Administrator or any member<br />
and wait for cookie or victims' infection.<br />
<br />
http://127.0.0.1/vbb/member.php?id-xyz<br />
<br />
3. Patch:<br />
<br />
June 13, 2012: Contacted the vendor.<br />
June 14, 2012: Vendor replied me.<br />
June 18, 2012: the vendor released the patch for this vulnerabitily. Please download it from member Area right now.<br />
<br />
https://members.vbulletin.com/patches.php<br />
<br />
$**************************************************************************************************************<br />
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security<br />
$<br />
$<br />
$------------------------------------------------------------------------------------------------------------<br />
<div><br />
</div><div>How to fix it?</div><div><br />
</div><div>Here we have vulnerable file named calendar.php in:</div><div><span style="background-color: #333333; color: white; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;">doc_root/vb/activitystream/view/perm/calendar/event.php</span> </div><div><span style="background-color: #333333; color: white; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;"><br />
</span></div><div><span style="background-color: #333333; color: white; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;">In line 74 to 77</span></div><div><br />
</div><div><div class="line number1 index0 alt2" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php keyword" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(0, 102, 153) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; font-weight: bold !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">public</code> <code class="php keyword" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(0, 102, 153) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; font-weight: bold !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">function</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">fetchTemplate(</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$templatename</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">, </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$activity</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">)</code></div><div class="line number2 index1 alt1" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">{</code></div><div class="line number3 index2 alt2" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php spaces" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"> </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">=& </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$this</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">->content[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'event'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">][</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$activity</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'contentid'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">]];</code></div><div class="line number4 index3 alt1" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php spaces" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"> </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$calendarinfo</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">=& </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$this</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">->content[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'calendar'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">][</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'calendarid'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">]];</code></div></div><div><br />
</div><div>Our title for events doesn't work. We need to filter it like this:</div><div><br />
</div><div><div class="line number1 index0 alt2" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php keyword" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(0, 102, 153) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; font-weight: bold !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">public</code> <code class="php keyword" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(0, 102, 153) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; font-weight: bold !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">function</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">fetchTemplate(</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$templatename</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">, </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$activity</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">)</code></div><div class="line number2 index1 alt1" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">{</code></div><div class="line number3 index2 alt2" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php spaces" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"> </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">=& </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$this</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">->content[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'event'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">][</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$activity</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'contentid'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">]];</code></div><div class="line number4 index3 alt1" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php spaces" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"> </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$calendarinfo</code> <code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">=& </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$this</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">->content[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'calendar'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">][</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'calendarid'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">]];</code></div><div class="line number5 index4 alt2" style="background-color: white !important; background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: white; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: 13px; height: auto !important; left: auto !important; line-height: 14px; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px 1em !important; position: static !important; right: auto !important; text-align: left; top: auto !important; vertical-align: baseline !important; white-space: pre !important; width: auto !important;"><code class="php spaces" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;"> </code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'title'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">] = htmlspecialchars_uni(</code><code class="php variable" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: rgb(170, 119, 0) !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">$eventinfo</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">[</code><code class="php string" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: blue !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">'title'</code><code class="php plain" style="background-image: none !important; border-bottom-left-radius: 0px !important; border-bottom-right-radius: 0px !important; border-top-left-radius: 0px !important; border-top-right-radius: 0px !important; border: 0px !important; bottom: auto !important; box-sizing: content-box !important; color: black !important; float: none !important; font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace !important; font-size: 1em !important; height: auto !important; left: auto !important; line-height: 1.1em !important; margin: 0px !important; min-height: inherit !important; outline: 0px !important; overflow: hidden !important; padding: 0px !important; position: static !important; right: auto !important; top: auto !important; vertical-align: baseline !important; width: auto !important;">]);</code></div></div><div><br />
</div><div style="text-align: left;"><span style="font-family: Consolas, 'Bitstream Vera Sans Mono', 'Courier New', Courier, monospace; font-size: x-small;"><span style="line-height: 14px; white-space: pre;">Please fix it asap.</span></span></div>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-16381825402324587402011-10-27T04:00:00.000-07:002011-10-30T11:13:17.627-07:00Xampp 1.7.4 for Windows multiple Site Scripting Vulnerabilities$------------------------------------------------------------------------------------------------------------------- <br />
$ Xampp 1.7.4 for Windows multiple Site Scripting Vulnerabilities <br />
$ Author : Sangteamtham <br />
$ Home : Hcegroup.net <br />
$ Download :http://www.apachefriends.org/en/xampp-windows.html <br />
$ Date :07/12/2011 <br />
$ Twitter: http://twitter.com/Sangte_amtham<br />
$****************************************************************************************** <br />
1.Description:<br />
<br />
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really <br />
very easy to install and to use - just download, extract and start.<br />
<br />
2. Patch:<br />
<br />
Jul 12, 2011: Contact to vendor.<br />
Jul 12, 2011: Vendor said that they would fix in next release<br />
Sep 21, 2011: Released XAMPP 1.7.7 <br />
Oct 27, 2011: Release the bug.<br />
<br />
3. POC:<br />
<br />
http://localhost/xampp/ming.php?text=XSS H3r3<br />
http://localhost/xampp/cds.php/ XSS H3r3 <br />
In adodb.php, we have a form to submit database information, but this form is not filer well. So web can submit the <br />
malicious codes. <br />
<br />
http://localhost/xampp/adodb.php<br />
<br />
<br />
$****************************************************************************************** <br />
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security <br />
$ <br />
$ <br />
$--------------------------------------------------------------------------------------------------------------------<br />
Reference:<br />
http://www.securityfocus.com/bid/50381/info<br />
http://packetstormsecurity.org/files/106244/xampp174-xss.txt<br />
http://seclists.org/fulldisclosure/2011/Oct/944Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-16464429015038650262011-03-17T22:53:00.000-07:002011-03-20T08:55:40.806-07:00Peny Auction Clone (Swoopo Clone) SQL Injection and Cross Site Scripting Vulneribilities.I am really dump in work. Working for life and put my favorites aside. Really sad :(<br />
<br />
<br />
#-------------------------------------------------------------------------------------------------------------------<br />
# Peny Auction Clone (Swoopo Clone) SQL Injection and Cross Site Scripting Vulneribilities.<br />
# Author : Sangteamtham<br />
# Home : Hcegroup.net<br />
# Download :http://www.pennyauctionsoft.com/<br />
# Date :03/20/2011<br />
# Twitter:@Sangte_amtham<br />
#<br />
#******************************************************************************************<br />
#1.Description:<br />
#Pennyauctionsoft is a brand new powerful, effective and feature-rich Swoopo script Clone application <br />
# that is ready to use out of the box. <br />
#2.Vulnerabilities:<br />
# I reported this to the authors. After interesting conversation, everything is still the same until now.<br />
# Almost the the files get XSS vuls. I don't think that i will list all, but some of them. <br />
#2.a XSS vulnerabilities:<br />
# Some of XSS:<br />
<blockquote># http://server/index.php/"XSS</blockquote><blockquote># http://server/jobs.php/"XSS</blockquote><blockquote># http://server/contact.php/"XSS</blockquote><blockquote># http://server/forum/index.php/"<script>
alert("Welcome To My Spot Lol")
</script></blockquote> # http://server/forum/index.php/",<br />
<script>
//alert("XSS")
</script><br />
<script>
alert("XSS")
</script><br />
<script>
alert("XSS")
</script><br />
# Many of them are still get vulnerabilities.<br />
# <br />
#2.b: MySQL injection.<br />
# It seems the request to server is not filtered well with client-ip using GET method. <br />
# <br />
#<br />
# http://server/allauctions.php<br />
# <br />
# Host: www.server.com<br />
# User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15<br />
# client-ip: 127.0.0.1 '<br />
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br />
# Accept-Language: en-us,en;q=0.5<br />
# Accept-Encoding: gzip,deflate<br />
# Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br />
# Keep-Alive: 115<br />
# Connection: keep-alive<br />
# Cookie: PHPSESSID=dc3fa290bcf7f865d6c43bb19e607a74<br />
# <br />
# As demo, Attacker will get the vulnerability and try to inject and get credential information.<br />
# Still vulnerability with :<br />
# http://server/allauctions.php<br />
# http://server/registration.php<br />
# http://server/forum/forum_detail.php<br />
#<br />
#<br />
#<br />
#******************************************************************************************<br />
# Greetz to: All Vietnamese hackers and Hackers out there researching for more security<br />
#--------------------------------------------------------------------------------------------------------------------<br />
<br />
Refer:<br />
http://www.securityfocus.com/bid/46920/<br />
http://securityreason.com/exploitalert/10171<br />
http://secunia.com/advisories/43801Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com1tag:blogger.com,1999:blog-898908015048537991.post-2690452276128388792010-11-08T04:15:00.000-08:002010-11-08T04:16:07.439-08:00XSS Vulnerability at blogspot.com - Google try to ignore?I report to Google Security Team some days, but I have not received any reply from them, any fixes as well. They may think this is stuff, not problem. So the problem with whom? Who may concerm?<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1asLHCYyfr347GxhW8qHl5D9gR6H-mNtIEc_r2jyHf-vBS4_aLClp2eERu0YfG49URU-HtRrIebgCx11SDzN1twG8leddp-OnAiLXxo7JoEZGdnUyYN1nbbl8ijCTg5IWug9FO_yW0DU/s1600/xssgoogle2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1asLHCYyfr347GxhW8qHl5D9gR6H-mNtIEc_r2jyHf-vBS4_aLClp2eERu0YfG49URU-HtRrIebgCx11SDzN1twG8leddp-OnAiLXxo7JoEZGdnUyYN1nbbl8ijCTg5IWug9FO_yW0DU/s400/xssgoogle2.png" width="400" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1asLHCYyfr347GxhW8qHl5D9gR6H-mNtIEc_r2jyHf-vBS4_aLClp2eERu0YfG49URU-HtRrIebgCx11SDzN1twG8leddp-OnAiLXxo7JoEZGdnUyYN1nbbl8ijCTg5IWug9FO_yW0DU/s1600/xssgoogle2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIpEkCw5v4KJJzqLu7OsnR9K9sRZPr_LbyZd0X1b3_LZjfdXZ-gf21CqMdDBbqXDw8cIShHHNv3aBC6CYqgF5RLGTS1AaBQWVFK1IIWuD8GMmFsAIDnxisG1n-VVRSfI5NEjuBiTvhy_s/s1600/xsgoogle1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIpEkCw5v4KJJzqLu7OsnR9K9sRZPr_LbyZd0X1b3_LZjfdXZ-gf21CqMdDBbqXDw8cIShHHNv3aBC6CYqgF5RLGTS1AaBQWVFK1IIWuD8GMmFsAIDnxisG1n-VVRSfI5NEjuBiTvhy_s/s400/xsgoogle1.png" width="400" /> </a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div align="left" class="separator" style="clear: both; text-align: center;">I am still waiting for their reply. May be they will never concerm. </div>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com3tag:blogger.com,1999:blog-898908015048537991.post-7683376824501781582010-11-06T09:12:00.000-07:002010-11-06T10:00:57.114-07:00Xampp 1.7.3 multiple vulnerabilities#**********************************************************<br />
# Exploit Title: Xampp 1.7.3 XSS multiple vulnerabilities<br />
# Date: 11/06/2010<br />
# Author: Sangteamtham<br />
# Software Link: http://www.apachefriends.org/en/xampp.html<br />
# Version: 1.7.3<br />
# Tested on: Windows 7<br />
# Email: Sangteamtham@gmail.com<br />
# Blog: http://sangte.blogspot.com/<br />
# Homepage: http://hcegroup.net/hceteam<br />
#***********************************************************<br />
<br />
1.Description:<br />
<br />
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.<br />
<br />
2. Vulnerabilities:<br />
<br />
<a href="http://paste2.org/p/1075584">http://paste2.org/p/1075584</a><br />
<a href="http://paste2.org/p/1075584"><br />
</a><br />
<br />
3. Poc:<br />
<br />
<br />
<br />
4. Patch:<br />
<br />
Vender should filter the special characters when input the form.<br />
Clients should set password access to xampp folder.<br />
<br />
5. Credits:<br />
Thanks flying to Vietnamese hackers and all hackers out there researching for more security.<br />
*************************************************************Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-16057795051606006102010-11-06T01:34:00.000-07:002010-11-06T03:28:24.048-07:00Google Shop Oline XSS vulnerability<div align="center" class="MsoNormal" style="text-align: center;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><br />
</span></span></div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;"><span style="mso-spacerun: yes;"> </span> </span><br />
<span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font-family: "Times", "Times New Roman", serif;">1.</span><span style="font-family: "Times", "Times New Roman", serif;"> </span></span></span><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">Discription:</span></span><br />
<br />
<span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;"> </span></span><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">Google Shop Online website sell the products online like souvenir.</span></span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">“ How do we keep your information secure?</span></span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-size: 14.0pt; line-height: 115%;"><span style="mso-spacerun: yes;"><span style="font-family: "Times", "Times New Roman", serif;"> </span></span><span style="font-family: "Times", "Times New Roman", serif;">The personal information that you provide to Google Store, including your credit card or other payment information, is maintained on secure servers and protected by industry-standard Secure Socket Layer encryption. When entering personal information, look for an icon at the bottom of your browser window that indicates you are on a secure page.”</span></span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-size: 14.0pt; line-height: 115%;"><span style="mso-spacerun: yes;"><span style="font-family: "Times", "Times New Roman", serif;"> </span></span><span style="font-family: "Times", "Times New Roman", serif;">I cut from that site.</span></span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">URL: http://www.google-store.com</span></span></div><div class="MsoListParagraph" style="margin-left: 13.5pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -13.5pt;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font-family: "Times", "Times New Roman", serif;">2.</span><span style="font-family: "Times", "Times New Roman", serif;"> </span></span></span><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">XSS Vulnerability:</span></span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">“</span></span><span style="font-family: "Times", "Times New Roman", serif;">Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.[1] Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner.” (wikipedia.org)</span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-family: "Times", "Times New Roman", serif;">“What about cookies?</span></div><div class="MsoNormal" style="margin-left: 13.5pt;"><span style="font-family: "Times", "Times New Roman", serif;">A cookie is a piece of data that identifies you as a unique user. When you visit the Google Store, we set a cookie on your computer to help identify you, customize your experience and maintain your account and order information. To protect the security of your account, you must accept the Google Store cookie in order to shop here.”(</span><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;"> google-store.com)</span></span></div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;"><span style="mso-spacerun: yes;"><span style="font-family: "Times", "Times New Roman", serif;"> </span></span><span style="font-family: "Times", "Times New Roman", serif;">Here are some snapshops:</span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmU2jUYVuz5B93zCkcefDuWF_O1_mFScLiBzfHwZFvKzncIhXAJm85-0Tmoo6CaDKDD7OSVI_5iEky_gI4NBfsdvEAFmg3fzVFlBRlL-NA1rZtFKdMR8gziwI8ORyrACbFE0QgKxdVIKs/s1600/google1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="126" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmU2jUYVuz5B93zCkcefDuWF_O1_mFScLiBzfHwZFvKzncIhXAJm85-0Tmoo6CaDKDD7OSVI_5iEky_gI4NBfsdvEAFmg3fzVFlBRlL-NA1rZtFKdMR8gziwI8ORyrACbFE0QgKxdVIKs/s320/google1.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi66MrqVGBszL8gPtartjGm-QqlVx1t94xSBrZvSx3pGZ3EmPis347PNcBTWI159yriTsJ2jmDtdbP8f5SKABUjMX8mdfb_Ye9hNbXBieEwdHvHWMsFhKvnvcMzG0x3X0JvgeIevc0r7AQ/s1600/goo2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br />
</a></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">XSS vulnerability was on the module produc_info.php, that does not filter the special characters. Hackers use this to insert javascript code to steal cookies from Customers, Administrators and so on. </span></span></div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;"><span style="font-family: "Times", "Times New Roman", serif;">Take a look at the source view from firefox.</span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmU2jUYVuz5B93zCkcefDuWF_O1_mFScLiBzfHwZFvKzncIhXAJm85-0Tmoo6CaDKDD7OSVI_5iEky_gI4NBfsdvEAFmg3fzVFlBRlL-NA1rZtFKdMR8gziwI8ORyrACbFE0QgKxdVIKs/s1600/google1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br />
</a></div><div class="MsoNormal"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOkJQVYyynJ58IfnGY56XU-bN8EHNBSohTiCfJFOofr-T_WhWVgOYzitNQhBcC5mG8amY1giYb4YvgnTfexqY-N_gG60gAuuhUoi6jIMOL5nDRJvsktSOBUeOVSgUsXgCJLqqdnSmzPWI/s1600/XSgo2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOkJQVYyynJ58IfnGY56XU-bN8EHNBSohTiCfJFOofr-T_WhWVgOYzitNQhBcC5mG8amY1giYb4YvgnTfexqY-N_gG60gAuuhUoi6jIMOL5nDRJvsktSOBUeOVSgUsXgCJLqqdnSmzPWI/s320/XSgo2.png" width="320" /></a></div><span style="font-size: 14.0pt; line-height: 115%; mso-no-proof: yes;"><br />
</span><br />
<span style="font-size: 14.0pt; line-height: 115%; mso-no-proof: yes;"><br />
</span></div><div class="MsoListParagraph" style="margin-left: 13.5pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -13.5pt;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-family: "Times New Roman"; font-size: 7pt; font-style: normal; font-variant: normal; font-weight: 400; line-height: normal;"> </span></span></span><span style="font-size: 14.0pt; line-height: 115%;">Reference:</span></div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;"><span style="mso-spacerun: yes;"> </span>3.a.</span> <a href="http://en.wikipedia.org/wiki/Cross-site_scripting"><span style="font-size: 14.0pt; line-height: 115%;">http://en.wikipedia.org/wiki/Cross-site_scripting</span></a></div><div class="MsoNormal"><span style="font-size: 14.0pt; line-height: 115%;">3.b.</span> <a href="http://ha.ckers.org/xss.html"><span style="font-size: 14.0pt; line-height: 115%;">http://ha.ckers.org/xss.html</span></a></div>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-32195789063629875602010-11-05T23:11:00.000-07:002010-11-05T23:11:58.068-07:00From 0x90 to 0x4c454554, a journey into exploitation. From 0x90 to 0x4c454554, a journey into exploitation.<br />
In the last few weeks I have been diving deeper down the rabbit hole of exploitation work and with a bit of work and time to prepare myself for the long run I compiled a set of areas to study in a course type layout. I hope my research will help others spend more time learning and less time searching. <br />
Because I am doing this myself I may have missed 1 or 2 things and along the way I will add in anything I find to help with process. So let us both get started... <br />
<br />
First off I want to thank the corelan guys for the help they have provided me so far in the process. They have been there for me through my learning with knowledge and help. Thank you! <br />
<br />
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning <br />
Here is a PDF of the course to help keep track and understand the layout. Course_layout.pdf <br />
"New background soon -> desktop background Cheatsheet added to documents page Backgrounds <br />
<br />
Other Posts like this one: <br />
Because of quality of these two posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much. <br />
past-present-future of windows exploitation <br />
smashing the stack in 2010(Great resource) <br />
<br />
<br />
Part 1: Programming<br />
<br />
Parallel learning #1:(complete this section before getting to the book "Hacking Art of exploitation") <br />
While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful. <br />
<br />
Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented. <br />
Wikibooks Python <br />
http://docs.python.org/ <br />
onlinecomputerbooks.com <br />
<br />
Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. <br />
Wikibooks Ruby <br />
LittleBookOfRuby <br />
onlinecomputerbooks.com <br />
<br />
Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl) <br />
[book] O'Reilly Learning Perl <br />
onlinecomputerbooks.com <br />
<br />
<br />
C and C++ programming: <br />
It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming. <br />
Cprogramming.com <br />
http://www.java2s.com/Tutorial/C/CatalogC.htm <br />
http://beej.us/guide/bgc/ <br />
onlinecomputerbooks.com <br />
<br />
X86 Assembly: <br />
Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well. <br />
Skullsecurity: Assembly <br />
http://en.wikibooks.org/wiki/X86_Assembly <br />
[book]The Art of Assembly <br />
Assembly primer for hackers <br />
<br />
Windows Programming: <br />
This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line <br />
http://en.wikibooks.org/wiki/Windows_Programming <br />
http://www.relisoft.com/win32/index.htm <br />
[book]Windows Internals 5 <br />
[book]Windows Internals 4 <br />
<br />
Disassembly: <br />
Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff. <br />
http://en.wikibooks.org/wiki/X86_disassembly <br />
<br />
<br />
Part 2: Getting started<br />
<br />
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation. <br />
Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed. <br />
<br />
Smash the stack for fun and profit (Phrack 49) <br />
C function call conventions and the stack <br />
[videos] Code Audit from cryptocity.net <br />
<br />
(Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages) <br />
<br />
[Book]Hacking art of exploitation [Chapter 1&2] <br />
Corelan T1 <br />
Corelan T2 <br />
<br />
Parallel learning #2:(complete this section before end of part 2) <br />
(Read the first few posts on this blog has some good info) <br />
Kspice blog <br />
(Read some of the post from this blog they are very helpful with starting out with fuzzers.) <br />
Nullthreat's blog <br />
(I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things) <br />
A demo exploit <br />
<br />
tenouk.com: Buffer overflow intro <br />
The Tao of Windows Buffer Overflow <br />
nsfsecurity on BOF <br />
Hacker center: BOF <br />
[video] Buffer overflow Primer <br />
[Book]Shellcoder's Handbook Ch1&2 <br />
[Book]Hacking art of exploitation [Chapter 3] <br />
Corelan T3A <br />
Corelan T3B <br />
SEH overwrite simplified <br />
<br />
((Parallel learning #2 finished:) <br />
<br />
Part 3:Tools of the trade<br />
<br />
This is a list of tools I have started using and find very useful. <br />
Immunity Debugger <br />
Ollydbg <br />
Windbg <br />
IDA Pro <br />
explorer suite <br />
Sysinternals <br />
<br />
And here are some corelan posts on how to use them. I will supply more in future but this is a very good start. <br />
Corelan T5 <br />
Corelan: Immunity debugger cheatsheet <br />
<br />
Part 4: Network and Metasploit<br />
<br />
(Networking) <br />
Beej.us network programming <br />
[Book]Hacking art of exploitation [Chapter 4] <br />
<br />
(Metasploit) <br />
[Video]Security Tube: Metasploit Megaprimer <br />
Metasploit.com <br />
Metasploit Unleashed <br />
Metasploit Louisville Class <br />
Metasploitable (a target) <br />
Corelan T4 <br />
intern0t: developing my first exploit <br />
DHAtEnclaveForensics: Exploit Creation in Metasploit <br />
Wikibooks Metasploit/Writing Windows Exploit <br />
<br />
<br />
Part 5: Shellcode<br />
<br />
Corelan T9 <br />
[Book]Shellcoder's Handbook Ch3 <br />
[Book]Hacking art of exploitation [Chapter 5] <br />
Writing small shellcode <br />
Shell-storm Shellcode database <br />
<br />
<br />
Part 6: Engineering in Reverse<br />
<br />
Parallel Learning #3:(constant place to reference and use for reversing) <br />
[forum]reverse-engineering.net <br />
Reverse Engineering the World <br />
Room362.com reversing blog post <br />
<br />
Ethicalhacker.net intro to reverse engineering <br />
acm.uiuc.edu Intro to Reverse Engineering software <br />
[Book]Reversing: secrets of reverse engineering <br />
[video]Reverse Engineering from cryptocity.net <br />
CrackZ's Reverse Engineering Page <br />
Reverse engineering techniques <br />
<br />
[GAME]Crackmes.de <br />
<br />
Part 7: Getting a little deeper into BOF<br />
<br />
Parallel Learning #4:(To the end of the course and beyond) <br />
Find old exploits on Exploit-db download them, test them, rewrite them, understand them. <br />
<br />
[video]Exploitation from cryptocity.net <br />
Buffer overflow protection <br />
Wikipedia Executable space protextion <br />
Wikipedia DEP <br />
Wikipedia ASLR <br />
Purdue.edu: Canary Bit <br />
Corelan T6 <br />
Bypassing Hardware based DEP <br />
Corelan T7 <br />
Corelan T8 <br />
Corelan T10 <br />
Virtual Worlds - Real Exploits <br />
<br />
[GAME]Smash the stack wargaming network <br />
<br />
Part 8: Heap overflow<br />
<br />
rm -rf / on heap overflow <br />
w00w00 on heap overflow <br />
[book][Book]Shellcoder's Handbook Ch4&5 <br />
h-online A heap of Risk <br />
[video]Defcon 15 remedial Heap Overflows <br />
heap overflow: ancient art of unlink seduction <br />
Memory corruptions part II -- heap <br />
<br />
[book]Read the rest of Shellcoder's Handbook <br />
<br />
Part 9: Exploit listing sites<br />
<br />
Exploit-DB <br />
Injector <br />
CVE Details <br />
Packetstorm <br />
CERT <br />
Mitre <br />
National Vulnerability Database <br />
<br />
(bonus: site that lists types of vulnerabilties and info) <br />
Common Weakness Enumberation <br />
<br />
Part 10: To come<br />
<br />
1. Fuzzing <br />
2. Might be a while but I plan on doing a whole web exploitation post that will be an add to this but a whole new post <br />
<br />
<br />
<br />
If anyone has any good links to add post a comment and I will try to add them or send me the link and I will review and add it.<br />
From 0x90 to 0x4c454554, a journey into exploitation. <br />
In the last few weeks I have been diving deeper down the rabbit hole of exploitation work and with a bit of work and time to prepare myself for the long run I compiled a set of areas to study in a course type layout. I hope my research will help others spend more time learning and less time searching. <br />
Because I am doing this myself I may have missed 1 or 2 things and along the way I will add in anything I find to help with process. So let us both get started... <br />
<br />
First off I want to thank the corelan guys for the help they have provided me so far in the process. They have been there for me through my learning with knowledge and help. Thank you! <br />
<br />
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning <br />
Here is a PDF of the course to help keep track and understand the layout. Course_layout.pdf <br />
"New background soon -> desktop background Cheatsheet added to documents page Backgrounds <br />
<br />
Other Posts like this one: <br />
Because of quality of these two posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much. <br />
past-present-future of windows exploitation <br />
smashing the stack in 2010(Great resource) <br />
<br />
<br />
Part 1: Programming<br />
<br />
Parallel learning #1:(complete this section before getting to the book "Hacking Art of exploitation") <br />
While going through the programming area I concentrate on core topics to help us later on with exploit writing. One area that is very good to pick up is some kind of scripting language. Listed below are some of the most popular scripting languages and ones I feel will prove to be the most useful. <br />
<br />
Python: One of my favorite languages and growing in popularity python is a powerful language that is easy to use and well documented. <br />
Wikibooks Python <br />
http://docs.python.org/ <br />
onlinecomputerbooks.com <br />
<br />
Ruby: If you plan on later on working inside of metasploit this may be the language you want to start with. <br />
Wikibooks Ruby <br />
LittleBookOfRuby <br />
onlinecomputerbooks.com <br />
<br />
Perl: An older language that still has a lot of use perl is one of the highest used scripting languages and you will see it used in many exploits. (I would suggest python over perl) <br />
[book] O'Reilly Learning Perl <br />
onlinecomputerbooks.com <br />
<br />
<br />
C and C++ programming: <br />
It is very important to understand what you are exploiting so to get started let us figure out what we are exploiting. You do not need to go through all of these but when finished with this section you should have a good understanding of C and C++ programming. <br />
Cprogramming.com <br />
http://www.java2s.com/Tutorial/C/CatalogC.htm <br />
http://beej.us/guide/bgc/ <br />
onlinecomputerbooks.com <br />
<br />
X86 Assembly: <br />
Ok now to understand what the computer reads when we compile C and C++. I am going to mostly stick to the IA-32(X86) assembly language. Read the first link to understand why. It explains it very well. <br />
Skullsecurity: Assembly <br />
http://en.wikibooks.org/wiki/X86_Assembly <br />
[book]The Art of Assembly <br />
Assembly primer for hackers <br />
<br />
Windows Programming: <br />
This is to help understand what we are programming in and the structure of libraries in the OS. This area is very important far down the line <br />
http://en.wikibooks.org/wiki/Windows_Programming <br />
http://www.relisoft.com/win32/index.htm <br />
[book]Windows Internals 5 <br />
[book]Windows Internals 4 <br />
<br />
Disassembly: <br />
Dissassembly is not as much programming as it is what the computer understands and the way it is interpreted from CPU and memory. This is where we start getting into the good stuff. <br />
http://en.wikibooks.org/wiki/X86_disassembly <br />
<br />
<br />
Part 2: Getting started<br />
<br />
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation. <br />
Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed. <br />
<br />
Smash the stack for fun and profit (Phrack 49) <br />
C function call conventions and the stack <br />
[videos] Code Audit from cryptocity.net <br />
<br />
(Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages) <br />
<br />
[Book]Hacking art of exploitation [Chapter 1&2] <br />
Corelan T1 <br />
Corelan T2 <br />
<br />
Parallel learning #2:(complete this section before end of part 2) <br />
(Read the first few posts on this blog has some good info) <br />
Kspice blog <br />
(Read some of the post from this blog they are very helpful with starting out with fuzzers.) <br />
Nullthreat's blog <br />
(I am linked directly to a demo exploit for this area but this is a useful blog to keep track of for many things) <br />
A demo exploit <br />
<br />
tenouk.com: Buffer overflow intro <br />
The Tao of Windows Buffer Overflow <br />
nsfsecurity on BOF <br />
Hacker center: BOF <br />
[video] Buffer overflow Primer <br />
[Book]Shellcoder's Handbook Ch1&2 <br />
[Book]Hacking art of exploitation [Chapter 3] <br />
Corelan T3A <br />
Corelan T3B <br />
SEH overwrite simplified <br />
<br />
((Parallel learning #2 finished:) <br />
<br />
Part 3:Tools of the trade<br />
<br />
This is a list of tools I have started using and find very useful. <br />
Immunity Debugger <br />
Ollydbg <br />
Windbg <br />
IDA Pro <br />
explorer suite <br />
Sysinternals <br />
<br />
And here are some corelan posts on how to use them. I will supply more in future but this is a very good start. <br />
Corelan T5 <br />
Corelan: Immunity debugger cheatsheet <br />
<br />
Part 4: Network and Metasploit<br />
<br />
(Networking) <br />
Beej.us network programming <br />
[Book]Hacking art of exploitation [Chapter 4] <br />
<br />
(Metasploit) <br />
[Video]Security Tube: Metasploit Megaprimer <br />
Metasploit.com <br />
Metasploit Unleashed <br />
Metasploit Louisville Class <br />
Metasploitable (a target) <br />
Corelan T4 <br />
intern0t: developing my first exploit <br />
DHAtEnclaveForensics: Exploit Creation in Metasploit <br />
Wikibooks Metasploit/Writing Windows Exploit <br />
<br />
<br />
Part 5: Shellcode<br />
<br />
Corelan T9 <br />
[Book]Shellcoder's Handbook Ch3 <br />
[Book]Hacking art of exploitation [Chapter 5] <br />
Writing small shellcode <br />
Shell-storm Shellcode database <br />
<br />
<br />
Part 6: Engineering in Reverse<br />
<br />
Parallel Learning #3:(constant place to reference and use for reversing) <br />
[forum]reverse-engineering.net <br />
Reverse Engineering the World <br />
Room362.com reversing blog post <br />
<br />
Ethicalhacker.net intro to reverse engineering <br />
acm.uiuc.edu Intro to Reverse Engineering software <br />
[Book]Reversing: secrets of reverse engineering <br />
[video]Reverse Engineering from cryptocity.net <br />
CrackZ's Reverse Engineering Page <br />
Reverse engineering techniques <br />
<br />
[GAME]Crackmes.de <br />
<br />
Part 7: Getting a little deeper into BOF<br />
<br />
Parallel Learning #4:(To the end of the course and beyond) <br />
Find old exploits on Exploit-db download them, test them, rewrite them, understand them. <br />
<br />
[video]Exploitation from cryptocity.net <br />
Buffer overflow protection <br />
Wikipedia Executable space protextion <br />
Wikipedia DEP <br />
Wikipedia ASLR <br />
Purdue.edu: Canary Bit <br />
Corelan T6 <br />
Bypassing Hardware based DEP <br />
Corelan T7 <br />
Corelan T8 <br />
Corelan T10 <br />
Virtual Worlds - Real Exploits <br />
<br />
[GAME]Smash the stack wargaming network <br />
<br />
Part 8: Heap overflow<br />
<br />
rm -rf / on heap overflow <br />
w00w00 on heap overflow <br />
[book][Book]Shellcoder's Handbook Ch4&5 <br />
h-online A heap of Risk <br />
[video]Defcon 15 remedial Heap Overflows <br />
heap overflow: ancient art of unlink seduction <br />
Memory corruptions part II -- heap <br />
<br />
[book]Read the rest of Shellcoder's Handbook <br />
<br />
Part 9: Exploit listing sites<br />
<br />
Exploit-DB <br />
Injector <br />
CVE Details <br />
Packetstorm <br />
CERT <br />
Mitre <br />
National Vulnerability Database <br />
<br />
(bonus: site that lists types of vulnerabilties and info) <br />
Common Weakness Enumberation <br />
<br />
Part 10: To come<br />
<br />
1. Fuzzing <br />
2. Might be a while but I plan on doing a whole web exploitation post that will be an add to this but a whole new post <br />
<br />
<br />
<br />
If anyone has any good links to add post a comment and I will try to add them or send me the link and I will review and add it.<br />
<br />
<a href="http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html">Read more</a>.Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com1tag:blogger.com,1999:blog-898908015048537991.post-14508587048919373802010-11-05T11:11:00.001-07:002010-11-05T11:11:40.742-07:00How to Export Your Facebook Friends’ E-mail AddressesLast night, TechCrunch reported that Google will now require sites that import e-mail addresses from Gmail to also allow export of their data. The move was clearly aimed at Facebook, which has kept Google from accessing their users’ data. In response, many people have mentioned that while Facebook lets users download some data, they’re still not able to download an e-mail address book of their Facebook contacts.<br />
<br />
However, that’s not quite the case. Back in March, I published a guide to exporting data from Facebook using various tricks and FQL queries. Facebook has since made changes and added tools which have made the post a bit outdated, but much of the information still applies. In particular, I described using Yahoo’s contact import tool to download an e-mail address book for all your Facebook friends. This technique relies on a Facebook-approved feature and should not violate the site’s terms of service. A few specific steps have changed a bit, so I’ll recap the process here.<br />
<br />
First, you need to have a Yahoo! Mail account. If you don’t already have one, you can create one for free. In fact, I’d advise creating a new account to avoid your Facebook friends’ e-mail addresses getting mixed up with any others already in your address book.<br />
To add your friends’ e-mail addresses to your Yahoo! Address Book, follow the steps given on this page at the Yahoo! Mail blog. Essentially, you open Contacts, click on “Tools,” then “Import,” choose “Facebook,” and follow the steps. You will have to authorize a Facebook application built by Yahoo! for this purpose.<br />
To save a local copy of these addresses, you can use the export tools in Yahoo! Address Book. Return to your Contacts, once again click “Tools,” and this time select “Export.” You’ll be presented with a list of programs, each with an “Export Now” button.<br />
If you’re not sure which you should choose, I would recommend clicking the button next to Microsoft Outlook. You may have to enter a code a CAPTCHA code, but you’ll then be prompted to save a file in CSV format. This is a fairly standard way of saving contact information.<br />
Once you’ve downloaded the file, you can use it to import your contacts into other places, including Outlook. You can also open the file in Microsoft Excel to view the contact list or make changes.<br />
<br />
<a href="http://theharmonyguy.com/2010/11/05/how-to-export-your-facebook-friends-e-mail-addresses/">Read more</a>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-75394418798953154602010-11-05T05:22:00.000-07:002010-11-05T05:22:14.606-07:00Adobe Suggests Workaround for New Reader Zero-DayAdobe is still investigating reports of a new code execution vulnerability in Adobe Reader and Acrobat, but recommends blacklisting the affected JavaScript function in the meantime.<br />
<br />
The flaw was reported as a zero-day on Wednesday, when someone posted a proof-of-concept exploit on the Full Disclosure mailing list.<br />
<br />
<br />
However, it appears the issue has been known as a Denial of Service (DoS) condition since almost a year ago, when it was disclosed on a Russian-language blog.<br />
<br />
Adobe confirmed the DoS attack vector, but has not yet verified if the bug can be exploited to execute arbitrary code.<br />
<br />
Nevertheless, French vulnerability research vendor VUPEN Security has published an advisory suggesting that it is possible.<br />
<br />
The vulnerability is caused by a heap corruption error in the "EScript.api" plugin, triggered when a PDF document calls the "printSeps()" undocumented function.<br />
<br />
As a temporary workaround Adobe recommends adding this function to the JavaScript API blacklist used by Adobe Reader and Acrobat.<br />
<br />
On Windows, this can be achieved via two separate registry entries, one for enterprise policies and one used by Adobe's patching process.<br />
<br />
"The Adobe blacklist is modified by Adobe Reader patches whenever an API is deemed vulnerable. APIs are also removed from the blacklist whenever a fix for a vulnerability is provided by the current patch," the company explains.<br />
<br />
The blacklisting can be done by creating the key "tBlackList" under "HKLM\SOFTWARE\Adobe\<product>\<version>\JavaScriptPerms" with a value of "Doc.printSeps" (case sensitive).<br />
<br />
On 64-bit flavors of Windows the location is "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\<product>\<version>\JavaScriptPerms".<br />
<br />
The location of the enterprise blacklist is "HKLM\SOFTWARE\Policies\Adobe\<product>\<version>\FeatureLockDown\cJavaScriptPerms", however, entries added here are not automatically removed by Adobe's patches.<br />
<br />
Therefore, when a fix is released, in order to restore the functionality provided by printSeps(), the key will have to be removed manually.<br />
<br />
Instructions to get the same results on Mac and Linux versions of the products are provided on the Adobe Product Security Incident Response Team (PSIRT) blog.</version></product></version></product></version></product><br />
<br />
<a href="http://news.softpedia.com/news/Adobe-Recommends-Workaround-for-New-Reader-Zero-Day-164894.shtml">Read More</a>.Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-31895796542560500082010-11-04T06:56:00.000-07:002010-11-04T06:56:34.830-07:00Understanding Firesheep AttackThe recently released Firesheep tool caused quite a buzz. Packaged as an easy to install Firefox add-on, the tool allowed an attacker to quickly identify nearby users that were insecurely accessing popular websites. The tool's easy to use design allowed a user with basic computer skills to see pictures of the vulnerable users in a buddy list style text box and enabled the user/attacker to simply double click on the user's picture in order to completely take over their account.<br />
<br />
<br />
Brief aside: While I do work at Mozilla, this post is primarily focused on explaining the underlying website security controls that have failed to enable such an attack. To learn more about Mozilla's view of the Firesheep plugin I encourage you to read the post at the Mozilla Security Blog.<br />
<br />
Why Is This News?<br />
Firesheep does not exploit a new vulnerability. The vulnerable design of sending authenticated cookies over an unencrypted channel has been known for years. The reason Firesheep is making news is because of the ease of use to execute an attack and exploit this weakness in popular websites such as Facebook and Twitter. Perhaps all of this press, and a few angry users that are victim to unwanted status updates or tweets, may result in these large social networking sites actually fixing the issue. <br />
<br />
How Does Firesheep Work?<br />
First, Firesheep does not steal the victim's password that they are using with a website (twitter/facebook/etc). In fact, the passwords are correctly and securely sent to those websites. Instead Firesheep steals the session identifier for the user. The session id is a long random number that is used to represent the user after the user has authenticated to the website with their username and password. Without session ids a user would need to send their username and password with every request. The session id was created to eliminate this inconvenience and allow a user to simply provide their password once and allow the browser and website to handle the rest. The browser remembers the user's session id and the web server makes a record within their databases to associate the session id and user's identity. From this point on the web site knows that each time they receive the particular session id that the request is coming from the associated user.<br />
<br />
Examples of session ids that would be stored on the web server<br />
Session ID - Associated User<br />
4364256265 - Joe<br />
1239086434 - Sue<br />
9938381123 - Bob<br />
Where is the Security Problem?<br />
Many users are aware that before logging into a website they should check that they are on a page beginning with HTTPS (instead of HTTP). HTTPS uses Transport Layer Security (TLS) (sometimes referred to as SSL) to ensure that the password is sent over an encrypted connection. This means that a network administrator, the coffee shop folks running a wireless hotspot, or even the coffee drinker sitting next to you, is unable to view your password when it is sent over the network.<br />
<br />
The problem is in the next step. As we discussed above, the username and password is only sent once. After that, the web browser sends the session id to the website in order to identify the user. Unfortunately many websites have decided not to implement TLS/SSL for the communication after the login process. This means that although your password is sent over an encrypted channel, the session id is not. Since the session id represents the user's identity with the website, anyone that obtains the session id thereby becomes the associated user.<br />
<br />
How Does The Attacker Obtain Your Session ID?<br />
The attacker, in this case the user running Firesheep, executes a man in the middle attack which tells your computer to send all of your traffic to the attacker's machine before it is sent out to the Internet. This allows the attacker to easily view any data that is not encrypted like the session id. Encrypted data, such as the username and password, can not be viewed by the attacker even if he is executing a man in the middle attack. <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3xFCj1XwYAKsR84ZBweFhOolHhMsTTqcI7LZxMiSsNhu_Xd4nCJwHiuodouQSU1OUtIK8bCAkZL4omXGJnZ21avSbCLI-LvdbHVzl3YClpqd-pwmLZ_5lITKn-nzaLe20uSCov6kF7bg/s1600/firesheep-man-in-the-middle.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3xFCj1XwYAKsR84ZBweFhOolHhMsTTqcI7LZxMiSsNhu_Xd4nCJwHiuodouQSU1OUtIK8bCAkZL4omXGJnZ21avSbCLI-LvdbHVzl3YClpqd-pwmLZ_5lITKn-nzaLe20uSCov6kF7bg/s1600/firesheep-man-in-the-middle.jpg" /></a></div><br />
To summarize, although the attacker can't obtain your password, they can obtain your session id. And this is just as good. Because with the session id the attacker can do anything in the website as you. In Facebook they could add new friends or make status updates and on Twitter they could tweet random messages. All of this would appear to normal just as if you had made these actions yourself.<br />
<br />
Stay tuned for post #2 in the Firesheep series : Spotting Websites Vulnerable to Firesheep <br />
<br />
-Michael CoatesSangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-18861520993943532442010-11-02T13:21:00.001-07:002010-11-02T13:21:35.750-07:00ProFTPD TELNET_IAC Remote Code Execution Vulnerability-- CVSS ----------------------------------------------------------------<br />10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)<br /><br />-- ABSTRACT ------------------------------------------------------------<br /><br />TippingPoint has identified a vulnerability affecting the following<br />products:<br /><br /> ProFTPD FTP Server<br /><br />-- VULNERABILITY DETAILS -----------------------------------------------<br /><br />This vulnerability allows remote attackers to execute arbitrary code on<br />vulnerable installations of ProFTPD. Authentication is not required to<br />exploit this vulnerability.<br /><br />The flaw exists within the proftpd server component which listens by<br />default on TCP port 21. When reading user input if a TELNET_IAC escape<br />sequence is encountered the process miscalculates a buffer length<br />counter value allowing a user controlled copy of data to a stack buffer.<br />A remote attacker can exploit this vulnerability to execute arbitrary<br />code under the context of the proftpd process.<br /><br />Tested on proftpd-1.3.3a.<br />[Switching to process 31268]<br />0x0806d498 in pr_netio_telnet_gets (buf=0xbf979ffc 'A' <repeats 200<br />times>..., buflen=4294963202, in_nstrm=0x97d77e4, out_nstrm=0x97d79f4)<br />at netio.c:1103<br />1103 *bp++ = cp;<br /><br />FTP commands are read by function pr_cmd_read() of file<br />src/main.c (line 566).<br /><br />The function pr_cmd_read() uses a local buffer (line 568):<br /> char buf[PR_DEFAULT_CMD_BUFSZ+1] = {'\0'};<br /><br />At line 582, pr_cmd_read() calls pr_netio_telnet_gets():<br /> if (pr_netio_telnet_gets(buf, sizeof(buf)-1, [...]<br /><br />The second parameter of pr_netio_telnet_gets() is "sizeof(buf)-1",<br />so its value is :<br /> sizeof(buf)-1 =<br /> (PR_DEFAULT_CMD_BUFSZ+1)-1 =<br /> PR_DEFAULT_CMD_BUFSZ = [defined in src/main.c]<br /> PR_TUNABLE_PATH_MAX + 7 = [defined in include/options.h]<br /> MAXPATHLEN + 7 = [on Linux, MAXPATHLEN==4096]<br /> 4096 + 7 =<br /> 4103<br /><br />The function pr_netio_telnet_gets() is defined in src/netio.c<br />(line 991):<br /> pr_netio_telnet_gets(char *buf, size_t buflen, [...]<br /><br />We have buflen==4103. It is first decremented, and then<br />each read character decrements it. This is inside a loop<br />which stops when buflen==0, or when a '\n' character<br />is found (line 1039).<br /><br />However, on line 1073, there is:<br /> buflen--;<br />So, buflen can be decremented by TWO inside the loop. This<br />case occurs because the function processes TELNET_IAC<br />escape characters followed by a TELNET_xyz character.<br /><br />So, successive buflen values can be :<br /> 4103<br /> 4102<br /> ...<br /> 3<br /> 2<br /> 1 (here we manage to decrement by TWO, by putting<br /> a TELNET_IAC character at this location)<br /> -1<br /> -2<br /> ...<br />So, the loop never stops because buflen is never zero.<br />The loop will only stop when a '\n' character is found<br />(line 1039).<br /><br />So, every character between the TELNET_IAC and the<br />'\n' will overflow the stack buffer. This is a classical<br />stack overflow.<br /><br /><br />-- CREDIT --------------------------------------------------------------<br /><br />This vulnerability was discovered by:<br /><p> * Anonymous<br /></p><p><br /></p><p><br /></p>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-6077588492411463832010-11-02T04:56:00.000-07:002010-11-06T01:50:09.426-07:00Playing with MS10-061General Information<br />
Executive Summary<br />
<br />
This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.<br />
<br />
This security update is rated Critical for all supported editions of Windows XP, and Important for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.<br />
<br />
The security update addresses the vulnerability by correcting the manner in which the Printer Spooler service validates user permissions. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.<br />
<br />
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.<br />
<br />
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.<br />
<br />
See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.<br />
<br />
<a href="http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx">Read More</a><br />
Let's write some thing to %SystemRoot%\\system32 ;))<br />
<br />
<iframe src="http://player.vimeo.com/video/16534822" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/16534822">Playing with MS10-061 Vietnamese</a> from <a href="http://vimeo.com/user5147156">Sangteamtham</a> on <a href="http://vimeo.com">Vimeo</a>.</p><br />
Download the demo video and play with me :)<br />
<br />
<br />
<a href="http://hotfile.com/dl/78231484/7457bed/spool.rar.html">Link</a>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-28461855918262401122010-09-07T11:06:00.001-07:002010-09-07T11:12:12.484-07:00New Twitter XSS vulnerability<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_Fdy05OJTH4cypwv1kWxfvPB1MliEANFklEQK5mQhWRGy9O8dcLwaMN2oTy1oZd57UyxEqvBpX7WmkpklAgz0aHe4G-k4_s-peeQBlr1TQbujlBouJiR87duUeAQ_q_VX4DeOAD9BSU/s1600/tw3.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_Fdy05OJTH4cypwv1kWxfvPB1MliEANFklEQK5mQhWRGy9O8dcLwaMN2oTy1oZd57UyxEqvBpX7WmkpklAgz0aHe4G-k4_s-peeQBlr1TQbujlBouJiR87duUeAQ_q_VX4DeOAD9BSU/s320/tw3.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5514235986655238114" /></a><br />Twitter XSS vulnerability on http://dev.twitter.com/apps/<br /><br /><p>When you sign up for application, you can authorize some domains. Then, instead of adding domains, you add some malicious code into the form.</p><p><br /></p><p><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPUPLnqWNyPNX6GCEHyl-2Bq5moR_XMsURM_JgAyOGwh2xH8BicMXTevSfhmh2WatRu6KfG6FOniMyCu_8eIFMq5APWaYO4IbwhTZg_Vg8VZY_bEzhSagwDwQVzHVsNvytVCANFsVPIoU/s1600/twitter.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 180px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPUPLnqWNyPNX6GCEHyl-2Bq5moR_XMsURM_JgAyOGwh2xH8BicMXTevSfhmh2WatRu6KfG6FOniMyCu_8eIFMq5APWaYO4IbwhTZg_Vg8VZY_bEzhSagwDwQVzHVsNvytVCANFsVPIoU/s320/twitter.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5514234955247333058" /></a></p><p>I found it today and reported it to twitter. <br /></p> <br /><p><br /></p>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-30074552245066338072010-06-22T09:45:00.000-07:002010-06-22T09:48:10.154-07:00<p>Hôm nay chém gió trên exploit-db rồi :D.</p><p>http://tinypaste.com/ea474</p><p>http://tinypaste.com/30930</p><p>chém 2 phát cũng mệt quá lăn ra ngủ giờ mới dậy :"></p>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0tag:blogger.com,1999:blog-898908015048537991.post-70240215891041475222009-11-25T09:40:00.001-08:002010-03-10T04:34:47.816-08:00<p>This bug was reported to vendor and everything is ok now. That's why I public this exploit for admins of shops to test.</p><p>Exploit here:</p><p> http://paste2.org/p/710416<br /></p><p><br /></p><p><br /></p><p>Also in securityfocus</p><p><a href="http://www.securityfocus.com/bid/37065">http://www.securityfocus.com/bid/37065</a></p><p>And </p><p><a href="http://secunia.com/advisories/37402/">http://secunia.com/advisories/37402/</a></p><p><br /></p><p>but they wrote my nickname so bad :(</p>Sangteamthamhttp://www.blogger.com/profile/15208407024056130906noreply@blogger.com0