Archive for June, 2007

Basic SQL Injection

Published at June 30, 2007 in Articles. Comments

demonstrate the use of SQL Injection used in logon authetication on some websites

$user = $_POST["ulogin"];
$pass = $_POST["plogin"];
$sqlquery = mysql_query("SELECT * FROM login WHERE user=’$user’ AND pass=’$pass’");
$rows = mysql_fetch_row($sqlquery);

So lets login with a user called "hammer" (aptly named) and the password "123456", the query changes to this:

$sqlquery = mysql_query("SELECT * FROM login WHERE user='hammer' AND pass='123456'")

if ($rows == 0) {
die(’Incorrect Login.’);
}

Now lets inject.
Lets say we can see that the admin is called "admin" but we dont know his pass we put in this "1′ OR ‘1′=’1" which changes it to:

$sqlquery = mysql_query("SELECT * FROM login WHERE user='FeaR' AND pass='' OR '1'='1'")

As you can see this confuses the databse as all the condition are met ‘ equals ‘ and 1 equals 1, so this will log you in, only if addslashes() is off. Otherwise it wont work.

Debian Security Update Fixes krb5 Multiple Remote Code Execution Vulnerabilities

Published at June 29, 2007 in Vulnerabilities & Exploits. Comments

Technical Description 
Multiple vulnerabilities have been identified in Debian, which could be exploited by attackers to cause a denial of service or take complete control of an affected system. These issues are caused by errors in krb5.

Affected Products 
Debian GNU/Linux sarge 
Debian GNU/Linux etch 
Debian GNU/Linux sid 

Solution 
Debian GNU/Linux sarge - Upgrade to krb5 version 1.3.6-2sarge5 
Debian GNU/Linux etch - Upgrade to krb5 version 1.4.4-7etch2 
Debian GNU/Linux sid - Upgrade to krb5 version 1.6.dfsg.1-5

SuSE Security Update Fixes OpenOffice RTF Parser Heap Overflow Vulnerability

Published at June 29, 2007 in Vulnerabilities & Exploits. Comments

Technical Description 
A vulnerability has been identified in SuSE, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in OpenOffice.org. 

Affected Products 
SUSE LINUX 10.0 
SUSE LINUX 10.1 
openSUSE 10.2 
SuSE Linux Desktop 1.0 
Novell Linux Desktop 9 
SUSE Linux Enterprise Desktop 10 SP1 
SLE SDK 10 SP1 

Solution 
Upgrade the affected packages : 
ftp://ftp.suse.com/pub/suse/update/

Fedora Security Update Fixes krb5 Multiple Remote Code Execution Vulnerabilities

Published at June 29, 2007 in Vulnerabilities & Exploits. Comments

Technical Description 
Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or take complete control of an affected system. These issues are caused by errors in krb5. 

Affected Products 
Fedora Core 5 
Fedora Core 6 
Fedora 7 

Solution 
Upgrade the affected packages :
df88d2ea6096fb63a47230d4ca059dd937475c63 krb5-workstation-servers-1.6.1-2.1.fc7.ppc64.rpm
be021d6228a34480f4aea65b3fd2eb7030f28d31 krb5-devel-1.6.1-2.1.fc7.ppc64.rpm
668a857225f2429b3e0a60906ab93659a632496e krb5-workstation-1.6.1-2.1.fc7.ppc64.rpm
66cc8e6c6e7c18c5f9c1dfb9de78d984b83cab38 krb5-debuginfo-1.6.1-2.1.fc7.ppc64.rpm
736782fb282dfd8fc94bd63c0be78456f2d3f5aa krb5-server-ldap-1.6.1-2.1.fc7.ppc64.rpm
e6c05e90c40eb8d565d9795f036b2c07365c32c2 krb5-libs-1.6.1-2.1.fc7.ppc64.rpm
018006c578577531eb00d9f70b4803f95ca4607a krb5-workstation-clients-1.6.1-2.1.fc7.ppc64.rpm
a553d46b3e40d082ad7fe4da9daf06060e48c3da krb5-server-1.6.1-2.1.fc7.ppc64.rpm
81abc9040b532b3a58c31cd8feb63c6093121816 krb5-server-1.6.1-2.1.fc7.i386.rpm
a87ee65b2aa0548ad20650f5f02bd5fc818c7e3e krb5-debuginfo-1.6.1-2.1.fc7.i386.rpm
0f4d5c529062f54899a6e0fa30c5c4acda364c5b krb5-server-ldap-1.6.1-2.1.fc7.i386.rpm
870f14b92cbc2da69d173a97de5fc2a84adbf659 krb5-workstation-1.6.1-2.1.fc7.i386.rpm
f86e1d89a0f960b34b812b7782df0671726d38a2 krb5-workstation-servers-1.6.1-2.1.fc7.i386.rpm
b637ea976e83974eaf0920ba1da3ed87229b7376 krb5-devel-1.6.1-2.1.fc7.i386.rpm
d6b8588fd9b7b8a4e3827227a8df28329b593423 krb5-libs-1.6.1-2.1.fc7.i386.rpm
47d62012d512f3dcf459d806ad91c1e9a4367f0d krb5-workstation-clients-1.6.1-2.1.fc7.i386.rpm
0bcd584dc657500f6e48a52509ba4204d973de2a krb5-server-1.6.1-2.1.fc7.x86_64.rpm
62e260640803bf73cfc1129df4b0c7468d783d92 krb5-libs-1.6.1-2.1.fc7.x86_64.rpm
87a4be95ecd88d2f45b32354a68d81689d7f7d22 krb5-debuginfo-1.6.1-2.1.fc7.x86_64.rpm
b7611a8035c01ff1213b9ce6e22dd78dc90b449d krb5-server-ldap-1.6.1-2.1.fc7.x86_64.rpm
7af913ef26ae49a143e9308b80c37292f7aefce2 krb5-devel-1.6.1-2.1.fc7.x86_64.rpm
79532c27ab270fb98a4bb5856ab848b3e3cd0901 krb5-workstation-servers-1.6.1-2.1.fc7.x86_64.rpm
780e69761e6048c9d062d19ce6587be2e3f3411a krb5-workstation-1.6.1-2.1.fc7.x86_64.rpm
9e63cf6a09b285c90be827ffc41ff305a7169c8b krb5-workstation-clients-1.6.1-2.1.fc7.x86_64.rpm
decaeb72188bdd6a0336c57c70f669616a7ac6c5 krb5-server-ldap-1.6.1-2.1.fc7.ppc.rpm
cf8ad9d66d1ff374fa82493f8f8fda2225dab378 krb5-libs-1.6.1-2.1.fc7.ppc.rpm
05592682d91e004fe89778dd4a003c5b09944ad3 krb5-server-1.6.1-2.1.fc7.ppc.rpm
d9f614ee0dfa346ad4ca06b1f1315a73b7c70edc krb5-workstation-1.6.1-2.1.fc7.ppc.rpm
a4794c770d0471033d9f035aa03b27d6bace8bcf krb5-devel-1.6.1-2.1.fc7.ppc.rpm
45d84090e08f0aa2101ff825e25e4f61ae00d4f2 krb5-debuginfo-1.6.1-2.1.fc7.ppc.rpm
8ad513773370fe35d8bee8d51c67723b709671df krb5-workstation-clients-1.6.1-2.1.fc7.ppc.rpm
e160bcf8dd15e557d949b13ac7d21c651d2296b4 krb5-workstation-servers-1.6.1-2.1.fc7.ppc.rpm
a7dbd93fc68fa19eca6f63e97a339d5912b3a0d3 krb5-1.6.1-2.1.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

e2a843a2baea968130a4b9ff87d0f81995815c17 SRPMS/krb5-1.5-21.1.src.rpm
e2a843a2baea968130a4b9ff87d0f81995815c17 noarch/krb5-1.5-21.1.src.rpm
708c11e9914d333cec25e1e6178386749c16c874 ppc/krb5-server-1.5-21.1.ppc.rpm
534e63b60e95c9e52f107c3e44c989d7a9fa9e90 ppc/krb5-devel-1.5-21.1.ppc.rpm
9bd146132cc34c778a0baa7dbbe1b61961f9775d ppc/krb5-workstation-1.5-21.1.ppc.rpm
4dbefb940fe3ae3598dcd5a0efd4e7b0b2ca1b31 ppc/krb5-libs-1.5-21.1.ppc.rpm
3bf9d87e352cb4f80dbe89c1299321971c3f226c ppc/debug/krb5-debuginfo-1.5-21.1.ppc.rpm
dd12057d1161022ec07fb5905803499c2bbf933d x86_64/krb5-server-1.5-21.1.x86_64.rpm
7603f031b79a4689a2a335c2305c4bf3105cd1c3 x86_64/krb5-devel-1.5-21.1.x86_64.rpm
3c49b537d6881599e249494a4004dd780d9c6b45 x86_64/krb5-workstation-1.5-21.1.x86_64.rpm
f40b1a204d26765a28e887854c8d603e10bc09e4 x86_64/debug/krb5-debuginfo-1.5-21.1.x86_64.rpm
20b0d93025690fc3f515f220f8f0caf646ff7576 x86_64/krb5-libs-1.5-21.1.x86_64.rpm
1b3c0a6fec38a1e165da4a506c68f6585f8f9b8a i386/krb5-workstation-1.5-21.1.i386.rpm
872bb01b8e2cafc5478bf912ff9f5e46d58db1cc i386/debug/krb5-debuginfo-1.5-21.1.i386.rpm
8d167e573d2dc1d2f4f069bccab31a3baaa304b6 i386/krb5-libs-1.5-21.1.i386.rpm
b297c915d9816ba0910125d7edba63a5352885fe i386/krb5-devel-1.5-21.1.i386.rpm
73e1a22a6a698126a337e6a8722f1509fd861d1b i386/krb5-server-1.5-21.1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

428f5a1a16f261507e780a7468adcf054534228a SRPMS/krb5-1.4.3-5.5.src.rpm
428f5a1a16f261507e780a7468adcf054534228a noarch/krb5-1.4.3-5.5.src.rpm
ae9338cee91736eab3a108b8713d4dce56e1e41e ppc/debug/krb5-debuginfo-1.4.3-5.5.ppc.rpm
7a6a044dbe79c2b1e52bb37493a125c81ec3d61a ppc/krb5-server-1.4.3-5.5.ppc.rpm
28f4db0ea0ee174c3d027b387e2dc1de3743920a ppc/krb5-libs-1.4.3-5.5.ppc.rpm
b2b2e49c40a4f2f9896e1968533df905c9bf5a17 ppc/krb5-workstation-1.4.3-5.5.ppc.rpm
d5138a1387d0c53555f30b62453c4acc48c3f850 ppc/krb5-devel-1.4.3-5.5.ppc.rpm
fb2b5ee96faeb4a32e5ebef492e3951f884be0b7 x86_64/debug/krb5-debuginfo-1.4.3-5.5.x86_64.rpm
c38ff027c2fc12e2f5574978d447d3312f46c083 x86_64/krb5-server-1.4.3-5.5.x86_64.rpm
ae8e4ccde571e411765b76813df63179cccb14b0 x86_64/krb5-libs-1.4.3-5.5.x86_64.rpm
a429a9a7e6bc3716bc3762aed47949aafce2fe93 x86_64/krb5-devel-1.4.3-5.5.x86_64.rpm
4097c5826880d51c689cc2ac9598865d2d963d2e x86_64/krb5-workstation-1.4.3-5.5.x86_64.rpm
dbfb9c6daf7737dba40ef46ee83311179664eddd i386/krb5-devel-1.4.3-5.5.i386.rpm
b1d93b42f28f0722f758493897ee8036cce1d8ab i386/krb5-server-1.4.3-5.5.i386.rpm
0d7d3f5d147c26f023e16c5c21f45716bfc04ab2 i386/krb5-libs-1.4.3-5.5.i386.rpm
08bb2e80ac94de576b5bc6129c329fed91e215c1 i386/krb5-workstation-1.4.3-5.5.i386.rpm
270cb51345181477d454f97015af76c5b303a25e i386/debug/krb5-debuginfo-1.4.3-5.5.i386.rpm

Sun Java Web Start Arbitrary File Overwrite and Command Execution Vulnerability

Published at June 29, 2007 in Vulnerabilities & Exploits. Comments

Technical Description
 A vulnerability has been identified in Sun JDK, JRE and SDK, which could be exploited by attackers to bypass security checks and take complete control of an affected system. This issue is caused by an unspecified error in Java Web Start, which may allow an untrusted application to grant itself permissions to overwrite any file that is writable by the user running the application (including the ".java.policy" file) allowing the application to invoke applets or Java Web Start applications that can execute arbitrary code with the privileges of the user running the untrusted application. 

Affected Products 
Sun JDK version 5.0 Update 11 and prior Sun JRE version 5.0 Update 11 and prior Sun JRE version 1.4.2_13 and prior Sun SDK version 1.4.2_13 and prior 

Solution 
Upgrade to J2SE version 5.0 or 1.4.2 : 
http://java.sun.com/j2se/1.5.0/download.jsp 
http://java.sun.com/j2se/1.4.2/download.html