elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Arreglado, de nuevo, el registro del warzone (wargame) de EHN


+  Foro de elhacker.net
|-+  Seguridad Informática
| |-+  Hacking Ético (Moderador: toxeek)
| | |-+  Ayuda con vulnerabilidades
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: Ayuda con vulnerabilidades  (Leído 2,511 veces)
Xenomorfo77

Desconectado Desconectado

Mensajes: 61


Ver Perfil
Ayuda con vulnerabilidades
« en: 2 Mayo 2012, 00:52 am »

Hola a todos, lo primero pedir disculpas por si el post no iva aqui si es asi muevanlo.

Estoy intentando acceder a un host con fines de aprendizaje, tengo permiso para hacerlo. He escaneado los puertos con nmap y he hecho un análisis con nessus integrado en msf, pero a la hora de interpretar los resultados me quedo un poco pillado ya que no entiendo bien como se explotarian esos fallos. Las vulnerabilidades mas graves son estas:


CVE-2006-3918
-------------------------------------------------------------------------------------------------
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP
 Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header
 from an HTTP request when it is reflected back in an error message, which might allow cross-site
scripting (XSS) style attacks using web client components that can send arbitrary headers in requests,
 as demonstrated using a Flash SWF file.
----------------------------------------------------------------------------------------------------
CVE-2007-1581
----------------------------------------------------------------------------------------------------
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary
code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which
 can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through
5.2.13 and 5.3 through 5.3.2 are also affected.
www.milw0rm.com/exploits/3529
------------------------------------------------------------------------------------------------------
CVE-2008-5814
-----------------------------------------------------------------------------------------------------
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled,
 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the
 lack of details, it is unclear whether this is related to CVE-2006-0208.
-----------------------------------------------------------------------------------------------------
CVE-2008-2371
-----------------------------------------------------------------------------------------------------
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7
allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code
 via a regular expression that begins with an option and contains multiple branches.
------------------------------------------------------------------------------------------------------
CVE-2008-5498
------------------------------------------------------------------------------------------------------
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to
 read the contents of arbitrary memory locations via a crafted value of the third argument
(aka the bgd_color or clrBack argument) for an indexed image.
------------------------------------------------------------------------------------------------------
CVE-2009-3557
------------------------------------------------------------------------------------------------------
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows
context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable
 or world-writable directories, via the dir and prefix arguments.
------------------------------------------------------------------------------------------------------
CVE-2009-3555
------------------------------------------------------------------------------------------------------
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in
 Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and
 earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4
and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes
 with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions,
 and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request
 that is processed retroactively by a server in a post-renegotiation context, related to a
 "plaintext injection" attack, aka the "Project Mogul" issue.
------------------------------------------------------------------------------------------------------
CVE-2009-3291
------------------------------------------------------------------------------------------------------
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform
 certificate validation, which has unknown impact and attack vectors, probably related to an ability
 to spoof certificates.
------------------------------------------------------------------------------------------------------
CVE-2009-2687
-----------------------------------------------------------------------------------------------------
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a
 denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
-----------------------------------------------------------------------------------------------------
CVE-2010-1128
-----------------------------------------------------------------------------------------------------
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy,
 which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable,
 as demonstrated by session cookies generated by using the uniqid function.
-----------------------------------------------------------------------------------------------------
CVE-2010-3436
-----------------------------------------------------------------------------------------------------
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions
 via vectors related to the length of a filename.
------------------------------------------------------------------------------------------------------
CVE-2010-4645
------------------------------------------------------------------------------------------------------
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products,
allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point
 value in scientific notation, which is not properly handled in x87 FPU registers,
 as demonstrated using 2.2250738585072011e-308.
------------------------------------------------------------------------------------------------------
CVE-2011-3389
-----------------------------------------------------------------------------------------------------
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer,
 Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained
initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via
a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with javascript code that
uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API,
aka a "BEAST" attack.
-----------------------------------------------------------------------------------------------------
CVE-2011-0411
-----------------------------------------------------------------------------------------------------
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9,
and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers
 to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after
 TLS is in place, related to a "plaintext command injection" attack.
------------------------------------------------------------------------------------------------------
CVE-2011-4566
------------------------------------------------------------------------------------------------------
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2
on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause
a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different
vulnerability than CVE-2011-0708.
------------------------------------------------------------------------------------------------------
CVE-2012-0053
------------------------------------------------------------------------------------------------------
Protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information
 during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain
 the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction
 with crafted web script.



¿Alguien sabe como se usaria alguna de estas vulnerabiliades?

Un saludo y gracias.
En línea

Stakewinner00


Desconectado Desconectado

Mensajes: 1.426



Ver Perfil WWW
Re: Ayuda con vulnerabilidades
« Respuesta #1 en: 6 Junio 2012, 21:40 pm »

Tampoco es tan dificil
 hya te pone k encontro una de XSS una k puede hacer DDOS es question de leer y mirar donde esta el bug

si me dices k web es yo tambien estoy interesado en aprender
En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
FAQ de Vulnerabilidades « 1 2 3 »
Bugs y Exploits
sirdarckcat 28 78,796 Último mensaje 27 Abril 2015, 16:22 pm
por Grado 33
[Ayuda] Encontrar Vulnerabilidades « 1 2 »
Hacking Básico
HRay 16 15,602 Último mensaje 10 Julio 2019, 21:46 pm
por Drakaris
ayuda sobre vulnerabilidades de servidor web?
Hacking Básico
HALC12 8 4,914 Último mensaje 13 Julio 2011, 21:03 pm
por HALC12
Ayuda con vulnerabilidades en páginas
Bugs y Exploits
Ballest HS 1 2,022 Último mensaje 7 Enero 2013, 03:49 am
por jdc
[Ayuda] Buscar vulnerabilidades en mi sitio [Ayuda]
Hacking Básico
DanieLDiaz- 0 1,135 Último mensaje 17 Abril 2013, 00:04 am
por DanieLDiaz-
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines