Comments for www.notsosecure.com

Comment on Hacking Oracle 11g by Bug in Oracle 11g « Shimoon Security

Bug in Oracle 11g « Shimoon Security — Fri, 12 Feb 2010 18:42:49 +0000

[...] Il codice fornito da Litchfield e presente sul sito notsosecure. [...]

Comment on Hacking Oracle 11g by Gildus» Blog Archive » Las bases de datos de Oracle pueden hackearse remotamente

Wed, 10 Feb 2010 21:22:51 +0000

[...] 10.2.0.4), pero no fue solucionado en los parches de seguridad de enero. Por lo que ha decidido hacerlo público (”11g 0day exploit”) durante la conferencia Black Hat en Washington el [...]

Comment on Hacking Oracle 11g by admin

admin — Tue, 09 Feb 2010 19:29:40 +0000

btw, the video is now online again:

https://media.blackhat.com/bh-dc-10/video/Litchfield_David/BlackHat-DC-2010-Litchfield-Oracle11g-video.m4v

Comment on Local File Inclusion with Magic_quotes_gpc enabled by Week 5 in Review | Infosec Events

Week 5 in Review | Infosec Events — Mon, 08 Feb 2010 14:28:19 +0000

[...] Local File Inclusion with Magic_quotes_gpc enabled – notsosecure.com Penetration using magic_quote_gpc and PHP [...]

Comment on Hacking Oracle 11g by Alexander Kornbrust Oracle Security Blog » Blog Archive » Oracle 11g 0day exploit published

Sat, 06 Feb 2010 07:42:39 +0000

[...] just read on Sumit Siddarth’s (Sid) blog that the video recording from David Litchfield’s BH presentation is was [...]

Comment on Open Redirection by sysmox.com

sysmox.com — Sat, 06 Feb 2010 00:20:33 +0000

good technice to avoid xss

Comment on Local File Inclusion with Magic_quotes_gpc enabled by kuza55

kuza55 — Wed, 03 Feb 2010 06:16:38 +0000

Similar stuff is possible on linux: http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/

Comment on Local File Inclusion with Magic_quotes_gpc enabled by sid

sid — Tue, 02 Feb 2010 16:16:13 +0000

Hi skully, please see the update, you dont need magic quote at all. I managed to make so many mistakes in a small blog post

Comment on Local File Inclusion with Magic_quotes_gpc enabled by skully

skully — Tue, 02 Feb 2010 16:07:27 +0000

Hi,
Very interesting only I am not able to reproduce it. I tested from 100 to > 4096 dots, this does not disable the NULL byte from being escaped.

You say you tested on WAMP ? ie: Windows ? How can /etc/passwd work on windows ?

I tried in windows also, and it failed. Could you please explain or give poc code ?

Thanks

Comment on Local File Inclusion with Magic_quotes_gpc enabled by sid

sid — Tue, 02 Feb 2010 12:18:38 +0000

Hi Bogan,

i have only tested it on windows, while the backslash(\) will get escaped by magic quote the forward slash will not be escaped, so that explains why it will only work if include is relational in windows.

~~I can confirm that in my windows setup, it worked with null byte~~. As you pointed out, it doesn’t work with null byte and the null byte is actually not required.