2011
02.04

QuickShare File Server 1.2.1 FTP Directory Traversal Vulnerability

Category: Vulnerability / Tag:  / Add Comment

QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system.

Software Description

QuickShare File Server is a easy to use file sharing software helps you build your own file server. Users could access your server through web browsers or FTP client softwares (In most case, they need not to install any extra softwares). Users could send or receive large files to or from you. You could create account and set password to protect your files.

Read More >>

2011
02.03

FTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit

Category: Exploit, Research, Vulnerability / Tag:  / 1 comment

A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system.

The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to a malicious server that is running PASV mode. The PASV command is issued to tell the server that the client wishes to transfer files in passive mode. FTP servers that support passive mode will respond to such a request with an IP address and port number.

Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into connecting to a malicious FTP server.

Read More >>

2011
02.02

Cara menggunakan PwdHash

Category: Info, Tools, Tutorials / Tag:  / 7 comments

Sekali waktu berkumpul dengan dE brothers, berbicara dari hal mudah sampai dengan hal sulit dalam hal ngoprek, dan muncul beberapa masalah dalam hal mengingat password, mungkin disebabkan keterbatasan otak manusia. nah salah satu rekan dari dE menceritakan tentang bagaimana menggunakan PwdHash untuk memudahkan kita dalam mengisi password, walaupun teknik menggunakan Pwdhash ini sudah 2 tahun belakangan ini ada.

Secara konsep PwdHash ini men-generate hash dari “Site-Address” dan “Site Password” menjadi Hashed Password, jadi apapun website/forum/socialnetwork/email kita hanya membutuhkan 1 password yang kita ingat saja, mudah kan. Tapi jika dilihat dari sisi Keamanan user menurun (hanya 1 password), Kenyamanan user (tinggi, tidak harus banyak ingat password), Keamanan teknis password (tinggi , hasil hash/ kombinasi password yang baik)

Berikut tahap-tahap jika anda ingin menggunakan PwdHash :

Read More >>