Thursday, 14 May 2015

同桌的妳 老狼 - 戀戀風塵 - 學生時代純真感情音樂


青春紅的耀眼,綠的瘋狂,清的雋秀,藍的可愛。青春挺挺拔拔,敏敏捷捷,瀟瀟灑灑,幽幽雅雅。青春純純樸樸,厚厚實實,潔潔白白,光光彩彩。青春熱熱情情,風風火火,毛毛草草,沖沖撞撞。做此視頻,紀念曾經的同學,曾經的感情,曾經的美麗。

青春是壹個短暫的美夢,青春是壹個短暫的美夢,當妳醒來時,早已消失得無影無蹤了,我們唯壹的美中不足,就是成長得太快了。



歌曲:同桌的妳
歌手:老狼
譜曲: 高曉松

歌曲歌詞:
明天妳是否會想起
昨天妳寫的日記
明天妳是否還惦記
曾經最愛哭的妳
老師們都已想不起
猜不出問題的妳
我也是偶然翻相片
才想起同桌的妳
誰娶了多愁善感的妳
誰安慰愛哭的妳
誰把妳的長發盤起
誰給妳做的嫁衣
妳從前總是很小心
問我借半塊橡皮
妳也曾無意中說起
喜歡和我在壹起
那時候天總是很藍
日子總過得太慢
妳總說畢業遙遙無期
轉眼就各奔東西
誰遇到多愁善感的妳
誰安慰愛哭的妳
誰看了我給妳寫的信
誰把它丟在風裏
從前的日子都遠去
我也將有我的妻
我也會給她看相片
給她講同桌的妳
誰娶了多愁善感的妳
誰安慰愛哭的妳
誰把妳的長發盤起
誰給妳做的嫁衣




制作: 谷雨 (Essayjeans) @tetraphibious
圖片: 來自網上
http://diebiyi.com/articles/category/essayjeans/
(http://www.tetraph.com/wangjing)


視頻地址:
https://www.youtube.com/watch?v=c66SPoe_kYw


歌詞鏈接:
http://tetraph.blog.163.com/blog/static/234603051201541432236913/


推特:
https://twitter.com/justqdjing/status/598747933257830400


樂乎:
http://essayjeanslike.lofter.com/post/1cf58cfa_6f32a42


湯博樂:
http://xingti.tumblr.com/post/118929550955


谷歌+:
https://plus.google.com/u/0/+essayjeans/posts/VapxEvHAbiD


臉書:
https://www.facebook.com/essayjeans/posts/828134663944354


微博:
http://t.qq.com/p/t/482013119151329







Wednesday, 13 May 2015

一生有你 水木年华 - 慢慢相随 - 清新华语音乐



















一生有你,世界上最美的事实是有人陪你慢慢变老。夜里最美丽的流星,载著我心中的梦。希望能在茫茫人海中与你相逢。我愿一生陪伴你,不知你是否愿意,不管天涯海角多艰辛,我还是要找到你。我愿一生陪伴你,不管你是否在意,就算海枯石烂天变心,我还是一洋爱你。从来没有向你表达我的爱意,


歌曲:一生有你
歌手:水木年华
谱曲: 卢庚戌    编曲: 李延亮


因为梦见你离开
我从哭泣中醒来
看夜风吹过窗台
你能否感受我的爱
等到老去那一天
你是否还在我身边
看那些誓言谎言
随往事慢慢飘散
多少人曾爱慕你年轻时的容颜
可知谁愿承受岁月无情的变迁
多少人曾在你生命中来了又还
可知一生有你我都陪在你身边
因为梦见你离开
我从哭泣中醒来
看夜风吹过窗台
你能否感受我的爱
等到老去那一天
你是否还在我身边
看那些誓言谎言
随往事慢慢飘散
多少人曾爱慕你年轻时的容颜
可知谁愿承受岁月无情的变迁
多少人曾在你生命中来了又还
可知一生有你我都陪在你身边
当所有一切都已看平淡
是否有一种坚持还留在心间
呼哦 哦
多少人曾爱慕你年轻时的容颜
可知谁愿承受岁月无情的变迁
多少人曾在你生命中来了又还
可知一生有你我都陪在你身边
多少人曾爱慕你年轻时的容颜
可知谁愿承受岁月无情的变迁
多少人曾在你生命中来了又还
可知一生有你我都陪在你身边
可知一生有你我都陪在你身边



制作: 谷雨 (Essayjeans) @essayjeans
图片: 来自网上
http://www.inzeed.com/kaleidoscope/category/essayjeans/
(http://www.tetraph.com/wangjing)





视频地址:
https://www.youtube.com/watch?v=5iIsi-QSP0E


歌词链接:
http://www.tetraph.com/blog/musics/yishengyouni/


推特:
https://twitter.com/buttercarrot/status/598723532562894848


乐乎:
http://whitehatpostlike.lofter.com/post/1cf58911_6f2d660


汤博乐:
http://canghaixiao.tumblr.com/post/118925358777


谷歌:
https://plus.google.com/u/0/111862222305893832575/posts/QN6AQMKBTwk


脸书:
https://www.facebook.com/essaybeans/posts/561825200625617








麥克斯韋公式 – 在歐幾裏得空間的微分形式

Maxwell’s Formulation – Differential Forms on Euclidean Space
Author: Wang Jing
Institute: School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

















One of the greatest advances in theoretical physics of the nineteenth century was Maxwell's formulation of the the equations of electromagnetism. This article uses differential forms to solve a problem related to Maxwell's formulation. The notion of differential form encompasses such ideas as elements of surface area and volume elements, the work exerted by a force, the flow of a fluid, and the curvature of a surface, space or hyperspace. An important operation on differential forms is exterior differentiation, which generalizes the operators div, grad, curl of vector calculus. the study of differential forms, which was initiated by E.Cartan in the years around 1900, is often termed the exterior differential calculus.However, Maxwell's equations have many very important implications in the life of a modern person, so much so that people use devices that function off the principles in Maxwell's equations every day without even knowing it.





Source:
http://xingti.tumblr.com/post/118911144410










Delaunay 三角剖分 - 從 2-D Delaunay 到 3-D Delaynay

Delaunay Triangulation - From 2-D Delaunay to 3-D Delaunay
Author: Wang Jing
Institute: School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore


Delaunay triangulations are widely used in scientific computing in many diverse applications. While there are numerous algorithms for computing triangulations, it is the favorable geometric properties of the Delaunay triangulation that make it so useful.


























The fundamental property is the Delaunay criterion. In the case of 2-D triangulations, this is often called the empty circumcircle criterion. For a set of points in 2-D, a Delaunay triangulation of these points ensures the circumcircle associated with each triangle contains no other point in its interior. This property is important. In the illustration below, the circumcircle associated with T1 is empty. It does not contain a point in its interior. The circumcircle associated with T2 is empty. It does not contain a point in its interior. This triangulation is a Delaunay triangulation. This presentation discusses how to extend 2-D Delaunay to 3-D Delaynay.




Source:
http://mathpost.tumblr.com/post/118858562380/delaunay-2-d-delaunay-3-d-delaynay



CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

















CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0
Tested Version: v4.1.3   v4.1.1   v4.1.2
Advisory Publication: February 18, 2015
Latest Update: April 05, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Preposition Details:



(1) Vendor & Product Description:



Vendor:

InstantASP


Product & Version:

InstantForum.NET
v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0


Vendor URL & Download:

InstantForum.NET can be purchased from here,
http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html


Product Introduction Overview:

“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements."

"The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators."


"The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum."






(2) Vulnerability Details:

InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.


(2.1) The first programming code flaw occurs at "&SessionID" parameter in “Join.aspx?” page.


(2.2) The second programming code flaw occurs at "&SessionID" parameter in “Logon.aspx?” page.






References:






互聯網登錄系統曝出重大漏洞 黑客可用知名網站釣魚 - Covert Redirect



















繼OpenSSL漏洞後,開源安全軟件再曝安全漏洞。新加坡南洋理工大學研究人員,物理和數學科學學院博士生王晶 (Wang Jing) 發現,OAuth 2.0, OpenID 授權接口的網站存隱蔽重定向漏洞、英文名為“Covert Redirect”。


攻擊者創建壹個使用真實站點地址的彈出式登錄窗口——而不是使用壹個假的域名——以引誘上網者輸入他們的個人信息。


黑客可利用該漏洞給釣魚網站“變裝”,用知名大型網站鏈接引誘用護登錄釣魚網站,壹旦用護訪問釣魚網站並成功登六授權,黑客即可讀取其在網站上存儲的私密信息。


騰訊,阿裏巴巴,QQ、新浪微博、淘寶網,支付寶,網易,PayPal, eBay, Amazon, Facebook、Google, LinkedIn, Yahoo, VK.com, Microsoft,  Mail.ru, Github, WordPress 等國內外大量知名網站受影響。


鑒於OAuth和OpenID被廣泛用於各大公司——如微軟、Facebook、Google、以及 LinkedIn——Wang表示他已經向這些公司已經了匯報。Wang聲稱,微軟已經給出了答復,調查並證實該問題出在第三方系統,而不是該公司的自 有 站點。Facebook也表示,“短期內仍無法完成完成這兩個問題的修復工作,只得迫使每個應用程序平臺采用白名單”。至於Google,預計該公司 會追 蹤OpenID的問題;而LinkedIn則聲稱它將很快在博客中說明這壹問題。


OAuth 是壹個被廣泛應用的開放登六協議,允許用護讓第三方應用訪問該用護在某壹網站上存儲的私密的信息(如照片,視頻,聯系人列表),而無需將用護名和密碼提供給第三方應用。這次曝出的漏洞,可將Oauth2.0的使用方(第三方網站)的回跳域名劫持到惡意網站去,黑客利用XSS漏洞攻擊就能隨意操作被授權的帳號,讀取用護的隱私信息。像騰訊、新浪微博等社交網站壹般對登六回調地址沒有任何限制,極易遭黑客利用。










相關資料,
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://techxplore.com/news/2014-05-math-student-oauth-openid-vulnerability.html
http://phys.org/news/2014-05-math-student-oauth-openid-vulnerability.html
http://news.yahoo.com/facebook-google-users-threatened-security-192547549.html
http://thehackernews.com/2014/05/nasty-covert-redirect-vulnerability.html
http://blog.kaspersky.com/facebook-openid-oauth-vulnerable/
https://hackertopic.wordpress.com/2014/05/26/covert-redirect-attacks
http://www.foxnews.com/tech/2014/05/05/facebook-google-users-threatened-by-new-security-flaw/
http://network.pconline.com.cn/471/4713896.html
http://computerobsess.blogspot.com/2015/05/covert-redirect.html
http://ittechnology.lofter.com/post/1cfbf60d_6f09f58
http://diebiyi.com/articles/security/covert-redirect/oauth-2-0-openid-covert-redirect/
https://zh.wikipedia.org/wiki/covert-redirect
http://media.sohu.com/20140504/n399096249.shtml/
http://it.people.com.cn/n/2014/0504/c1009-24969253.html
http://www.inzeed.com/kaleidoscope/covert-redirect/oauth-2-0-and-openid-covert-redirect/
http://www.baike.com/wiki/covert-redirect-bug
http://www.csdn.net/article/2014-05-04/2819588




Tuesday, 12 May 2015

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击


















About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。 


根据漏洞研究者发布的结果POC视频,所有About.com的话题(子域名)都可以被攻击者利用。



新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。



与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X Lion 10.7 的 Apple Safari 6.1.6 上进行的。



XSS (Cross- site Scripting) 可以用来窃取用户信息,控制用户浏览器,和进行 DOS (Denial of Service) 攻击。 XFS (Cross-frame Scripting) 也叫 iFrame Injection,可以修改用户浏览器页面内容。



在发布漏洞的同时,王晶还说明因为 About Group 的普遍性,它的漏洞可以用来对其他网站进行隐蔽重定向攻击 (Covert Redirect);XFS 则可以用来对计算机和网络进行 DDOS (Distributed Denial of Service) 黑客攻击。这些漏洞发布在著名漏洞平台 Full-Disclosure 上和他的个人博客上。



王晶是一名学生安全研究人员。他发布了包括谷歌,脸书,亚马逊,阿里巴巴,电子湾,领英等多家公司网站的重要漏洞以及大量网络应用程序的补丁。










相关新闻:
http://www.zdnet.com/article/over-99-percent-of-about-com-links-vulnerable-to-xss-xfs-iframe-attack/
http://www.securityweek.com/xss-xfs-open-redirect-vulnerabilities-found-aboutcom
http://securityaffairs.co/wordpress/33070/hacking/com-affected-xss-xfs-open-redirect-vulnerabilities-since-october-2014.html
http://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html
http://www.zoomit.ir/it-news/security/17394-about-com-links-vulnerable-to-xss-xfs
http://itsecurity.lofter.com/post/1cfbf9e7_6f05a63
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
http://securitypost.tumblr.com/post/118837857592/about-group-99-88-xss-xfs-about
http://www.inzeed.com/kaleidoscope/computer-security/about-group-xss-xfs/
https://www.secnews.gr/99percent-about-xss-xfs-attack-exploit
http://www.decomoadesinstalar.com/abrir-codigo-iframe-xss-xfs-ataque-mas-del-99-por
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547
http://www.40kalagh.net/about-grope-xss-and-xfs

https://hackertopic.wordpress.com/2015/03/07/about-group-xss
http://tetraph.blogspot.com/2015/05/about-group-9988-xss-xfs.html



CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security 0Day Vulnerabilities
















CVE-2014-9469  vBulletin XSS (Cross-Site Scripting) Web Security 0Day Vulnerabilities


Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: vBulletin Forum
Vendor: vBulletin
Vulnerable Versions: 5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4
Tested Version: 5.1.3 4.2.2 
Advisory Publication: February 12, 2015
Latest Update: February 26, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Writer and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Preposition Details:

(1) Vendor & Product Description:
Vendor: 
vBulletin


Product & Version: 
vBulletin Forum
5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4


Vendor URL & Download: 
vBulletin can be acquired from here,


Product Introduction Overview:
"vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server."

Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.

Simplified site set up and customization
The new Site Builder makes it easier than ever to build and manage a site. Customizable page templates, drag-and-drop configuration and in-line site editing simplify page layout. A variety of design themes can be easily selected.

Dynamic tools for content discovery

Customizable content modules provide enhanced content discovery, engaging users into deeper site visits. The vBulletin search has been re-architected to significantly improve the quality of its results, further facilitating content discovery.

Sleek new UI features activity stream and increased social engagement

Improved social functionality includes groups, new user profiles, comments functionality, an integrated messaging hub, social content curation, real-time updates and more.

Expanded photo and video capabilities

The new interface invites users to quickly post photos and video, expanding content on vBulletin sites. This media is then leveraged by being better integrated with the rest of a site's content. User profiles provide an engaging aggregation of all media posted by them.

Category-leading mobile optimization

The integrated mobile-optimized version ensures smartphone visitors will stay longer and return.

Robust architecture

Improved architecture provides better performance and easier customization
Built-in SEO helps maximize search traffic
Easy-to-use upgrader tool available for vBulletin 3 and 4 sites, plus importer for sites on other forum software"



(2) Vulnerability Details:
vBulletin web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. vBulletion has patched some of them. Gmane (pronounced "mane") is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list's inclusion on the service. It has published suggestions, advisories, solutions related to important vulnerabilities.

(2.1) The programming code flaw occurs at "forum/help" page. Add "hash symbol" first. Then add script at the end of it.









Related Work:

CVE-2015-2563 - Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities

















CVE-2015-2563 - Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities


Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3   0.9.9
Tested Version: 1.2.3   0.9.9
Advisory Publication: March 13, 2015
Latest Update: April 25, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: CVE-2015-2563 
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore]  (@justqdjing)






Direction Details:


(1) Vendor & Product Description:


Vendor:
Vastal I-tech



Product & Vulnerable Versions:
phpVID
1.2.3
0.9.9



Vendor URL & Download:
phpVID can be approached from here,



Product Introduction Overview: 
"phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy."

"The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a "single dedicated server". phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com."

"Server Requirements:
Preferred Server: Linux any Version
PHP 4.1.0 or above
MySQL 3.1.10 or above
GD Library 2.0.1 or above
Mod Rewrite and .htaccess enabled on server.
FFMPEG (If you wish to convert the videos to Adobe Flash)"





(2) Vulnerability Details:
phpVID web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other bug hunter researchers have found some SQL Injection vulnerabilities related to it before, too. phpVID has patched some of them.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpVID has patched some of them. "Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to important vulnerabilities.


(2.1) The first code programming flaw occurs at "&order_by" "&cat" parameters in "groups.php?" page.










Related Links:
http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3
https://progressive-comp.com/?l=full-disclosure&m=142601071700617&w=2
http://seclists.org/fulldisclosure/2015/Mar/58
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1699
http://lists.openwall.net/full-disclosure/2015/03/10/8
https://www.facebook.com/permalink.php?story_fbid=935563809832135
http://t.qq.com/p/t/482410003538035
http://biboying.lofter.com/post/1cc9f4f5_6ee2aa5
http://mathpost.tumblr.com/post/118768553885/xingti-cve-2015-2563-vastal-i-tech-phpvid
http://essayjeans.lofter.com/post/1cc7459a_6ee4fcb
http://xingti.tumblr.com/post/118768481545/cve-2015-2563-vastal-i-tech-phpvid-1-2-3-sql
https://plus.google.com/113698571167401884560/posts/gftS84rfD3A
https://itswift.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/
https://www.facebook.com/essayjeans/posts/827458144012006






CVE-2015-2349 - SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities















CVE-2015-2349 - SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities


Exploit Title: CVE-2015-2349 - SuperWebMailer /defaultnewsletter.php" HTMLForm Parameter XSS Web Security Vulnerabilities
Product: SuperWebMailer
Vendor: SuperWebMailer
Vulnerable Versions: 5.*.0.*   4.*.0.*
Tested Version: 5.*.0.*   4.*.0.*
Advisory Publication: March 11, 2015
Latest Update: May 03, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-2349
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Author and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)







Information Details:


(1) Vendor & Product Description:


Vendor:
SuperWebMailer



Product & Vulnerable Versions:
SuperWebMailer
5.60.0.01190
5.50.0.01160
5.40.0.01145
5.30.0.01123
5.20.0.01113
5.10.0.00982
5.05.0.00970
5.02.0.00965
5.00.0.00962
4.50.0.00930
4.40.0.00917
4.31.0.00914
4.30.0.00907
4.20.0.00892
4.10.0.00875


Vendor URL & Download:
SuperWebMailer can be gained from here,



Product Introduction Overview:
"Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing."

"To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm."

"It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant"





(2) Vulnerability Details:
SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. 


Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.

(2.1) The programming code flaw occurs at "&HTMLForm" parameter in "defaultnewsletter.php?" page.








Related Results:
http://seclists.org/fulldisclosure/2015/Mar/55
http://www.securityfocus.com/bid/73063
http://lists.openwall.net/full-disclosure/2015/03/07/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819
http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2
https://cxsecurity.com/issue/WLB-2015030043
http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf
http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer
http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss
http://essaybeans.lofter.com/post/1cc77d20_6edf28c
https://www.facebook.com/essaybeans/posts/561250300683107
https://twitter.com/essayjeans/status/598021595974602752
https://www.facebook.com/pcwebsecurities/posts/687478118064775
http://tetraph.blog.163.com/blog/static/234603051201541231655569/
https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp
http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html
https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/
http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html