Mutillidae has a very large Easter Egg file containing scripts, injections, hacks, and tests used to check the pages over the years. As the developer tests new hacks, the file gets the new scripts added. The file contains SQL injection, command injection, XSS, and other vulnerabilitiy exploits. One way to get this file is to use command injection which is the method used in this deomonstration. Mutillidae is a free web application which is vulnerable on purpose to give a training envoronment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. Updates about Mutillidae are announced on Twitter at @webpwnized. Mutillidae can be downloaded from irongeek.com.
Vulnerability scanning appliance The Pentrator www.secpoint.com Scan for SQL Injection , XSS Cross Site Scripting , Command Execution. Real good vulnerability scanning
Speakers: Ben Feinstein, Jeff Jarmoc, Dan King Your security infrastructure (firewalls, IDS/IPS devices, management consoles, etc.) holds a very sensitive position of trust. This equipment is relied upon to reliably perform security critical functions under potentially hostile conditions. These are highly valuable assets to an attacker, yet their value is sometimes not captured by conventional risk management. This presentation will explore several new vulnerabilities and weaknesses in these products, with the goal of offering useful recommendations and approaches for mitigating the risk. This presentation explores a series of vulnerabilities and weaknesses in security infrastructure that we discovered and responsibly disclosed. We’re in the business of managing and monitoring this gear for our clients, so we have great familiarity with all aspects of its operation. We’ve found that security infrastructure appears to be just as prone to security vulnerabilities as other commercial software, if not more so. Daniel King discovered McAfee Network Security Manager (the web-based management appliance for McAfee IPS sensors) was vulnerable to authentication bypass / session hijacking (CVE-2009-3565) and cross-site scripting (CVE-2009-3566) vulnerabilities. We’ll demonstrate a proof-of-concept attack scenario that blends these vulnerabilities to gain unauthorized access to the NSM web management interface through cookie stealing and hijacking an administrator’s session. Jeff …
South Asia shelters a quarter of the world population with only one twentieth of its freshwater resources, which isn’t always available where or when it’s needed. This is made worse by widespread poverty, unregulated economic growth and now, climate change. Rising temperatures are melting glaciers in the Himalayas, the origin of major rivers flowing across the Indian subcontinent. Reduced river flow can upset water balance for millions. Meanwhile, rapidly swelling glacial lakes can trigger flash floods. Coping with these challenges needs integrated river basin management where neighbouring countries sharing waters cooperate and coordinate better. This film captures the highlights of a 2008 study, Vulnerability Assessment of Freshwater Resources to Environmental Change, carried out by researchers at the Asian Institute Technology (AIT) for the United Nations Environment Programme (UNEP).
admin