60 matches found
Basecamp: HTTP request smuggling on Basecamp 2 allows web cache poisoning
It is found that an authenticated Basecamp 2 user can desync front and backend servers and poison the socket with harmful response for the next visitor. During redirect probe, It also appears that front-end infrastructure performs caching of content. Using HTTP request smuggling attack, It is...
Basecamp: CSRF on launchpad.37signals.com OAuth2 authorization endpoint
Hi, I found a CSRF in the OAuth2 authorization endpoint on launchpad.37signals.com. That allows a malicious 3rd party application to gain full API access to victim's account in 37signals products that uses OAuth2 authorization. I found that when making a post request to authorization endpoint it...
Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)
Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...
Basecamp: Remote code execution on Basecamp.com
A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...
FBI Warns of Increase in DDoS Extortion Scams
Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, th...
BASECAMP Cloud Service Detection
Binary data 8429.prm...
Collabtive 0.65 - Multiple Vulnerabilities
No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...
Basecamp Back Online After DDoS, Extortion
The project management console Basecamp is back online and its developers are in the process of restoring customers’ network access Tuesday after the service was taken down by a distributed denial-of-service DDoS attack Monday. The attack started at 8:46 a.m. CST yesterday and flooded the site wi...
Schneider Modicon Ladder Logic Upload/Download
The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to send and receive ladder logic. The protocol is unauthenticated, and allows a rogue host to retrieve the existing logic and to upload new logic. Two modes are supported: "SEND" and "RECV," which behave as one might...
Koyo DirectLogic PLC Password Brute Force Utility
This module attempts to authenticate to a locked Koyo DirectLogic PLC. The PLC uses a restrictive passcode, which can be A0000000 through A9999999. The "A" prefix can also be changed by the administrator to any other character, which can be set through the PREFIX option of this module. This modul...
Project Basecamp Adds Stuxnet-type Attack Module to Metasploit
UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers PLCs. The new exploits, which are being submitted to the Metasploit open platform, include one th...
Bloody Valentine For Critical Infrastructure: EtherNet/IP Exploit Could Crash Devices
Security researchers made good on a promise to release new exploits for programmable logic controllers PLCs. The exploits include one targeting a flaw in the implementation of the EtherNet/IP Industrial Protocol used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a...
More from Basecamp
The Project Basecamp presentation received a rousing response from the audience, many of whom are industrial control security experts who have long warned, quietly, about the woeful state of software security in the industry. But not everyone was enthused. Kevin Hemsley of ICS-CERT questioned...
Ladder logic
The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the...
(Not) making the grade
The researchers working on Project Basecamp found significant security issues with programmable logic controller PLC they tested. Some PLCs were too brittle and insecure to even tolerate security scans and probing. The D20 ME PLC by General Electric – a widely deployed industrial system – fared t...
Security audits
A presentation on Project Basecamp was a highlight of the conference. The talk presented the findings of a volunteer-led security audit of leading programmable logic controllers PLCs. The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousand...
UPDATE: Looking For a 'FireSheep' Moment, Researchers Lay Bare Woeful SCADA Security
Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for th...
Collabtive SQL Injection Vulnerability
Exploit for php platform in category web applications ====================================== Collabtive SQL Injection Vulnerability ====================================== ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL:...
Collabtive 0.65 - SQL Injection
ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact: Improper Neutralization of Special...
Collabtive 0.65 - SQL Injection
Collabtive 0.65 - SQL Injection ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact: Imprope...