WordPress Impacted by Ghost glibc Vulnerability. Security News Security researchers have determined that PHP applications, like the WordPress content management system (CMS), are also impacted by the recently disclosed Ghost glibc vulnerability (CVE-2015-0235).
The critical vulnerability in the GNU C library was previously known to affect Linux systems dating back to 2000, and could allow an attacker to execute code and gain remote access to systems by exploiting a heap-based buffer overflow found in the __nss_hostname_digits_dots() function, “A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application,” an advisory from Red Hat said. Cyberguerrilla PasteBin. Coding_Hacking_Security. Pwntools — pwntools 2.2.0 documentation. Best Collection of Hacking Books. The Most Common OAuth2 Vulnerability. HN discussionTL;DRIf website uses OAuth multi-logins there is an easy way to log into somebody's account, protection is almost never implemented and people don't take into account that OAuth is also used for authentication.
OAuth2 is an authorization framework. Apparently it's very popular now. Disregards its popularity a lot of people don't understand it deeply enough to write proper and secure implementation. OAuth1.a and OAuth2 are incompatible, some services use former(twitter, wtf, come on!) , some latter, some of them have insufficient and poor documentation(in terms of security) etc. Response_type = code is server-side auth flow, should be used when possible, more secure than response_type = token.
Hacking, Step-by-step:Choose Client which suits hack's "condition" - some site.com(we will use Pinterest as showcase) Start authentication process - click "Add OAuth Provider login". How to detect, is certain OAuth implementation vulnerable? Updates: Notices: Can someone explain the "Covert Redirect" vulnerability in OAuth and OpenID? This isn't a vulnerability of/in OAuth 2.0 at all.
The issue has been wildly overblown and misstated by CNET and the original finder. Here it is in a nutshell: If your web site (example.com) implements an open redirect endpoint - that is, implements a URL that will redirect the browser to any URL given in the URL parameters - AND your redirect copies URL parameters from the incoming URL to the outgoing redirect URL, then it is possible for third parties to exploit this artifact of your web site in a wide variety of nasty ways. Worst case: evil.com is able to get the auth code originally intended for your web site (example.com) and may be able to use that auth code to extract user information from the auth provider (Google, Facebook, etc) or possibly even take control of the user's account on your web site.
Would evil.com be able to take control of the user's Google account using that access code? No, because the access code was minted for your site, example.com, and only works there. Official website. A serious OAuth security hole in Facebook SDK. Facebook SDK permits MITM attack for every hacker who wants to steal user’s Facebook credential (email and password).
The OAuth implementation shipped with Facebook SDK had ignored the warning from OAuth spec by using embedded browser, which completely defeated the purpose of OAuth: protecting first-order user credential from any third-party developers and their apps. First, let’s recap the statement from OAuth 2. “Embedded user-agents pose a security challenge because users are authenticating in an unidentified window without access to the visual protections offered by many user-agents” In current IOS and Android platform, embedded browser launched by native mobile app can completely under the control of the application; therefore it enables Man-In-The-Middle attack for OAuth by any third-party application.
To demonstrate this security hole, add following code into com.facebook.android.FbDialog in its SDK. (1) Add following statement into setUpWebView method to enable browser JS callback. Stealing Google suggestions!!! Exploit-ID.