In continuation of previous post High-Tech Bridge office photos became available more pictures.
All other photos and events you can see here: High-Tech Bridge on Facebook.
Friday, November 30, 2012
Online Trust Alliance (OTA) Gold Sponsor
Not so long ago, High-Tech Bridge has joined to the Online Trust Alliance (OTA) as a Gold Sponsor and Advisory Council member. Also, like High-Tech Bridge, the list includes organizations like AllClear ID, Epsilon, Internet Identity, LashBack, Microsoft, Pitney Bowes, PricewaterhouseCoopers, Secunia, Verisign.
The whole list: OTA Gold Sponsors - Advisory Council.
Friday, November 23, 2012
HTB23123: Smartphone Pentest Framework (SPF) multiple vulnerabilities
Smartphone Pentest Framework (SPF) version 0.1.2 suffers from 5 different types of software weaknesses: OS Command Injection [CWE-78], SQL Injection [CWE-89], Cross-Site Request Forgery [CWE-352], Improper Access Control [CWE-284], Incorrect Default Permissions [CWE-276]. High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework (SPF) web-based GUI, which could be exploited to get control over a pentester's machine.
Multiple OS Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF):
Multiple Perl scripts in the "/frameworkgui/" directory do not perform sanitation of user-supplied input passed as argument to thesystem()function. This could be exploited to inject and execute arbitrary OS commands on the target system with privileges of the web server.SQL Injection [CWE-89]:
Multiple Perl scripts in the "/frameworkgui/" directory are vulnerable to SQL injections. A remote attacker can execute arbitrary SQL commands in application's database.Cross-Site Request Forgery [CWE-352]:
The vulnerability exists due to insufficient verification of the HTTP requests origin in all Perl scripts within the "/frameworkgui/" directory. A remote attacker without direct access to application's web interface can perform cross-site request forgery attacks and execute arbitrary actions available to application's users only (e.g. send SMS messages).Improper Access Control [CWE-284]:
The weakness exists due to insufficient ACL to the "config" file located in "/frameworkgui/" directory. A remote attacker can access the configuration file directly and obtain sensitive information, such as database password that is stored in plaintext.Incorrect Default Permissions [CWE-276]:
The weakness exists because of "btinstall" installation script that sets world-writable permissions for all files within the "/frameworkgui/" directory:
cd /var/www/frameworkgui; chmod 777 * ;
Solution available:
Upgrade to Smartphone Pentest Framework (SPF) version 0.1.3.
Original HTB Advisory:
HTB23123: Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Thursday, November 22, 2012
HTB23124: dotProject multiple vulnerabilities
dotProject 2.1.6, an open source web-based project management application, suffers from SQL injection, cross-site scripting (XSS) vulnerabilities. Vulnerabilities were discovered by the researcher High-Tech Bridge Security Research Lab.
SQL Injection in dotProject:
Vulnerability exists due to insufficient sanitation of input passed via the "search_string", "where", "dept_id", "project_id", "company_id HTTP GET parameters to the "index.php" script. These vulnerabilities could also be exploited by a remote non-authenticated attacker via CSRF vector.Cross-Site Scripting (XSS) in dotProject:
Input sanitation errors was found in the "index.php" script when handling the "callback", "field", "company_name", "date" HTTP GET parameters.
Vulnerabilities risk level have medium severity.
Solution: Upgrade your dotProject installation to version 2.1.7.
Original advisory: HTB23124: Multiple vulnerabilities in dotProject.
Friday, November 16, 2012
HTB23122: BabyGekko multiple vulnerabilities
BabyGekko CMS v.1.2.2e suffers from SQL injection, PHP file inclusion, cross-site scripting vulnerabilities.
SQL Injections in Baby Gekko:
The vulnerability exists due to insufficient validation of input passed via the "keyword" and "query" parameters to "admin/index.php" script. In first case the "app" parameter must be set to "users". This vulnerabilities can be exploited by a non-authenticated malicious user via CSRF vector.Local File Inclusion
The vulnerability exists due to insufficient validation of input passed via the "app" parameter to "index.php" script. A remote attacker can include arbitrary files from local system using directory traversal sequences with NULL byte.Cross-site scripting (XSS)
Input passed via the "id" parameter to "/admin/index.php"; via the "username" and "password" HTTP POST parameters to the "index.php" are not properly sanitized. This can be used to inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
This vulnerabilities are fixed in BabyGekko 1.2.2f.
More information about this issues with PoC's and attack scenario you can found on this page: High-Tech Bridge Advisory HTB23122 - Multiple vulnerabilities in BabyGekko.
Monday, November 12, 2012
Photos from Gartner Symposium ITexpo 2012 in Barcelona
Some photos from Gartner Symposium ITexpo 2012, taked place in Barcelona, shared on Facebook by High-Tech Bridge.
Friday, November 9, 2012
High-Tech Bridge Continues Expansion and Prepares Innovative Product Announcement Shortly
High-Tech Bridge is pleased to announce share capital increase to 4M CHF. New funding will be mainly used to finish an innovative in-house security product development, announcement of which will be done in the near future. For the moment the product is passing pre-final internal testing phase.
Ilia Kolochenko, CEO, summarizes the corporate course of 2012: "At High-Tech Bridge, 2012 was a year of several significant achievements. First of all, our organic growth, stable development and permanent internal perfection processes were recognized by Frost & Sullivan, who nominated High-Tech Bridge as one of the market leaders and best service providers in the ethical hacking industry in April.
Secondly, in June High-Tech Bridge has been named to the Online Trust Alliance (OTA) 2012 Online Trust Honor Roll. Designed to recognize leadership, the Honor Roll distinguishes High-Tech Bridge as a "North Star" to inspire others.
Thirdly, our proprietary Security Research Lab has successfully obtained both CVE® and CWE® compatibility status that assures the highest quality of our research. We were investing and we will continue investing into Research and Development, as we consider innovation as one of the most important factors to assure the best quality of service for our customers.
We also managed to reinforce considerably our technical team with new experts. Therefore in August we doubled our office space and we expect to increase it even more before the end of the year, staying at World Trade Center Geneva. In October we have successfully passed our yearly ISO 27001 audit by SGS.
High-Tech Bridge's main priority is customer satisfaction. We thank all our customers for loyalty and trust, and we will do our best to continue delivering cutting-edge ethical hacking and computer forensics services in the future. Our new product, that is currently being tested, is also aimed to deliver the highest level of satisfaction to the customers of its niche."
We remind that during this week High-Tech Bridge's team will be pleased to meet you at Gartner's Symposium ITxpo 2012 in Barcelona, where High-Tech Bridge is a speaker and exhibitor. We also look forward seeing you at ISACA's "Information Security Day" in February 2013 taking place in Luxembourg, where High-Tech Bridge is a Gold Sponsor and speaker for two security talks.
Contact
Sebastien Flaccavento
Senior Project Manager
High-Tech Bridge SA
Public and Press Relations
+41-22-560-68-43
E-mail: press (at) htbridge.com
https://www.htbridge.com
Source: High-Tech Bridge continues expansion and prepares innovative product announcement shortly.
Wednesday, November 7, 2012
HTB23121: CMS Made Simple cross-site request forgery (CSRF) vulnerability
CMS Made Simple (version 1.11.2), an open source CMS, contain vulnerability which can be exploited to perform cross-site request forgery (CSRF) attacks.
The application allows authorized administrator to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to delete arbitrary files and directories. An attacker should make logged-in administrator open a malicious link in the browser to exploit this vulnerability.
PoC (Proof of Concept) code for this advisory will delete the root directory with all files leading to complete destroy of the CMS (when additional conditions satisfied).
Vulnerability is fixed at this moment, upgrade to CMSMS 1.11.2.1
High-Tech Bridge Advisory HTB23121 - Сross-Site Request Forgery (CSRF) in CMS Made Simple.
HTB23119: SQL Injection vulnerabilities in OrangeHRM
OrangeHRM version 2.7.1-rc.1 and probably prior contain SQL Injection [CWE-89] vulnerabilities. This vulnerabilities is reported by High-Tech Bridge Security Research Lab.
Vulnerabilities was discovered in the "symfony/web/index.php" script while handling the "sortField" HTTP GET parameter. Successful exploitation of this vulnerability requires administrative privileges, however it can be exploited by a non-authenticated user via CSRF vector, as the above-mentioned script is also vulnerable to CSRF attack.
The vulnerability could be triggered by accessing the following URIs:
/symfony/web/index.php/admin/viewCustomers
/symfony/web/index.php/admin/viewPayGrades
/symfony/web/index.php/admin/viewPayGrades
version()` (or any other sensitive information from the database) subdomain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker).
All details, Proof of Concept (PoC) examples available in page below:
High-Tech Bridge Advisory HTB23119 - SQL Injection Vulnerability in Orange HRM.
HTB23106: Multiple DoS vulnerabilities in LibreOffice
LibreOffice Suite version 3.5.5.3 is vulnerable to Denial of Service (DoS) vulnerabilities.
Advisory ID: HTB23106
Product: LibreOffice Suite
Vendor: LibreOffice
Tested / Vulnerable Versions: 3.5.5.3 / 3.5.5.3 and probably prior
Vendor Notification / Patch / Public Disclosure dates: July 26 / October 18 / October 31, 2012
Vulnerability Type: NULL Pointer Dereference [CWE-476]
CVE Reference: CVE-2012-4233
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Solution Status: Fixed by Vendor
Risk Level: Low
Discovered and Provided: High-Tech Bridge Security Research Lab
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LibreOffice which could be exploited to perform denial of service (DoS) attacks.
Multiple vulnerabilities in LibreOffice:
NULL pointer dereference error was found in the vcllo.dll while processing .odt files. A remote attacker can create a specially crafted .odt file, trick a user into opening that file and terminate the application.
Null pointer dereference error was found in svxcorelo.dll while processing the ODG (Drawing document) files. A remote attacker can create a specially crafted ODG file, trick a user into opening that file and terminate the application.
Null pointer dereference error was found in tllo.dll when handling the PolyPolygon record within embedded .wmf file in the Microsoft PowerPoint 2003 (PPT) files. A remote attacker can create a specially crafted .ppt file, trick a user into opening that file and terminate the application.
Null pointer dereference error was found in scfiltlo.dll while processing the Microsoft Excel 2003 (XLS) files. A remote attacker can create a specially crafted XLS file, trick a user into opening that file and terminate the application.
Proof of Concept (PoC) examples available in original advisory. See the link below.
Attack vectors
These vulnerabilities require that user opens a specially crafted file with an affected version of LibreOffice Suite software. An attacker could use several ways to deliver malicious file to the system.
In a web-based scenario, an attacker could host a file on a website or WebDav share and trick a user into downloading and opening this file.
In an email scenario, an attacker could exploit this vulnerability by sending an email with attached malicious file.
Solution:
Upgrade to LibreOffice 3.5.7.2
More Information:
http://www.libreoffice.org/advisories/cve-2012-4233/
Source advisory: High-Tech Bridge Advisory HTB23106 - Denial of Service Vulnerability in LibreOffice. It contains all technical details and description of vulnerabilities.
Thursday, November 1, 2012
ISACA's Information Security Day: High-Tech Bridge as Gold Sponsor and Speaker
High-Tech Bridge, Information Security Company, is Gold Sponsor and Speaker on "Information Security Day" organized by ISACA®. Conferences to hold:
The event will take place on the 6-7 of February 2013 in Luxembourg.
Subscribe to:
Posts (Atom)