Yup, you read it right.... Microsoft has a new vulnerability in IIS 6.0 which is more specifically: WebDav Unicode Remote Auth Bypass.
This means that an attacker can send malformed requests to the web server via the URL of a browser and be able to bypass passwords to download and list files on the webserver's protected folders.
Simple and easy way to hack IIS! Here are the details and links:
http://www.cgisecurity.com/2009/05/iis60-webdav-unicode-remote-auth-bypass.html
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
http://www.theregister.co.uk/2009/05/18/iis6_file_pilfering_bug/
Happy Hacking :)
United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.
Tuesday, May 19, 2009
Thursday, May 14, 2009
HACKER PAGES.COM
We have secured the following domain name for UAE Hackers:
- HACKERPAGES.COM
If you are from UAE and you are interested in buying the domain name above, please let us know :) This domain will only be sold to people who will provide it with a good home!
- HACKERPAGES.COM
If you are from UAE and you are interested in buying the domain name above, please let us know :) This domain will only be sold to people who will provide it with a good home!
Wednesday, May 6, 2009
Researchers hijack botnet, score 56,000 passwords in an hour
Researchers at the University of California Santa Barbara have published a paper (PDF) detailing their findings after hijacking a botnet for ten days earlier this year. Among other things, the researchers were able to collect 70GB of data that the bots stole from users, including 56,000 passwords gathered within a single hour.
Read more here:
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars
Read more here:
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars