Today's post is a guest post from Bart Leppens.
What is m0n0wall? m0n0wall is a free software firewall distribution that often runs on embedded hardware like Alixor Soekris boards. It is based on a bare-bones version of FreeBSD. There is no netcat, socat, perl, python, ruby or even telnet present on the system. I actually don't know if this is due to security considerations or just to save some diskspace since m0n0wall was longtime fitting on a 8 MB CF-card, now it requires just a 16 MB card. And we figured out how to exploit it with BeEF.
Wednesday, March 20, 2013
Monday, March 11, 2013
Well, the world is changing. You can probably do a lot more direct damage with a XSS in a high-value site than with a local privilege escalation in sudo [...] - firstname.lastname@example.org
If you are intrigued by sophisticated exploits and advanced techniques, Cross-Site Scripting is probably not the most appealing topic for you. Nevertheless, recent events demonstrated how this class of vulnerabilities has been used to compromise applications and even entire servers.
Today, we are going to present a possible attack scenario based on a real-life vulnerability that has been recently patched by the Meraki team. Although the vulnerability itself isn't particularly interesting, it is revealing how a trivial XSS flaw can be abused to subvert an entire network infrastructure.