Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Multiple vulnerabilities found in NSA website
From: Kingcope <isowarez.isowarez.isowarez () googlemail com>
Date: Sun, 30 Jun 2013 16:57:06 +0200

The US is spying on us .. Huh? Why didn't you tell us before ! 

http://www.youtube.com/watch?v=8JCVucx5HzI

Greetz: jimjones, matt, scut of teso:))

Kcrookie

Am 29.06.2013 um 23:05 schrieb macfags () chronicle su:

RUSTLE LEAGUE WHITE HAT SECURITY RESEARCH TEAM REVEALS HOLE IN NSA WEBSITE;
CONTACTS VENDOR, HOLE PATCHED.

RUSTLE RESEARCH ETHICAL R&D WHITEHAT RED TEAM
VULNERABILITY ALERT AND ASSESSMENT
RED TEAM ALERT LEVEL AT MAGENTA

ETHICAL DISCLOSURE NOTICE: Press release withheld until holes were patched.

Breaking: NSA Website Vulnerable To Attack via Third Party Software,
Illustrate Dangers of Security Outsourcing
Ethical Hackers Exploit XSS Vulnerabilities in NSA Software Made by third party.

Field researchers curiously perusing nsa.gov stumbled upon XSS vulnerabilities on the main NSA forward facing 
webserver. Both vulnerabilities were found in shoddily outsourced third party software written in Coldfusion--which 
we all know is the worlds greatest mark-up language.

"Anyone with an internet connection can use the XSS vulnerability to impersonate NSA personnel and web traffic," says 
Horace Grant, a researcher with Rustle Research. "Why are unreliable third parties creating the software that guards 
our national secrets?"

These exploits are ironic given the multiple, recently revealed NSA security faux pas. The obvious Booz Allen 
Hamilton/NSA partnership allowed CIA operative and possible Communist spy, Edward Snowden, to infiltrate the NSA and 
leak the PRISM slides. Hilarious outsourcing of basic webapps to ma'n'pa crapshoot ColdFusion developers have now 
given an even graver look at the egregious outsourcing of even the most minute government projects.

Why the focus on ColdFusion? The Adobe product is made by a company well known for holding a monopoly on online 
media. A simple google query, such as "michael hastings adobe" yields many results, all requiring Adobe products to 
view. Recently deceased, journalist Michael Hastings was researching government secrets. Many say he was 
investigating not only the NSA, but Wikileaks FBI informant Sigurdur Thordarson, who has close ties with the 
Democratic People's Republic of Korea. Rumors say Hastings' car was hacked by a 0day ColdFusion exploit, sending him 
to his fiery grave. Anyone in the know realizes that Siggi was the one who sent FBI assassins after Hastings, who was 
also researching Adrian Lamo and th3j35t3r.

One of the NSA vulnerabilities exploited by ethical white hat hackers this week exists in the "Careers" section of 
the nsa.gov website. Internet users who enter data into the "Feedback" fields now are treated to a jovial visual 
representation of their data pooped back at them, in such elegant fashion as: http://i.imgur.com/1cyISex.png

The other, more insidious, yet still trivial bug in nsa.gov, is an XSS attack that allows URL redirection. When the 
"Mail to a Friend" notice is queried, and nsa.gov is appended at the end of the address. It is then exempted and 
allowed to redirect to the provided address. For example: 
http://www.nsa.gov/applications/links/notices.cfm?address=http://wikipaste.eu/nsa.gov

Other possible uses of these exploits include dropping a malicious website into the url by using simple disguising 
methods, redirect, and executing arbitrary code. An attacker could also pretend to be an NSA employee and send a 
malicious payload via email to real NSA employees, unbeknownst to them -- or simply trick more people into seeing 
goatse because that shit's funny as fuck.

The holes have since been patched.

http://rustleleague.com/advisory.html

greetz: adobe, YAN, jimjones, chippy, zeekilled

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault