442 lines
No EOL
20 KiB
Text
442 lines
No EOL
20 KiB
Text
Document Title:
|
||
===============
|
||
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability
|
||
|
||
|
||
References (Source):
|
||
====================
|
||
http://www.vulnerability-lab.com/get_content.php?id=1101
|
||
|
||
|
||
Barracuda Networks Security ID (BNSEC): BNSEC-2361
|
||
http://www.barracuda.com/kb?id=501600000013m4O
|
||
|
||
Solution #00006619
|
||
BNSEC-02361: Authenticated persistent IVE in Barracuda Web Filter v6.0.1
|
||
|
||
|
||
Release Date:
|
||
=============
|
||
2014-07-22
|
||
|
||
|
||
Vulnerability Laboratory ID (VL-ID):
|
||
====================================
|
||
1101
|
||
|
||
|
||
Common Vulnerability Scoring System:
|
||
====================================
|
||
3.7
|
||
|
||
|
||
Product & Service Introduction:
|
||
===============================
|
||
The Barracuda Web Filter is an integrated content filtering, application blocking and malware protection solution that is powerful,
|
||
easy to use and affordable for businesses of all sizes. It enforces Internet usage policies by blocking access to Web sites and
|
||
Internet applications that are not related to business, and it easily and completely eliminates spyware and other forms of malware
|
||
from your organization. No more costly staff time lost repairing infected computers.
|
||
|
||
( Copy of the Vendor Homepage: https://www.barracuda.com/products/webfilter )
|
||
|
||
|
||
Abstract Advisory Information:
|
||
==============================
|
||
The Vulnerability Laboratory Research Team discovered multiple persistent input validation web vulnerabilities and a filter bypass issue in
|
||
the Barracuda Networks WebFilter 610-Vx appliance web-application.
|
||
|
||
|
||
Vulnerability Disclosure Timeline:
|
||
==================================
|
||
2013-12-27: Researcher Notification & Coordination (Benjamin Kunz Mejri)
|
||
2013-12-28: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program)
|
||
2014-01-19: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program)
|
||
2014-07-15: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow]
|
||
2014-07-22: Public Disclosure (Vulnerability Laboratory)
|
||
|
||
|
||
Discovery Status:
|
||
=================
|
||
Published
|
||
|
||
|
||
Affected Product(s):
|
||
====================
|
||
Barracuda Networks
|
||
Product: WebFilter Appliance Web-Application 6.0.1.009 - X210 X310 X410 X510 X610 X710 X810 X910 X1010
|
||
|
||
|
||
Exploitation Technique:
|
||
=======================
|
||
Remote
|
||
|
||
|
||
Severity Level:
|
||
===============
|
||
Medium
|
||
|
||
|
||
Technical Details & Description:
|
||
================================
|
||
Multiple persistent input validation web vulnerabilities and a filter bypass has been discovered in the Barracuda Networks WebFilter Model 610Vx appliance web-application.
|
||
The vulnerability allows remote attackers to inject own malicious script codes on the application-side of the affected service, module or function.
|
||
|
||
The vulnerability are located in the `domain names`, `grid__data in grid_columns` and `x-grid3-cell-inner x-grid3-col-name`
|
||
values of the `Basic > Reports` module. Remote attackers are able to inject own script code as domain name to execute the
|
||
context in the show advanced options menu listing (+plus). The attack vector is persistent located on the application-side
|
||
and the request method to inject is POST.
|
||
|
||
To bypass the invalid domain exception the attacker first need to include a valid domain, in the second step he change the domain name value by a
|
||
session tamper. Reason behind the technique is that the input field validation is separatly done to the request method validation. The restriction
|
||
of the invalid input field check can be bypassed by usage of a session tamper to change the input field context live after the first direct input
|
||
encode of the web filter application. Another problem is located in the same module which affects the buttom name item listing.
|
||
|
||
The security risk of the persistent input validation web vulnerability and fitler bypass is estimated as medium with a cvss (common vulnerability scoring
|
||
system) count of 3.7. Exploitation of the persistent web vulnerability requires low user interaction and a local low privileged web-application account.
|
||
Successful exploitation of the vulnerability results in session hijacking (customers), persistent phishing, persistent external redirects or persistent
|
||
manipulation of connected or affected module context.
|
||
|
||
|
||
Request Method(s):
|
||
[+] GET
|
||
[+] POST
|
||
|
||
Vulnerable Module(s):
|
||
[+] Basic > Reports > Advanced Options > Show Advanced Options
|
||
|
||
Vulnerable Input Field(s):
|
||
[+] Add Domain
|
||
|
||
Vulnerable Parameter(s):
|
||
[+] domain name
|
||
[+] grid__data in grid_columns
|
||
[+] x-grid3-cell-inner x-grid3-col-name
|
||
|
||
Affected Module(s):
|
||
[+] Reports Module Index
|
||
[+] Reports Module Advanced Options List
|
||
[+] Buttom Name Item List
|
||
|
||
Affected Version(s):
|
||
[+] All versions > Web-Filter applicance web-application
|
||
|
||
|
||
Proof of Concept (PoC):
|
||
=======================
|
||
The persistent input validation web vulnerability can be exploited by remote attackers with a low privileged web-application user account and low or medium
|
||
user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
|
||
|
||
|
||
--- PoC Session Logs Request/Response Input Execution ---
|
||
|
||
Status: 200[OK]
|
||
GET https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest
|
||
Load Flags[VALIDATE_ALWAYS LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[160284] Mime Type[text/html]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Connection[keep-alive]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Content-Type[text/html; charset=utf-8]
|
||
Connection[keep-alive]
|
||
Expires[Fri, 28 Sep 2012 13:22:20 GMT]
|
||
Date[Sat, 28 Sep 2013 13:22:20 GMT]
|
||
Content-Length[160284]
|
||
|
||
|
||
15:22:11.590[793ms][total 793ms] Status: 304[Not Modified]
|
||
GET https://webfilter.ptest.localhost:6317/css/calendar/calendar-win2k-cold-1.css?v=6.0.1.009 Load Flags[VALIDATE_ALWAYS ] Content Size[-1] Mime Type[application/x-unknown-content-type]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[text/css,*/*;q=0.1]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
If-Modified-Since[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:21 GMT]
|
||
Last-Modified[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Connection[keep-alive]
|
||
Expires[Thu, 31 Dec 2037 23:55:55 GMT]
|
||
Cache-Control[max-age=315360000, public]
|
||
|
||
|
||
15:22:11.590[794ms][total 794ms] Status: 304[Not Modified]
|
||
GET https://webfilter.ptest.localhost:6317/css/autosuggest.css?v=6.0.1.009 Load Flags[VALIDATE_ALWAYS ] Content Size[-1] Mime Type[application/x-unknown-content-type]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[text/css,*/*;q=0.1]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
If-Modified-Since[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:21 GMT]
|
||
Last-Modified[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Connection[keep-alive]
|
||
Expires[Thu, 31 Dec 2037 23:55:55 GMT]
|
||
Cache-Control[max-age=315360000, public]
|
||
|
||
|
||
15:22:11.591[813ms][total 813ms] Status: 304[Not Modified]
|
||
GET https://webfilter.ptest.localhost:6317/barracuda.css?v=6.0.1.009 Load Flags[VALIDATE_ALWAYS ] Content Size[-1] Mime Type[application/x-unknown-content-type]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[text/css,*/*;q=0.1]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
If-Modified-Since[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:21 GMT]
|
||
Last-Modified[Tue, 23 Jul 2013 02:54:15 GMT]
|
||
Connection[keep-alive]
|
||
Expires[Thu, 31 Dec 2037 23:55:55 GMT]
|
||
Cache-Control[max-age=315360000, public]
|
||
|
||
|
||
15:22:11.594[987ms][total 987ms] Status: 304[Not Modified]
|
||
GET https://webfilter.ptest.localhost:6317/js/scriptaculous/scriptaculous.js?load=effects,dragdrop&v=6.0.1.009 Load Flags[VALIDATE_ALWAYS ] Content Size[-1] Mime Type[application/x-unknown-content-type]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
If-Modified-Since[Tue, 23 Jul 2013 02:54:14 GMT]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:22 GMT]
|
||
Last-Modified[Tue, 23 Jul 2013 02:54:14 GMT]
|
||
Connection[keep-alive]
|
||
Expires[Thu, 31 Dec 2037 23:55:55 GMT]
|
||
Cache-Control[max-age=315360000, public]
|
||
|
||
|
||
15:22:11.594[987ms][total 987ms] Status: 304[Not Modified]
|
||
GET https://webfilter.ptest.localhost:6317/js/ext-prototype-adapter.js?v=6.0.1.009 Load Flags[VALIDATE_ALWAYS ] Content Size[-1] Mime Type[application/x-unknown-content-type]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
If-Modified-Since[Tue, 23 Jul 2013 02:54:14 GMT]
|
||
Cache-Control[max-age=0]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:22 GMT]
|
||
Last-Modified[Tue, 23 Jul 2013 02:54:14 GMT]
|
||
Connection[keep-alive]
|
||
Expires[Thu, 31 Dec 2037 23:55:55 GMT]
|
||
Cache-Control[max-age=315360000, public]
|
||
|
||
|
||
15:22:13.629[260ms][total 260ms] Status: 502[Bad Gateway]
|
||
GET https://webfilter.ptest.localhost:6317/cgi-mod/x Load Flags[VALIDATE_ALWAYS ] Content Size[1789] Mime Type[text/html]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest]
|
||
Connection[keep-alive]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:22:23 GMT]
|
||
Content-Type[text/html]
|
||
Content-Length[1789]
|
||
Connection[keep-alive]
|
||
|
||
|
||
|
||
|
||
--- PoC Session Logs Request/Response Delete Element Item Execution ---
|
||
|
||
15:26:04.436[0ms][total 0ms] Status: pending[]
|
||
GET https://webfilter.ptest.localhost:6317/js/adapters/prototype-adapter.js?v=6.0.1.009 Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
|
||
|
||
15:26:04.436[0ms][total 0ms] Status: pending[]
|
||
GET https://webfilter.ptest.localhost:6317/js/highcharts.js?v=6.0.1.009 Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
|
||
|
||
15:26:04.461[0ms][total 0ms] Status: pending[]
|
||
GET https://webfilter.ptest.localhost:6317/favicon.ico Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
|
||
|
||
15:26:04.542[0ms][total 0ms] Status: pending[]
|
||
GET https://webfilter.ptest.localhost:6317/js/scriptaculous/effects.js Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
|
||
|
||
15:26:04.542[0ms][total 0ms] Status: pending[]
|
||
GET https://webfilter.ptest.localhost:6317/js/scriptaculous/dragdrop.js Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[*/*]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
|
||
|
||
15:26:04.964[454ms][total 454ms] Status: 200[OK]
|
||
GET https://webfilter.ptest.localhost:6317/cgi-mod/header_logo.cgi?6.0.1.009 Load Flags[LOAD_NORMAL] Content Size[-1] Mime Type[image/gif]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
Connection[keep-alive]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Content-Type[image/gif]
|
||
Transfer-Encoding[chunked]
|
||
Connection[keep-alive]
|
||
Expires[Sat, 28 Sep 2013 13:26:14 GMT]
|
||
Date[Sat, 28 Sep 2013 13:26:14 GMT]
|
||
Cache-Control[no-cache, no-store]
|
||
|
||
|
||
15:26:05.740[213ms][total 213ms] Status: 502[Bad Gateway]
|
||
GET https://webfilter.ptest.localhost:6317/cgi-mod/x Load Flags[LOAD_NORMAL] Content Size[1789] Mime Type[text/html]
|
||
Request Headers:
|
||
Host[webfilter.ptest.localhost:6317]
|
||
User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0]
|
||
Accept[image/png,image/*;q=0.8,*/*;q=0.5]
|
||
Accept-Language[en-US,en;q=0.5]
|
||
Accept-Encoding[gzip, deflate]
|
||
DNT[1]
|
||
Referer[https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi]
|
||
Connection[keep-alive]
|
||
Response Headers:
|
||
Server[nginx/1.0.14]
|
||
Date[Sat, 28 Sep 2013 13:26:15 GMT]
|
||
Content-Type[text/html]
|
||
Content-Length[1789]
|
||
Connection[keep-alive]
|
||
|
||
|
||
|
||
Reference(s):
|
||
https://webfilter.ptest.localhost:6317/cgi-mod/index.cgi?auth_type=Local&et=1380375181&locale=en_US&password=70be67622c59f4862ed9e7bc6a7cc3d2&primary_tab=BASIC&realm=&role=&secondary_tab=reports&user=guest
|
||
|
||
|
||
Solution - Fix & Patch:
|
||
=======================
|
||
The vulnerability can be patched by a secure parse and encode of the input to add domains. Ensure that the application GET to POST requests are restricted and filtered
|
||
to prevent further attacks in the vulnerable add domains module section.
|
||
|
||
|
||
Barracuda Networks Appliance: Advanced >Firmware Updates Page
|
||
http://www.barracuda.com/kb?id=501600000013m4O
|
||
|
||
|
||
Security Risk:
|
||
==============
|
||
The security risk of the persistent input validation web vulnerabilities and estimated as medium(+).
|
||
|
||
|
||
Credits & Authors:
|
||
==================
|
||
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) [www.vulnerability-lab.com]
|
||
|
||
|
||
Disclaimer & Information:
|
||
=========================
|
||
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,
|
||
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
|
||
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
|
||
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
|
||
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
|
||
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
|
||
or trade with fraud/stolen material.
|
||
|
||
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
|
||
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com
|
||
Section: www.vulnerability-lab.com/dev - forum.vulnerability-db.com - magazine.vulnerability-db.com
|
||
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
|
||
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
|
||
|
||
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
|
||
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
|
||
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and
|
||
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
|
||
modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission.
|
||
|
||
Copyright <20> 2014 | Vulnerability Laboratory [Evolution Security]
|
||
|
||
|
||
|
||
|
||
|
||
|
||
--
|
||
VULNERABILITY LABORATORY RESEARCH TEAM
|
||
DOMAIN: www.vulnerability-lab.com
|
||
CONTACT: research@vulnerability-lab.com |