शिशिर [Shishir] पोखरेल

FreePBX 2.9.0.6 Shell Upload

CcR — Wed, 21 Mar 2012 20:41:06 +0000


====[ Alligator Security Team]===============================================

FreePBX - Module Administration Arbitrary File Upload

Members: Tiago Ferreira &lt; tiago SPAM alligatorteam.org &gt;

====[ Table of Contents]=====================================================

1. Overview
2. Detailed description
3. Other Contexts &amp; Solutions
4. Thanks
5. References

====[ Overview]==============================================================

* … Read more

FreePBX Credential Disclosure

CcR — Wed, 21 Mar 2012 20:37:15 +0000


Have freePBX running on a public IP, and don’t have the latest version? It may be vulnerable.

If you have an asterisk phone server running on a public IP, using the freePBX web GUI, and don’t have one of the … Read more

FreePBX 2.10.0 Remote Command Execution / XSS

CcR — Wed, 21 Mar 2012 20:34:16 +0000


Product: FreePBX
Version: 2.10.0, 2.9.0 and perhaps earlier versions
Type: Remote Command Execution, XSS
Release Date: March 14, 2012
Vendor Notification Date: Jun 12, 2011
Author: Martin Tschirsich

Overview:

A remote command execution vulnerability and some XSS in current and … Read more

iptables port forwarding

CcR — Tue, 14 Feb 2012 21:10:20 +0000

port 80 forwarding from 172.64.64.8 to 172.64.64.23

iptables -t nat -A PREROUTING -d 172.64.64.8 -p tcp --dport 80 -j DNAT --to 172.64.64.23:80
iptables -t nat -A POSTROUTING -d 172.64.64.23 -p tcp --dport 80 -j MASQUERADE

sip forwarding from 172.64.64.8 to 172.64.64.23… Read more

Nepal Television Plus Live

CcR — Fri, 16 Dec 2011 03:21:04 +0000

NTV plus is Powered by npvideo.com… Read more

Nepal Television Live

CcR — Fri, 16 Dec 2011 03:14:54 +0000

NTV is Powered by npvideo.com… Read more

Useful *nix commands

CcR — Fri, 02 Dec 2011 01:51:19 +0000

Some useful *nix commands for System debugging and administration.

Command		Description
•	apropos whatis	Show commands pertinent to string. See also threadsafe
•	man -t ascii \| ps2pdf – > ascii.pdf	make a pdf of a manual page
•	which command	Show

NetBeans 6.9.1 Plugin – file path on Netbeans IDE Titlebar

CcR — Fri, 02 Dec 2011 01:37:09 +0000

This is a Beta version of NetBean plugin, tested with NetBean version 6.9.1.
This plugin changes the Titlebar of NetBean with file path that is currently open in editor.

How To Enable the Plugin.
1) Download and install … Read more

XML Parsing Error : undefined entry [xulrunner]

CcR — Fri, 02 Dec 2011 01:33:49 +0000

Problem : While downloading file from mozswing, it generates the following exception.

XML Parsing Error: undefined entity
Location: chrome://mozapps/content/downloads/unknownContentType.xul
Line Number 30, Column 18: <description>&intro.label;</description>

Cause:
Missing DTD for branding, one of the two DTDs required … Read more

How to debug mozswing Xulrunner native (c/c++) code.

CcR — Fri, 02 Dec 2011 01:27:04 +0000

Ω First follow my previous blog “How to compile xulrunner c++ source code for mozswing under windows OS.”
on Step 5 of my previous blog add following line under conf/mozconfig-part-debug or under any other mozconfig-part-XXXX file.
ac_add_options –enable-debug

Ω Now compile … Read more