• twitter
  • facebook

Latest News

April 5, 2013 - Blackmailer who hacked student’s email and posted naked photos of her on Facebook avoids jail A uni student who hacked a woman’ ... +++ February 23, 2013 - McAfee finds sophisticated attacks targeting other ‘critical sectors’ of the economy Financial services has been a favor ... +++ February 15, 2013 - Hackers have figured out how to access the iPhone Hackers have figured out how to acc ... +++ February 15, 2013 - Companies think they’re prepared for APT cyber attacks, but they aren’t T security professionals around the ... +++ February 14, 2013 - TV Channels Hacked To Broadcast Zombie Apocalypse Emergency Alert What would you do if you were watch ... +++ February 12, 2013 - Hackers target Morgan Co. government website Hackers targeted several local gove ... +++ February 11, 2013 - How to avoid falling victim to online ID fraudsters After Twitter users were hit by hac ... +++ February 6, 2013 - Researchers Attack TLS, DTLS Protocol Vulnerability Two researchers have uncovered a n ... +++ February 5, 2013 - Dept of Energy Targeted by Hackers in Latest String of Attacks The United States Department of Ene ... +++ February 2, 2013 - VeriSign Sued for Federal Securities Violations glasser-v-verisign source:CT Posts ... +++ webdesign

www.fbi.gov vulnerable to RFI attack: TeamOpen Fire

11 July 2012 by in Security - No Comments
FBI1

 

Olli M, from Team Openfire was successfull in finding vulnerability in World’s top most Agency FBI of USA.

LINK: http://www.fbi.gov/newyork/press-releases/2012/image/player.swf?file=http%3A%2F%2Frypton1.ry.funpic.de%2Folli.swf

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerabilityoccurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:

  • Code execution on the web server
  • Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
DMCA.com
  • pinterest
  • facebook
  • twitter
  • google
  • delicious
  • digg
  • linkedin
  • stumbleupon

Related Posts

You must log in to post a comment.

Facebook

Twitter

Google Plus


Hit Counter provided by dental implants orange county
close