Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Exploiting LogMeIn Web UI to control your computer and steal arbitrary files
Posted by: Inferno
Date: June 02, 2009 10:02PM

I have found some severe vulnerabilities in LogMeIn software that can be used to read any file on disk, restart your comp, etc. More information is available on my blog article - http://securethoughts.com/2009/06/multiple-vulnerabilities-in-logmein-web-interface-can-be-used-to-control-your-computer-and-steal-arbitary-files/

-
Inferno
SecureThoughts.com

Options: ReplyQuote
Re: Exploiting LogMeIn Web UI to control your computer and steal arbitrary files
Posted by: Anonymous User
Date: June 03, 2009 08:41AM

Nice writeup!

I didn't even know crap like this exists... definitely worth the award :)


Options: ReplyQuote
Re: Exploiting LogMeIn Web UI to control your computer and steal arbitrary files
Posted by: Matt Presson
Date: June 03, 2009 08:43AM

Great finds.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Exploiting LogMeIn Web UI to control your computer and steal arbitrary files
Posted by: Inferno
Date: June 03, 2009 08:07PM

@Matt, Mario - thanks for your feedback.

@Mario - i think they truly deserve the award of protecting their users via SSL (Insecurely though :)). I hope they fix this soon as one of the users on my blog commented that LogMeIn is used in lot of places by IT Companies for fixing remote client problems.

-
Inferno
SecureThoughts.com

Options: ReplyQuote
Re: Exploiting LogMeIn Web UI to control your computer and steal arbitrary files
Posted by: VirginyM
Date: July 10, 2009 12:53AM

Thanks, I didn't know about these vulnerabilities of Logmein. Recently I downloaded the trial version of pc file transfer on http://if-it-looks-likes-spam.and.acts.like.spam.it-might-be.spam.com. It is another remote access tool, and it works well. Does anybody use this program? I'd like to read comments about it before buying.



Edited 1 time(s). Last edit at 07/10/2009 01:56AM by thrill.

Options: ReplyQuote


Sorry, only registered users may post in this forum.