insect's are a big joke m* f* 2011/4/29 -= Glowing Doom =- <sec...@gmail.com>
> Well... I am only saying, this place is NOT a place where 'web fuzzing' > should be the main topic of interest, specially when it is related to > software wich costs money and does not even have any trial.. > It also, produced a false, on many occassions. > Acutenix consultant would do this, and guess what, get a cracked copy, and > they STILL let ya be a consultant!! > neat huh?? > Now with this and Insect... you cannot do any ill.. your hard working > product, doesnt even scan right, and there is no free version... there is > only 'email' ones as ive seen, so what kinda shit is that, posting to grok > ??? eh ??? > Im with the others... the tests show the truth, truth is, the product > stinks, even when given the second glance. > Your peers vote i think, against this app...and, unless you maybe fix it, > and, even use some open src tosdo so (maybe learn something about 'opening') > the product, and more people will be happy to debug for you.. but alone, > your , yes..an insect waiting to be squashed :P lol...pardon my fracoise' > . > xd > > > On 29 April 2011 13:43, Mario Vilas <mvi...@gmail.com> wrote: > >> Precisely. The poc triggers the bug by passing a very long command line >> argument, so it's assumed the attacker already has executed code. The only >> way this is exploitable is if the binary has suid (then the attacker can >> elevate privileges) or the command can be executed remotely (and the >> attacker additionaly cannot execute any other commands, but can mysteriously >> control the arguments). Unless either scenario is researched (and nothing in >> the advisory tells me so) I call bullshit. >> >> On Thu, Apr 28, 2011 at 6:09 PM, <valdis.kletni...@vt.edu> wrote: >> >>> On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said: >>> >>> > Is the suid bit set on that binary? Otherwise, unless I'm missing >>> something >>> > it doesn't seem to be exploitable by an attacker... >>> >>> Who cares? You got code executed on the remote box, that's the *hard* >>> part. >>> Use that to inject a callback shell or something, use *that* to get >>> yourself a shell >>> prompt. At that point, download something else that exploits you to root >>> - if >>> you even *need* to, as quite often the Good Stuff is readable by non-root >>> users. >>> >> >> >> >> -- >> “There's a reason we separate military and the police: one fights >> the enemy of the state, the other serves and protects the people. When >> the military becomes both, then the enemies of the state tend to become the >> people.” >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/