If you reread what i posted you will see that i do not give my opinion on the quality of his posts. I will keep that to myself, I just state that its better than dudes (and your) troll posts.
Regards On Jan 1, 2013 3:04 PM, "Benji" <m...@b3nji.com> wrote: > So you would say, that you find the things he posts "of interest"? > > Please expand on how and why anti automation bugs in unknown cms's are "of > interest"? > > > On Mon, Dec 31, 2012 at 11:58 PM, some one <s3cret.squir...@gmail.com>wrote: > >> If you do not like or find of interest what the guy posts is it not >> easier to just press delete or filter him out rather than try to make fun >> of him? >> >> Give the dude a break man, hes submitting more things of interest than >> you are and you just make yourself sound bitter and twisted. >> >> Its new year man, go out and drink a beer or eat some fireworks >> On Dec 31, 2012 5:17 PM, "Julius Kivimäki" <julius.kivim...@gmail.com> >> wrote: >> >>> Hello list! >>> >>> I want to warn you about multiple extremely severe vulnerabilities in >>> websecurity.com.ua. >>> >>> These are Brute Force and Insufficient Anti-automation vulnerabilities >>> in websecurity.com.ua. These vulnerability is very serious and could >>> affect million of people. >>> >>> ------------------------- >>> Affected products: >>> ------------------------- >>> >>> Vulnerable are all versions of websecurity.com.ua. >>> >>> ---------- >>> Details: >>> ---------- >>> >>> Brute Force (WASC-11): >>> >>> In ftp server (websecurity.com.ua:21) there is no protection from Brute >>> Force >>> attacks. >>> >>> Cross-Site Request Forgery (WASC-09): >>> >>> Lack of captcha in login form (http://websecurity.com.ua:21/) can be >>> used for >>> different attacks - for CSRF-attack to login into account (remote login >>> - to >>> conduct attacks on vulnerabilities inside of account), for automated >>> entering into account, for phishing and other automated attacks. Which >>> you >>> can read about in the article "Attacks on unprotected login forms" >>> ( >>> http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html >>> ). >>> >>> Insufficient Anti-automation (WASC-21): >>> >>> In login form there is no protection against automated request, which >>> allow >>> to picking up logins in automated way by attacking on login function. >>> ------------ >>> Timeline: >>> ------------ >>> >>> 2012.06.28 - announced at my site about websecurity.com.ua. >>> 2012.06.28 - informed developers about the first part of vulnerabilities >>> in >>> websecurity.com.ua. >>> 2012.06.30 - informed developers about the second part of >>> vulnerabilities in >>> websecurity.com.ua. >>> 2012.07.26 - announced at my site about websecurity.com.ua. >>> 2012.07.28 - informed developers about vulnerabilities in >>> websecurity.com.ua >>> and reminded about previous two letters I had sent to them with carrier >>> pigeons. >>> 2012.07.28-2012.10.31 - multiple attempts to contact the owners of >>> websecurity.com.ua >>> were ignored by the owners. >>> 2012.11.02 - developers responded "fuck off and kill urself irl!". >>> 2012.12.31 - disclosed on the list >>> >>> Best wishes & regards, >>> MustLive >>> Security master extraordinaire, master sysadmin >>> http://websecurity.com.ua >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
