NEW MAIL LIST START! [EMAIL PROTECTED] TO JOIN! YAY!!! I LUB U MUMMY FOR NEW SERVER! YAY!!!!!!!
------------------------------------------------------------------ - EXPL-A-2003-016 exploitlabs.com Advisory 017 [still, no one tell me what number mean! plz!!!] ------------------------------------------------------------------ -= PoppyTop PHP =- Donnie Weinerzucker July 18, 2003 I <3 XSS Intro: --------------- I sorry for posting no good before to list, my mommy say i special and i think i go make every1 happy but they hate me, why! i just want be elite hacker like mitnick but no one teach me exploit they say "you learn" but i just want hack nasa .gov sites, and play with my sub7 and trojans [e-mail me for trade sub7 LEGEND!] help plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz ANTHONY AYKRUT! I LOVE UUUUUUUUUUUU!!!!!!!!!!!!!!!!!! MAKE ME BABY!!! Vunerability(s): ---------------- 1. XSS Vulnerability 2. Elite Hacker Stuff 3. Bad Code & Credit Stealing Product: -------- PoppyTop PHP script i make for friend 2 people use, me and him. pricate code But i no code good, no know how to code at all so i find exploit and now i share [EMAIL PROTECTED]@$ http://exploitlabs.com/files/woods/poppyt-php.zip Comments: ------------------- I stupid fat head and have fat face and I only have sex with my mouse and pet iguana i coding new program called cornioPLP, it program let you execute many thing from web. many wholes you can find in it soon when i upload to me website If u find wholes and you tell any1 i sue u cuz i can do that cuz u bad person Description of product: ----------------------- "poppytop php program that allows you to edit your main index page on the fly through get or post to php script" http://exploitlabs.com/files/woods/poppyt-php.zip Author: Donnie Werner Requirements: Webspace with PHP support. have been developed over a Apache + PHP platform running in Windows XP[sum1 give me linux shell plzzz i never use unix be4 i hear u hack on linux] and have not been fully tested because I don't knwo how code ummm.. ok hint: it runs on my box along with the backdoor on it VUNERABILITY / EXPLOIT ====================== Another bad code page editor php script with many flaws... 1. XSS, if u edit u page and put: "<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie );</SCRIPT>" it go show u cookie! HAH why I so elite. "the JS code is rendered / executed in the the users browser." [i copy from xss101 cause i no no english] 2. XSS Vunerabilities lay in everything that u change in main index page. and no authentication so u can hack many pages [mine and my friend] 3. backdoor on my computer and i hack and i no know how to get rid of 4. I know elite trojan stuff in visual basic 5. I die and should suck EXPLOIT CODE: ------- input <script> above and hack everybody! can sum1 teach me what so big about xss? i make popup but i no know what to do then, how i do command? like "defaced by l33t h4cker w00d" why u hate my limp arm Local: ------ everything remote is local!!! Remote: ------- yup we got XSS and stuff via remote Vendor Fix: ----------- There is no fix on 0day because I don't know how to code. I make the script i now make adv for, someone fix it or i sue u for hacking Vendor Contact: --------------- Yep, i contacted me self but i realize i faggoty head Credits: -------- Donnie Werner ([EMAIL PROTECTED]) 5685 Eagle Pky #2 Ferndale, Wa 98248 360-312-8011 ~ call me if you want to talk about XSS SSN# 313-59-7823 I 38 and divorced 1 time [i beat her so she leab me,want see divorce papers?] but i think i l33t so i hangout with 16 year olds on irc, YAYYYYYYYYYY visit my sites! exploitlabs.com (maybe some day i learn more than xss) nothackers.org (the XSS 0y34r ph34r, "Freedom of voice" till you say something i no like) and other lame sites that have nothing! Original advisory may be found at http://exploitlabs.com/files/advisories/EXPL-A-2003-016-popfe.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Goodbyes; I make song about XSS, everyone look how elite; "I love u, u love me, we're a happy family with a pop up here and pop up there we make popups but dont know where to go from there" YAY!!!!!!!! if u copy & put on u site i sue u cuz it copy write No one contact me from defcon yet, plz defcon! i know xss in obscure scripts nobody uses, i teach mad l33t stuff! Greets; Project cOd, Donnie Weiner, w00w00[i know null technique] badpack3t(i'm almost as lame as you! nice sploitz!), the cisco kyd, moot bailey, 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0D4Y 0d4y thinking caps on! 0D4Y EXPLOIT ON FULL DISCLOSURE ~ THEY MAIL YOU PASSWORD BACK IN CLEARTEXT HAHAHAH HOW LAME THAT [EMAIL PROTECTED]@ HAHAHAHHA-ROFLMFAOHAHAHAHHAA XSS THE PLANET!!!!!! YEAHHH!!!!!!!!!!! LUCY!!!!! THE END -- _______________________________________________ Get your free email from http://www.singapore.net Get US $10 Now: http://www.resource-a-day.com/members2/rsathyamurthy Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html